Before information security, Lance served as an armor officer in the Army's Rapid Deployment Force and subsequently earned his MBA from the University of Illinois. While getting his MBA he interned for a Unix consulting company where he developed his passion for network and systems technology. He quickly became involved in security by becoming the go-to person for anything firewall related. Security was very similar to his military service, his mission was to defend environments from the bad guys. For over 20 years now, Lance has been passionate about cybersecurity. For the first ten years his work was highly technical, including working as a security architect for Sun Microsystems helping secure Sun’s largest customers around the world. His specialties included network architecture, penetration testing, forensics, cyber intelligence, honeynets and system hardening. However, for the past decade, he has focused on the human side as he feels that is where the biggest gains in cybersecurity can be made. Security is not merely a technical challenge, it is also a human challenge. Lance, who is an innate helper and people-person, has always been fascinated with how the world of security and people impact each other.
The biggest challenge Lance tends to see is technical people trying to apply a technical solution to the human side of security. Managing human risk means you need to take a human approach to security. To be successful one needs to apply concepts such as motivation, behavior modeling, culture, engagement, learning theory and communication - a completely new set of soft skills that most technical people lack. Lance’s extensive background on both sides of the coin – technical and human – puts him in a unique position to bridge this gap.
Lance has taught with SANS for over two decades. In his own words: “First is SANS absolute commitment to quality, to providing the best training possible. Students and their experiences are the absolute priority. Second is SANS’ commitment to community, to ensuring that we work together to help others. These two values are the very core of why I'm excited to wake up every morning and help make a difference.”
Lance believes the key to success in teaching is enabling students to learn as much as possible from others. Because of this, Lance’s classes are as interactive as possible. While he feels he has a tremendous amount of knowledge and experiences to share, so do his students. He works hard to create a trusted environment where everyone feels comfortable sharing and learning from each other. Ultimately for us to be successful as a whole, we have to be a community that works together.
One of the greatest highlights of Lance’s career - and what he gets the most excited about - are the annual Security Awareness Summits. This is when a community of hundreds of security professionals come together to learn, share, and improve as a community. Lance absolutely loves the idea of others working together for a common cause, and this is what the Security Awareness Summits are all about. In many ways the summits are helping establish the roadmap and framework of how human risk will be managed for years to come.
Lance is a frequent presenter, serial tweeter and blogger, and works on numerous community security projects. When not in front of a computer, Lance enjoys anything that involves the outdoors and does NOT involve a command prompt, in particularly, woodworking, blacksmithing, hiking and beekeeping.
Listen to Lance teaching in his latest webcast "Leveraging Organizational Change to Build a Strong Security Culture".
ADDITIONAL CONTRIBUTIONS FROM LANCE SPITZNER:
Leveraging the Security Awareness Planning Kit, July 2020
Securing Your Kids Online, March 2020
Leading Change for CISOs, June 2019
For more webcasts prior to 2019, please refer to the SANS Webcast Archive.
Cybersecurity: The Human Perspective, SECURE 2019
Behind the Mask, RSAC 2019
TOOLS & MORE: