Most security awareness training is focused on changing human behavior. People already know how to perform a specific skill, awareness simply teaches them how to perform it more securely, such as when using email. However there are times when you need to teach people new skills. While not designed for awareness training, a new poster recently created by the SANS Forensics instructors fits the bill perfectly. This two sided poster, called "Know Normal - Find Evil" documents different ways a forensics expert can identify if a system is compromised or not. While designed for forensic professionals, I feel this poster is a great resource for almost any IT admin, even if they have no security experience. The poster identifies system processes, accounts and activity that would be familiar to almost any IT admin. The poster then confirms what activity is normal and how to identify activity that would not be normal, indicating that the system they are working on is compromised. Think about it, since your IT staff work with their systems on a daily basis, they can quickly identify compromised systems becoming your first layer in detection and response. With a bit of awareness training you are going beyond just protection and developing "Human Sensors". We will link the poster from the STH poster section but for now you can download the poster directly from the link below. Download your copy of the poster now and be sure to share with your co-workers and peers. UPDATE 01: I just learned you can also order online a printed copy.