Learn from expert instructors with real-world experience in Anaheim! Choose from 7 courses.

Security Awareness Summit 2019

San Diego, CA | Mon, Aug 5 - Wed, Aug 14, 2019
This event is over,
but there are more training opportunities.

Security Awareness Summit Agenda

We strive to present the most relevant, timely and valuable content. As a result, this agenda is subject to change. Please check back frequently for changes and updates.

Day 00 - Tuesday, August 6
5:30-7:30 pm
Pre-Summit Meet and Greet

This optional session offers you the opportunity to meet and network with fellow attendees the night before the Summit kicks off. We highly recommend you attend if possible. In addition to free food and drinks, we will be hosting an interactive treasure hunt with an iPad as the top prize.

Day 01 - Wednesday, August 7
8:00-8:45 am
Registration and Coffee
8:45-9:00 am
Welcome, Introductions & Rules of Engagement

Lance Spitzner (@lspitzner), Director, SANS Security Awareness

9:00-9:20 am
Networking & Introductions

We know that the conversations among peers and the connections forged during these events are just as valuable as the talks. Kick off your day by getting to know the other attendees seated at your table and begin fostering those meaningful connections and exchanging ideas right away. Introduce yourself with your name, organization, industry, size of your organization, what you hope to get out of the summit, and one thing most people do not know about you. No more than two minutes per person.

9:20-9:30 am
Online Polling

We introduce you to what online polling is and how it works, then kick things off with a couple of fun polls.

9:30-10:10 am

Keynote: Latest Techniques in Hacking the Human

Jake Williams, Rendition Infosec; SANS Institute

Learn from the Incident Responder's perspective what the latest human-based attacks are, how bad guys are getting in, what they are doing once they are inside, and what their tools, tactics, and motivations are. Join us as world-renowned security expert Jake Williams shares the latest attacks he's seeing as he responds to some of the most fascinating and advanced cyber attackers on the planet.

10:10-10:30 am

Changing Culture: Lessons from Teaching Music

Jessica Chang, Robinhood Markets Inc.

Culture sets the guardrails for an organization's shared values, goals, and practices, and it defines the attitudes and behaviors practiced over time. Outside the working world, our cultures also shape our values, perspectives, and habits as individuals within families, schools, and communities. During this talk, Jessica Chang will highlight the lessons learned from being a professional musician and teacher that apply to our profession as security education and awareness practitioners. While the world of classical music may be distinct from information security, music teachers are similarly tasked with using different learning theories and equally responsible for cultivating a mindset of growth and building informed behaviors that turn into lasting habits. Like security practitioners, music teachers use observation, analysis of behavior, and goal-setting to drive intended results. Learn how to foster meaningful results for your organization by assessing your organization's culture of security, building complementary theories of learning for security, and designing a complementary hands-on curriculum to influence the formation of secure habits.

10:30-11:00 am Networking Break: Drinks and snacks will be served.
11:00-11:30 am

Using Appreciative Inquiry to Create a Network of Security Champions that Went Viral

Sarah Janes (@sarahkjanes), Layer 8

In 2016, 40 operational security employees were put in a room and asked to imagine a future where employees demonstrated proactive security behaviors. Three years later, the team has over 600 security champions, all volunteers. The network, known as Openreach is able to demonstrate measurable changes in behavior and examples of real incident mitigation. This presentation will provide attendees with a step-by-step methodology to recruit, train, and sustain the momentum of champions, show how to use Appreciative Inquiry to engage stakeholders in self-determined change, and demonstrate how to use champions to measure behavioral change at the grassroots level (for example, what people are doing differently).

11:30-12:00 noon

Online Training Structure for Multi-generations

Dr. Brenda L. Ellis, NASA

Today's cyber workforce is composed of members of five defined generations: traditionalists, baby boomers, generation X, generation Y, and millennials. These multi-generationals are working together in a common setting and therefore must be trained in a manner that will effectively enhance knowledge and change behavior to reduce security risks in the workplace. Training such a diverse group across generations presents challenges in terms of different learning styles and educational practices, and those challenges only increase in online training. Learning is more effective when the learner is engaged and motivated. The ongoing question, then, is what is engaging to which learner? What motivates each generation? In answering these questions, this presentation will demonstrate the need for an integrated design solution for training. Attendees will gain a better understanding of the learning styles of each generation and see how to integrate effective training methods into risk-based cybersecurity training.

12:00-1:00 pm Networking Luncheon: Lunch is served onsite to maximize interaction and networking among attendees. If you finish lunch early, take a moment to review the show-n-tell tables.
1:00-3:00 pm

Tracks: Time to Choose! Select One of the Options Below:

  1. Beginner's Track

    This track is for people new to the world of security awareness. The aim is to help attendees by discussing the foundations of security awareness and basic approaches to it. Each speaker gets 25 minutes to present, followed by a panel with all of the speakers together to answer your questions.

    • Lessons Learned in Building an Award-Winning Phishing Program - Dennis Legori, TSYS
    • Security Awareness Recognition Program - Nicole Jacobs, USAA
    • Securing Leadership Support - Janet Roberts, Zurich Insurance
    • How to Use the Fogg Behavior Model, Nudge Theory, and More to Design Secure Behaviors - Perry Carpenter, KnowBe4
  2. Metrics CyberScore Workshop (Advanced) - Jon Smiley, Highmark Health Solutions

    This hands-on, interactive workshop is for more experienced awareness officers and/or those who work in more mature awareness programs. Already have your CBT and phishing program rolled out? Is senior leadership looking for more detailed and useful measurements of the impact of your program? Join Jon and his team as they walk you through how they built a security awareness metrics dashboard both for their overall organization as well as at the business unit level. Then, through a series of interactive labs, you will build your own metrics dashboard for your own organization.

3:00-3:30 pm Networking Break: Drinks and snacks will be served.
3:30-4:00 pm

The Creative Process Behind Fun, Low-Budget Videos

Video is one of the best visual tools you can use to convey complex information in an engaging way. But how do you actually make a video that is “engaging” in the first place? How do you come up with ideas for video content that would appeal to your audience? How do you make topics like cybersecurity consumable and entertaining? To be honest, it isn’t as hard as you might think. In this presentation I’ll showcase the creative process behind producing fun, budget-friendly videos and share surprising places to draw on for inspiration."

Jill Barclay, Dignity Health

4:00-5:00 pm

Security Awareness Video Wars

Volunteers will show short (no more than three minutes) security awareness videos they've developed for their security awareness programs. At the end of the video presentations you will be asked to vote on the videos you liked best and we will award the top winners. Videos will be shown in two categories: small budget (under $5,000) and big budget (over $5,000). After the videos and voting, we will ask the video submitters to sit down for an informal panel so that attendees can ask them questions.

5:00-5:15 pm

Closing Discussions at the Tables

Each person at a table will share with everyone else one key thing they learned from the day's agenda and how they plan to apply that takeaway to their program when they get home.

5:15-5:30 pm
Closing Remarks
6:00-8:00 pm
SANS Fiesta by the Bay

Join us for a taco and tequila fiesta at our Summit hotel, overlooking beautiful Mission Bay. We'll meet on the waterfront lawn for food, drinks, fun, and networking!

Day 02 - Thursday, August 8
8:00-8:45 am
Networking and Coffee
8:45-9:00 am
Day 02 Kick-Off and Coordination Items

Lance Spitzner (@lspitzner), Director, SANS Security Awareness

9:00-9:20 am
Introductions & Networking

For the second day of the Summit, please sit at a new table so you can meet, network, and interact with a whole new group of peers.

9:20-10:00 am

A Lesson in Survival: Transforming Culture by Preparing for a Crisis

Is your team prepared for the uncertainty and chaos of a security incident? How rapidly can your organization band together during a crisis? Who do you need to navigate a major security event and have you trained them to identify and support their stakeholders? In this talk, we will show how key personalities, including "fire fighters" and "bridge builders", emerge during the pandemonium of a major security event, and how these roles are core to the effectiveness of the security program long before a crisis ever happens. We will demonstrate how identifying, developing, and empowering these team members will allow you to not just survive a major event, but proactively build trust with your stakeholders and transform your security culture.

Adam Tice, Senior Vice President of Cybersecurity, Equifax

10:00-10:30 am

Partnerships & Collaboration

Alexandra Panaretos, EY

Having worked in different industries, entities of various sizes, and a range of environments as both a consultant and practitioner, Alexandra Panaretos has seen the good, bad, and ugly ways that companies approach security awareness. The consistent theme in great programs is the willingness to collaborate with groups outside of the security team. Partnerships with physical security, corporate communications, human resources, legal, and yes, even employee health, can help build your program into a holistic approach to securing the human. Examples of successful campaigns and paths to partnership will be showcased, as will be a few of the frequent mistakes teams make along the way.

10:30-11:00 am Networking Break: Drinks and snacks will be served.
11:00-12:00 noon

Special Events

SANS has seen a growing interest in special events, so this presentation will provide two different perspectives on this approach to awareness training. Following the talks by each presenter, we will have them come together on the stage to answer your questions.

  • How to Build Your Own Escape Room - Bob Hewitt (@infosecbobh) and Justin Perkins, Stellar Technology Solutions
  • Online Digital Scavenger Hunt: Engaging Security Awareness with Global Impact - Laney Cannon, Citrix Systems
12:00-1:00 pm Networking Luncheon: Lunch is served onsite to maximize interaction and networking among attendees. If you finish lunch early, take a moment to review the show-n-tell tables.
1:00-3:00 pm

Tracks: Time to Choose! Select One of the Options Below:

  1. OSINT Workshop

    At this hands-on, interactive workshop, you'll learn what open-source intelligence (OSINT) is, how it works, how you can use it in your awareness program, and even how to run an OSINT assessment of yourself. NOTE: Can't decide which course to take? SANS is also offering a full six-day course on OSINT right after the Summit.

  2. Communications & Engagement Track

    Each speaker gets 25 minutes to present their point of view and experiences on the same topic - communications / engagement. Following their talks, we will have all of the speakers come together on a panel to answer your questions.

    • Dashboard Confessions: Security Awareness Communication in Silicon Valley - Brooke Pearson, Uber
    • Shifting from FUD to Fun! How to Overcome Internal Obstacles for Program Success - Mary Dziorny (@revsec), Revolutionary Security
    • Cyber Agents for Change Leveraging Untapped Opportunities for Cybersecurity Awareness - Diane Desaulniers, Johnson & Johnson
3:00-3:30 pm Networking Break: Drinks and snacks will be served.
3:30-4:30 pm

Role-based Training Session

SANS is seeing a growing interest in role-based training that ensures that the right people get the right training and no more. As such, this presentation will provide you with two different perspectives on this approach to awareness training.

  • How Data-driven Personalized Journeys Are the Future of Security Training - Aika Sengirbay, AirBnB
4:30-5:00 pm

Show-n-Tell Winners Announced

Winners of the show-n-tell event will be announced, then make presentations about their materials, how they came up with and implemented the winning ideas, and the impact on security awareness as a result.

5:00-5:15 pm

Closing Table Discussions

Each person at a table will share with everyone else one key thing they learned from the day's agenda and how they plan to apply that takeaway to their program when they get home.

5:15-5:30 pm
Closing Remarks
Optional Day 03 - Friday, August 9

We are excited to announce a new event for the Security Awareness Summit: An optional third half-day! Yes, even more learning and interaction. Limited to only 160 people, this third day enables you to make the most of both the event and our amazing security awareness community.

8:00-8:45 am
Networking and Coffee
8:45-10:40 am

Learning Theory/Instructional Design

Jon Portzline and Kevin Bennet, SANS Institute

Spend the morning learning from several experts about the world of learning theory and instructional design. This hands-on workshop takes a deep dive as you develop learning objectives, leverage frameworks such as Blooms Taxonomy, ARCS and ADDIE, and engage in interactive team labs to help develop your own learning plans. Learn the science behind adult learning and apply those lessons learned to your own awareness program.

10:40-11:00 am Networking Break: Drinks and snacks will be served.
11:00-12:00 noon

Birds of a Feather

Complete the day by interacting with and learning from your peers through a series of "Birds of a Feather" sessions. These are informal table meetings where subject-matter experts, speakers, and attendees lead group discussions on the topics of their choice, ranging from metrics to learning theory, phishing, Ambassador Programs, gaining leadership support, and more. Pick the topic you want, jump in, then share with your peers and learn from them!

12:00 noon

We wrap up the event at mid-day, allowing you to catch a flight home and still have time to spend your weekend with friends and family. What more could you ask for?