Editor's Note: This is a guest Blog Post from Cheryl Conley, head of Lockheed Martin's Security Education and Awareness team. Lockheed is one of the most targeted (and phished) organizations in the world. Below is a short description of her talk on "Ramping Up Your Phishing Program" at the Security Awareness Summit 10 Sep in Dallas.
During this 45 minute interactive session, we'll take a look at the past 5 years of phishing at Lockheed, our strategy to include the initial baseline, diverse levels of difficulty, and lessons learned. I'll discuss our Undesired Action Rate (UAR) metrics, the great improvements in reporting and the trends we have been able to diagnose/craft awareness material around; and even some of our unique employee interactions and responses to our testing (Jury Duty and Traffic tickets come to mind!). Time permitting, test your knee jerk skills with “Click or No Click!” Not intended to be a technical discussion, attendees will instead take away concepts and tactics to deploy a phishing program or augment one currently in place. Additionally, while we've been very successful with our program, I continually contemplate effective improvements, when will we "hit the wall" on our UAR and how do we communicate this to our executive stakeholders? I'm looking forward to collaborating with those interested in moving the needle - or Ramping It Up!
Bio: Cheryl Conley has held the Sr. Manager position for the Security Education & Awareness Team in the Corporate Information Security organization for the past 6 years and recently also assumed the role of Business Area Information Security Officer. She started her career with the company in 1983, her past experience includes computer operations, customer service, systems engineering, and program support. She has participated in the creation of information security policies, operational readiness reviews, encryption technologies, and employee development. She has managed numerous successful teams to include The I Campaign, teaches several classes within CIS, and has a passion for the Security Awareness arena. She holds a Masters' degree in Information Technology, and obtained the CISSP in December 2005.