Lance Spitzner: How To Secure The Human Operating System

SANS Institute training director, Lance Spitzner doesn't like the notion that humans are the weakest link in the security chain. Instead, he suggests that humans the primary attack vector for cyber criminals.

In an exclusive interview with Forbes to discuss National Cyber Security Awareness Month (NCSAM), a globally celebrated effort to spread awareness about cyber security, Spitzner spoke on how to improve security measures on what he calls the ‘human operating system.’

He describes that while it is everyone’s job to ensure online safety at work, organizations often lack the proper training on how to even execute online safety.

We’ve done nothing to secure the human, which means it’s really easy for the bad guys to attack the human element,” Spitzner explains to Forbes.

“If we want to secure the human element, we have to do two things. First, make cybersecurity simple. A perfect example of a behavior we have gotten horribly wrong is passwords…Second, we have to communicate in their terms, not ours. More than 80% of security awareness professionals have highly technical backgrounds. That’s great – they understand the problem – but that’s bad because they’re really bad at communicating the solution.”

Spitzner, a security awareness trainer for over two decades and a member of the Board of Directors for the National Cyber Security Alliance, mentions that most awareness officers can only dedicate a fraction of their time to security awareness training. To help save time, he has curated the National Security Awareness Month Planning Matrix and Toolkit. This instant download resource outlines daily activities and weekly customizable communication templates to help drive a cyber-secure organization.


SANS Security Awareness NCSAM 2018 CTA

Get the National Cyber Security Awareness Month Planning Matrix and Toolkit HERE


About Spitzner:

Lance Spitzner has over 20 years of security experience in cyber threat research, security architecture, awareness and training. He helped pioneer the fields of deception and cyber intelligence and founded the Honeynet Project. In addition, Lance has published three security books, consulted in over 25 countries and helped over 350 organizations build programs to manage their human risk. Lance is a frequent presenter, serial tweeter (@lspitzner ) and works on numerous community security projects. Mr. Spitzner served as an armor officer in the Army's Rapid Deployment Force and earned his MBA from the University of Illinois.

To read the full transcript of Spitzner’s Forbes interview, click here.