Become more effective at your job with hands-on cyber security training in Anaheim. Save $300 thru 11/27.

Cyber Defense Initiative® 2017

Washington, DC | Tue, Dec 12 - Tue, Dec 19, 2017
This event is over,
but there are more training opportunities.

MGT433: Securing The Human: How to Build, Maintain and Measure a High-Impact Awareness Program

Tue, December 12 - Wed, December 13, 2017

  • 12 CPEs
  • Laptop Not Needed

The course covered how to create a comprehensive program and gave me many more ideas and inspiration (really!) to hit the ground running. Learned from hearing fellow students' feedback. Also felt good about what I've done thus far!

Yvonne Bashor, Oregon Legislature

I'm running a global program as a team of one. The networking is invaluable.

Janet Roberts, American Express Co.

Organizations have invested a tremendous amount of money and resources into securing technology, but little if anything into securing their workforce. As a result, people, not technology, have become the most common target for cyber attackers. The most effective way to secure the human element is to establish a high-impact security awareness program that goes beyond just compliance and changes behaviors and ultimately creates a secure culture. This intense two-day course will teach you the key concepts and skills needed to do just that and is designed for those establishing a new program or wanting to improve an existing one. Course content is based on lessons learned from hundreds of security awareness programs from around the world. In addition, you will learn not only from your instructor, but from extensive interaction with your peers. Finally, through a series of labs and exercises, you will develop your own custom security awareness plan that you can implement as soon as you return to your organization.

You Will Learn:

  • The Security Awareness Maturity Model and how to leverage it as the roadmap for your awareness program
  • How to gain and maintain leadership support for your program
  • Key models for learning theory, behavioral change and cultural analysis
  • How to identify and prioritize the top human risks to your organization and the key behaviors that manage those risks
  • How to effectively engage and communicate to your workforce, to include addressing the challenges of different roles, generations and nationalities
  • How to sustain your security awareness program long term, including advanced programs such as gamification and ambassador programs
  • How to measure the impact of your awareness program, track reduction in human risk, and communicate the value to leadership

Course Syllabus

Lance Spitzner
Tue Dec 12th, 2017
9:00 AM - 5:00 PM

CPE/CMU Credits: 6

  • The five stages of the Security Awareness Maturity Model
  • The three variables of risk and their role in awareness
  • Why humans are so vulnerable and latest methods cyber attackers use to exploit these vulnerabilities
  • The learning continuum: awareness, training and education
  • Steps to gaining and maintaining leadership support
  • How to develop and leverage an effective Advisory Board
  • B.J. Fogg Behavior Model and how it applies to your overall strategy of changing workforce behavior
  • Developing a strategic plan based on three key questions: Who, What and How
  • Who: Identifying the different targets of your awareness program. Whose behaviors do you want to change? NOTE: This section includes an interactive, group lab where you identify and analyze key target groups in your organization
  • What: Identifying and prioritizing the top human risks to your organization and the behaviors that will most effectively manage those risks. NOTE: This section includes two interactive labs, one conducting a qualitative risk analysis for your organization and a second lab on behavioral management by defining key learning objectives

Lance Spitzner
Wed Dec 13th, 2017
9:00 AM - 5:00 PM

CPE/CMU Credits: 6

  • How: How will you communicate your program. This includes understanding the cultures within your organization, defining why cyber security is impotant and the most successful strategies to engage people.
  • The effective use of imagery, to include imagery within diverse or international environments
  • Top tips for effective translation / localization
  • The two different communication methods: primary and reinforcement and the advantages/disadvantages of each
  • How to effectively develop and provide instructor-led training (ILT)
  • How to effectively develop and deploy online / computer based training (CBT)
  • Different reinforcement methods, including newsletters, posters, internal social media, hosted speaker events, hacking demos, escape rooms, lunch-n-learns and numerous other training activities. NOTE: This section includes an interactive lab combining a cultural analysis, communication methods and different training modalities
  • Long term sustainment for effective culture impact, to include gamification and ambassador programs
  • Design, deploy and leverage metrics to measure the impact of your awareness program, including how to effectively establish a global phishing program and measure culture.
  • Walking through the final planning and execution steps, to include documenting a comprehensive project plan

Additional Information

  • Security awareness / communication officers
  • Chief Security Officers, Risk Officers and security management officials
  • Security auditors, and governance, legal, privacy or compliance officers
  • Training, human resources and communications staff
  • Representatives from organizations regulated by industries such as HIPAA, GDPR, FISMA, FERPA, PCI-DSS, ISO/IEC 27001 SOX, NERC, or any other compliance-driven standard
  • Anyone involved in planning, deploying or maintaining a security education, training or communications program
  • Opportunity to join the Security Awareness Community Forum, a private, invite only community of over 1,000 awareness officers that share resources and lessons learned
  • Course books that include printed slides and detailed notes for each slide
  • Course lab book
  • Digital download package containing digital copies of all the labs, supplemental materials, reports and examples
  • MP3 audio files of the complete course lecture
  • Identify the maturity level of your existing awareness program and the steps to take it to the next level
  • Explain the difference between awareness, education and training
  • Explain the three different variables of risk and how they apply to managing human risk and security awareness training
  • Explain why people are vulnerable and how cyber attackers are actively exploiting these vulnerabilities
  • Gain and maintain long-term leadership support for your program
  • Identify the different targets of your awareness program
  • Characterize the culture of your organization and determine the most effective communication methods for that culture
  • Identify, measure and prioritize your human risks
  • Design and implement key metrics to measure the impact of each stage of your awareness program, to include measuring compliance, behaviors and culture

"The 'Who' and 'What' of training and awareness is just what I needed to take back home." - David Nix, Department of Energy

"Soup to nuts, this class covers the entire designing, building, deploying and measuring of an effective security awareness program." - Chris Sorensen - GE Capital

"MGT433 gives great view on how to build a full security program." - Eman Al Awadhi, TRA

Author Statement

Having been actively involved in information security for more than 20 years, I have seen one constant factor: people are the weakest link because we fail to properly invest in and secure them. Once trained, your workforce will become your greatest asset, not only in preventing incidents but being able to quickly identify and report them, developing a far more resilient organization. I am extremely excited about MGT433, as we provide organizations with the skills, resources and community they need to build a high-impact security awareness program that will not only change behaviors, but also measure that change.

- Lance Spitzner