Editor's Notes: Cheryl Conley is head of Lockheed Martin's Security Education and Awareness team. Lockheed is one of the most targeted (and phished) organizations in the world. Cheryl is one of the speakers for the upcoming EU Security Awareness Summit in London on 10 July. Below she discusses what her talk will be on and what you can learn from it.
During this interactive presentation "Marketable, Meaningful Metrics", Cheryl will provide an overview of Lockheed’s Ongoing Phishing Success Story. Cheryl’s team has been leading their organisation's phishing program for over 5 years, utilizing several “grades” of phishing e-mails, and leverages off real life scenarios that can trace back to incoming, suspicious e-mails.
Utilizing several “grades” of phishing e-mails, the team leverages off real life scenarios, comparing apples to apples that can trace back to incoming, suspicious e-mails. The testing continues to validate the effectiveness of the education and awareness efforts with a 55 percent improvement in employees taking the correct actions such as deleting the email and/or reporting to the Lockheed Martin Computer Incident Response Team. The program’s historical metrics allows for trending analysis and the ability to include testing metrics related to focus groups, high risk roles, generation, and years of service.
The implementation of progressive training and accountability processes provide the employee diverse means of learning. While more difficult to measure, there has been a very beneficial behavioral and culture change with employees reaching back asking pertinent questions and requesting additional information and resources. Session participants will walk away with the knowledge base to think strategically how you will move forward, setting the expectations to not only the stakeholders but all employees, reporting processes, lessons learned, and program enhancements. In addition, see how LM modified the JIT (Just in Time) page transitions based on employee behavior and feedback, along with a couple “good news” stories. Learn how Cheryl and her team have developed one of the most successful and mature phishing programs in the community.