Lance Spitzner

Lance Spitzner has over 20 years of security experience in cyber threat research, security architecture and awareness training and is a SANS Senior Instructor. He helped pioneer the fields of deception and cyber intelligence with his creation of honeynets and founding of The Honeynet Project. In addition, Lance has published three security books, consulted in over 25 countries, and helped over 350 organizations build awareness programs to manage their human risk. He is also on the Board of Advisors for Attivo Networks. Lance is the author and an instructor for MGT433: Managing Human Risk: Mature Security Awareness Programs, and MGT521: Leading Cybersecurity Change: Building A Security-Based Culture, and built the SANS Security Awareness business unit from the ground up over the past 10 years. With the catalyst of COVID-19, Lance created multiple resources for securing humans from home, from those working remotely for the first time or managing newly remote teams, to children learning and playing online.

More About Lance

Profile

Before information security, Lance served as an armor officer in the Army's Rapid Deployment Force and subsequently earned his MBA from the University of Illinois. While getting his MBA he interned for a Unix consulting company where he developed his passion for network and systems technology. He quickly became involved in security by becoming the go-to person for anything firewall related. Security was very similar to his military service, his mission was to defend environments from the bad guys. For over 20 years now, Lance has been passionate about cybersecurity. For the first ten years his work was highly technical, including working as a security architect for Sun Microsystems helping secure Sun’s largest customers around the world. His specialties included network architecture, penetration testing, forensics, cyber intelligence, honeynets and system hardening. However, for the past decade, he has focused on the human side as he feels that is where the biggest gains in cybersecurity can be made. Security is not merely a technical challenge, it is also a human challenge. Lance, who is an innate helper and people-person, has always been fascinated with how the world of security and people impact each other.

The biggest challenge Lance tends to see is technical people trying to apply a technical solution to the human side of security. Managing human risk means you need to take a human approach to security. To be successful one needs to apply concepts such as motivation, behavior modeling, culture, engagement, learning theory and communication - a completely new set of soft skills that most technical people lack. Lance’s extensive background on both sides of the coin – technical and human – puts him in a unique position to bridge this gap.

Lance has taught with SANS for over two decades. In his own words: “First is SANS absolute commitment to quality, to providing the best training possible. Students and their experiences are the absolute priority. Second is SANS’ commitment to community, to ensuring that we work together to help others. These two values are the very core of why I'm excited to wake up every morning and help make a difference.”

Lance believes the key to success in teaching is enabling students to learn as much as possible from others. Because of this, Lance’s classes are as interactive as possible. While he feels he has a tremendous amount of knowledge and experiences to share, so do his students. He works hard to create a trusted environment where everyone feels comfortable sharing and learning from each other. Ultimately for us to be successful as a whole, we have to be a community that works together.

One of the greatest highlights of Lance’s career - and what he gets the most excited about - are the annual Security Awareness Summits. This is when a community of hundreds of security professionals come together to learn, share, and improve as a community. Lance absolutely loves the idea of others working together for a common cause, and this is what the Security Awareness Summits are all about. In many ways the summits are helping establish the roadmap and framework of how human risk will be managed for years to come.

Lance is a frequent presenter, serial tweeter and blogger, and works on numerous community security projects. When not in front of a computer, Lance enjoys anything that involves the outdoors and does NOT involve a command prompt, in particularly, woodworking, blacksmithing, hiking and beekeeping.

Listen to Lance teaching in his latest webcast "Leveraging Organizational Change to Build a Strong Security Culture".

ADDITIONAL CONTRIBUTIONS FROM LANCE SPITZNER:

WEBCASTS:

New Five Day Security Culture Course, Nov 2020

Leveraging the Security Awareness Planning Kit, July 2020

What Most Security Teams Don't Know But Should - Rethinking Human Risk Metrics, July 2020

Leveraging Organizational Change to Build a Strong Security Culture, June 2020

Making and Keeping Work at Home Operations Safe and Productive, May 2020

Security Leadership: Managing in Turbulent Times, presented by SANS Summits, May 2020

Driving Cybersecurity Change – Establishing a Culture of Protect, Detect and Respond Highlights, April 2020

Secure Video Conferencing - What to Train Your Workforce On, April 2020

Securing Your Kids Online, March 2020

Deployment Kit for Securing Your Workforce at Home, March 2020

Leading Change for CISOs, June 2019

For more webcasts prior to 2019, please refer to the SANS Webcast Archive.

PRESENTATIONS

Cybersecurity: The Human Perspective, SECURE 2019

Behind the Mask, RSAC 2019

PUBLICATIONS:

Security Your Remote Workforce: A Coronavirus Guide for Business

Honeypots: Tracking Hackers

Know Your Enemy

The 3 C's of Security Awareness

https://www.sans.org/security-awareness-training/blog

TOOLS & MORE:

SSA Work-From-Home Deployment Kit

Lance's Contributions