Interactive Courses + DFIR NetWars Available During SANS Cyber Security Central in June. Save $300 thru 5/12.

London, United Kingdom | Mon, Nov 26 - Thu, Nov 29, 2018
This event is over,
but there are more training opportunities.

Summit Agenda

Summit agenda

We strive to present the most relevant, timely and valuable content. As a result, this agenda is subject to change. Please check back frequently for changes and updates.

Tuesday November 27 2018
18:00 - 20:00

Pre-Summit Meet and Greet

This optional session offers the opportunity to meet and network with your fellow attendees the night before the Summit kicks off. We highly recommend you attend if possible.

Wednesday 28 November 2018
08:00 - 09:00

Registration and Coffee

This is another great opportunity to meet, greet and interact with your peers so come down early. In addition, if you brought materials from your security awareness program for the show-n-tell, now is a great opportunity to set them up in the show-n-tell room. No need to register ahead of time, simply find an empty table, setup your materials and put your name and email address on a contact card. This way attendees know whom to contact for more information about all amazing your goodies.

09:00 - 09:20

Welcome, Introductions

Lance Spitzner (@lspitzner), Director at SANS Security Awareness

09:20 - 09:40

Networking & Introductions

We know that the conversations among peers and the connections forged during these events are just as valuable as the talks. Kick off your day by getting to know the other attendees seated at your table and begin fostering those meaningful connections and exchanging ideas right away. Not sure what to say? Start off by introducing yourself with your name, organization/industry, size of your organization, what you hope to get out of the summit, why you are attending the event. If you’re lucky enough to be attending with colleagues from your organization, consider splitting up for the most benefit.

09:40 - 09:50

Online Polling

We will introduce you to what online polling is, how it works and we’ll do one to two fun polls to kick off the morning.

09:50 - 10:30

Keynote Speaker

Brian Honan, Owner and CEO at BH Consulting

10:30 - 11:00

Networking Break: Drinks and snacks will be served. Have a moment?

11:00 - 11:30

Information Security Human Risk Level Assessment

It is generally understood by the IT security professional community that people are one of the weakest links in attempts to secure systems and networks. The people factor - not technology - is a key to providing an adequate and appropriate level of security. If people are the key, but are also a weak link, extensive attention must be paid to this asset. This talk will uncover interesting findings of an organizational human behavior risk assessment. Based on a survey of over 7000 diverse users, the assessment team was successfully able to determine the effectiveness of security related activities currently in place and evaluate awareness level of employees based on their technology best practices.

Noora Alfayez, Cybersecurity Analyst at Saudi Aramco

11:30 - 12:00

Establishing a Baseline to Measure Behavioural Change

One of the most important tasks that an organisation needs to carry out before running any awareness campaigns is to have an existing baseline of security behaviours across the business. This presentation is based on a recently completed Security Culture Study at global law firm, Pinsent Masons. We hope to provide insight on how this can be done within tight deadlines, competing objectives and with relatively little budget. Our three key lessons learned will be around:

  • Relationship management
  • Compliance does not mean best practice
  • Stats don't mean a thing unless you know what sits behind them

Denise Beardon, Head of Information Security Engagement at Pinsent Masons LLP Mo Amin, Managing Director at Cyber Guidance Ltd

12:00 - 13:00

Networking Luncheon
Lunch is served onsite to maximize interaction and networking among attendees. If you finish lunch early, take a moment to review the show-n-tell tables.

13:00 - 14:30

Workshop - OSINT (Open Source Intelligence)

Learn what Open Source Intelligence is, how organizations are leveraging OSINT in their awareness programs and how to conduct an OSINT assessment. As part of this lab you will complete an online OSINT Assessment of yourself. Please bring a small laptop or tablet with you for this workshop as you will need it to conduct your assessment.

Nico "Dutch_OSINTguy", Dutch Law Enforcement

14:30 - 15:00

Wait, Did I Just Learn Something?

Most awareness practitioners recognize that security training and best practices need to be delivered through engaging, interactive methods, yet many of us continue to rely on only providing training that meets compliance requirements.

This may be because of limited budget, lack of support for broader employee engagement, company culture, or a lack of understanding about how to deliver impactful, engaging awareness campaigns. This presentation aims to provide awareness professionals with a better understanding of the impact that experiential activities and learning can have on their awareness programs, as well as language with which they can return to their CISOs to get support to move forward.

Although interactive, this presentation will provide concrete information for practitioners to apply to their program and bring back to their CISOs. The talk will start with an overview of awareness program methodologies, highlighting the differences between traditional/compliance-based engagement and experiential/impactful engagement.

Cassie Clark, Security Community Manager at Salesforce

15:00 - 15:30

Networking Break
Drinks and snacks will be served

15:30 - 16:30

Security Awareness Video Wars

Volunteers get to show 3 minutes of a security awareness videos they developed for their security awareness programs. If you want to submit a video for videos wars, you must submit your video to by Monday 21st November in .mov or .mp4. No submissions will be accepted after that date. We will accept all submissions and the best 5 voted by Lance Spitzner will be invited to present their videos on stage at the summit. Attendees will then vote and select their favorite videos. The winners will be awarded the coveted SANS Security Awareness coin.


Leveraging Your Security Operations Center

Security Operation Centers are a wealth of knowledge on what is happening in your organization from a security perspective. Security awareness professionals can tap into their SOC to better understand who are their top risk groups and what are the top risks they represent. Armed with this knowledge, you can create a far more effective awareness program by focusing your training on the highest risk groups and behaviors in your organization. Learn what questions you should be asking your SOC and how to leverage their answers.

Matilda McVann, Global Head of Cyber Response at Zurich Insurance

17:00 - 17:25

Table Closing Discussion

Each member of the table will share with everyone else one key learning from the day's agenda, and how they will apply that takeaway to their program when they get home. One person from each table will be appointed and then present their findings to the room.

17:25 - 17:30

Closing Remarks

Lance Spitzner (@lspitzner), Director at SANS Security Awareness

Social events and informal networking activities are hosted after the first day of the summit.
Thursday 29 November 2018

08:00 - 09:00

Registration and Coffee

For the second day of the Summit, please sit at a new table so you can meet, network, and interact with a whole new group of peers.

09:00 - 09:20

Day 2 Introductions & Networking

Kick Off and Coordination Items

Lance Spitzner (@lspitzner), Director at SANS Security Awareness

09:20 - 10:00

Gaining Leadership Support - what do we tell them and how?

Security experts often complain that organisational leadership are not really interested in information security, and do not invest sufficiently. Security awareness practitioners in particular have been reporting insufficient staffing and funding levels, and engagement from corporate leadership in campaigns. This talk will present initial insights from new project - funded by the UK National Cyber Security Centre and Lloyds Register Foundation - that works with leaders to understand how we should present information on cyber risks and the value of security aware to corporate decision-makers.

Angela Sasse, Professor at Ruhr University Bochum & UCL

10:00 - 10:30

'Once upon a time: back to the future of security'

Although we try to prevent them, catastrophic human errors seem to spring from nowhere. The usual response is to "blame and train" those who make mistakes. But is this really the best approach? How do we convince people theres so much more to human error? Early one Sunday morning, on the 25th August 1861, Henry Killick, a lone and weary railway signalman, signed on for a 24-hour shift. He was looking forward to finishing his shift and spending time with his family. But he was oblivious of the horror that was about to unfold. Could a story from the past improve our understanding of the present?

David Porter, Head of Innovation, Security & Privacy Division at Bank of England

10:30 - 11:00

Networking Break
Drinks and snacks will be served

11:00 - 12:00

Lightning Talks

In this exciting hour, four presenters will get twelve minutes and only twelve minutes each to share their stories and lessons learned. We will then follow the session with ten minutes of Q&A where you can beat up the speakers with your questions. This format jams tons of information into a short period of time. Don't blink!

  • What Are Learning Objectives and Why Do I Care?
    Jon Portzline, Content Director at SANS Institute
  • A Role-Reversal Learning Approach to Low-Level Security Training
    Sarah Muhlemann, Founder at SpyPi
  • Future-proofing your Security Awareness Programme
    Alison Crockford, Security Communications Manager at Bank of England
  • You Shape Security: Supporting the ingenuity of people
    NCSC Senior Sociotechnical Researcher
12:00 - 13:00

Networking Luncheon
Lunch is served onsite to maximize interaction and networking among attendees. If you finish lunch early, take a moment to review the show-n-tell tables.

13:00 - 14:30

Workshop - Fun / Cheeky Videos

Time to get those creative juices flowing and learn from a world expert how to make fun, cheeky videos that engage, with nothing more than your smartphone and your office.

Javvad Malik - Security Advocate at Alien Vault

14:30 - 15:00

Tripping Upwards - Mistakes I've Made

Awareness as an established industry is still in the 'awkward toddler' phase, with many companies still being in the starting stages of their programs. Its great to celebrate and talk about our successes and what weve done well, but we are less inclined to tell each other where we've gone wrong, so I'm here to tell you about the SNAFUs, the mistakes, the stuff-ups, what I have learned from these, and why it benefits us all as a community to share our failures.

Louise Cockburn, Information Security Culture Manager at Old Mutual Wealth/Quilter

15:00 - 15:30

Networking Break: Drinks and snacks will be served. Have a moment?

15:30 - 16:00

Managing Your Security Awareness Career

I'm on my 3rd program build at my 3rd company. I've had anywhere from 3-6 manager changes at each company, often in less than 3 years. I've reported to people from the Director level to CISO and CIO. I'll take 20 minutes to tell you how to keep your Security Awareness ship on course through different managers and how to manage your career in the process. I'll provide stories and learnings along the way, as well as takeaways in the form of key questions to ask yourself during career decisions, building a career while surviving bad bosses, and four action items to keep the career you want moving forward.

Janet Roberts, Global Head of Security Awareness Education at Zurich Insurance

16:00 - 16:30

Show-n-Tell Winners Announced

Winners of the show-n-tell event will be announced. The winners will present on their materials, how they came up with and implemented the winning ideas, and the impact on security awareness as a result.

16:30 - 16:50

Closing Table Discussions

Each member of the table will share with everyone else one key learning from the days agenda, and how they will apply that takeaway to their program when they get home. One person from each table will be appointed and then present their findings to the room.

16:50 - 17:00

Closing Remarks

Lance Spitzner (@lspitzner), Director at SANS Security Awareness