I'm flying home after this year's European Security Awareness Summit and wanted to share my thoughts and experiences from the event while still fresh in my mind. Once a year, every year, we host a security awareness summit both in the United States and in Europe. The purpose of the awareness summits are to bring together the worlds' thought leaders and practitioners in security awareness and changing human behavior. We have two goals for each of these events.
- Provide the best speakers in the world who share actionable steps you can take to make both your job easier and your awareness program more effective. A key requirement for speakers is they cannot focus on just theory, they have to share on what they did in their own program and lessons learned.
- Maximize your time and opportunity to meet with, network and learn from others attending the event. We are all about community, and we want to be sure you are part of that community when you leave.
In addition to speakers we host a variety of other events to maximize learning and sharing. One of my favorites is show-n-tell. This is when attendees bring examples from their own awareness program to share with others, such as newsletters, posters and handouts. The teams from Bank of England, Fidelity and BBC were recognized for having the best / most creative materials. Finally, below is a list of each of the speakers and a highlight of what they talked about and key take aways. You can find all of their slides from the Security Awareness Summit Archives page. We are already planning for 2017, with the next summit 2/3 August in Nashville, TN with the European summit still To Be Determined. Hope you can join us for one of these high-impact, interactive events!
Speakers - In the order they presented.
Masha Sedova: Using Gamification to Transform Security Awareness We started the event with a bang, bringing in the world's expert on gamifying awareness programs. If you have a mature awareness program and want to learn how to pump up the volume, Masha is your guide. Masha covered how Salesforce, a company of over 25,000 people have gamified 5 key behaviors and the impact it is having. What is great is how her talk walked through the three key steps/stages to gamifying. Find all the details in her slides. John Scott: Awareness With Impact For such an old and stuffy sounding organization, Bank of England has a very dynamic and outgoing awareness program. John demonstrate why that is the case by focusing on where most awareness programs fail, the soft side. John covered three key areas how each awareness program can do better. Lightening Talks. This year we tried something new, lightening talks. In this exciting hour, six presenters get ten minutes, and only ten minute, each to share one powerful awareness initiative, idea, or best practice. This format jams tons of information into a short period of time. People loved the fast paced nature of these talks, and a great chance for new speakers to try out their materials.
- Chris Boyd: Tackling CFO Fraud
- Leron Zinatullin: The Psychology of Information Security Culture
- Ido Naor: Social Media Malware: Tag Me If You Can
- David Rimmer: Lessons I learned from my dog
- Martine van de Merwe: Improve your results by applying accelerated learning
- Dr. Simon Parkin: Top Awareness Challenges and Solutions for SMEs
Jordan Schroeder: How to Combat the Hidden Bias that Kills Your Awareness Programme Jordan did a fascinating job describing how near misses can harm how people approach cyber security. In other words, if they keep clicking on links and nothing bad happens, they are more likely to continue to keep click on links. Jordan does a deep dive into the psychology behind it and how he recommend organizations counter it. Dr. Jessica Barker - Three Ways Awareness Programs Fail Jessica was not on agenda as she originally could not make the event. However she found time at the last minute and asked her to standup and speak. She rocked the house focusing on how easy it was for security professionals to fall into the trap of thinking what they are saying is easier to understand, when no one else can understand a word they are saying. Magnus Solberg: Building and Launching the First Iteration of Your High-Impact Security Culture Program Not everyone has a mature or robust awareness program. Many people are starting at the very beginning and Magnus realized that, sharing the story of how he started his awareness program, the challenges he ran into and how he overcame them. If you are just starting your awareness program, be sure to review his slides they are a wealth of information. Per Thorsheim: Passwords Like You Never Knew Them Before! Passwords are probably the best example of how our community has made security maddeningly frustrating. Security professionals are constantly bemoaning how people use weak passwords, but its amazing just how few of these same security professionals realize they are the ones at fault, we have made passwords impossibly complex. Per did an amazing job jumping right in and cutting through all the noise, focusing on how to make passwords both very simple and secure for people. I almost jumped out of my seat in joy when he said "death to the 90 day password change!".