Get unparalleled cyber security training from real-world practitioners in Nashville. Save $200 thru 10/30.

Simulcast MGT433 Session

Sat Sep 14 - Sun Sep 15, 2013 (US Pacific)
This event is over
but there are more training opportunities.

Securing The Human: Building and Deploying an Effective Security Awareness Program

Excellent material for security professionals wanting a deeper level of knowledge on how to implement security policies, procedures, and defensive mechanisms in an organization.

Brandon Smit, Dynetics

Great course for people starting into security essentials.

Alex Largie, Navajo Nation

Organizations have invested in information security for years now. Unfortunately, almost all of this effort has been focused on technology with little, if any, effort on the human factor. As a result, the human is now the weakest link. From RSA and Epsilon to Oak Ridge National Labs and Google, the simplest way for cyber attackers to bypass security is to target your employees. One of the most effective ways to secure the human is an active awareness and education program that goes beyond compliance and changes to behaviors. In this challenging course you will learn the key concepts and skills to plan, implement, and maintain an effective security awareness program that makes your organization both more secure and compliant. In addition, you will develop metrics to measure the impact of your program and demonstrate value. Finally, through a series of labs and exercises, you will develop your own project and execution plan, so you can immediately implement your customized awareness program upon returning to your organization.

Course Syllabus

Lance Spitzner
Sat Sep 14th, 2013
9:00 AM - 12:15 PM US Pacific
1:30 PM - 5:00 PM US Pacific

CPE/CMU Credits: 6


  • Defining the elements of risk and their role in awareness
  • Why humans are so vulnerable and how cyber attackers exploit these vulnerabilities
  • Defining awareness, training, and education
  • Getting both management support and a budget
  • Determining strategic issues including: building a steering committee, documenting an awareness policy, developing overall goals, and identifying limitations
  • How to structure a large, enterprise solution that scales for multiple business units
  • How to build a modular program that can adapt to your organization's changing needs
  • Who - Identifying the different targets of your awareness program
  • What - Identifying and prioritizing the topics that will have both the greatest impact for your organization and ensure you are compliant
  • Creating and documenting lesson objectives for each of your topics

Lance Spitzner
Sun Sep 15th, 2013
9:00 AM - 12:15 PM US Pacific
1:30 PM - 5:00 PM US Pacific

CPE/CMU Credits: 6


  • How - Identify the most effective communication methods for your organization's culture
  • The two different communication methods: Primary and Reinforcement
  • The advantages, disadvantages, and what works for the two different primary methods: instructor led and computer based training
  • The options for deploying computer based training, and their advantages and disadvantages, including use of a Learning Management System (LMS)
  • Different reinforcement methods, including newsletters, posters, and screensavers
  • Leveraging imagery for your awareness program
  • How to present, including ten key steps to success and ten mistakes to avoid
  • Developing an execution plan and execution checklist
  • Designing and using metrics to track both the compliance and the impact of your program, including awareness assessments
  • Updating and improving your program
Date Time Instructor
Sat Sep 14th, 20139:00 AM - 12:15 PM US Pacific
1:30 PM - 5:00 PM US Pacific
Lance Spitzner
Sun Sep 15th, 20139:00 AM - 12:15 PM US Pacific
1:30 PM - 5:00 PM US Pacific
Lance Spitzner

Additional Information

"The Who and What of training and awareness is just what I needed to take back home." - David Nix - Department of Energy

"Soup to nuts, this class covers the entire designing, building, deploying and measuring an effective security awareness program." - Chris Sorensen - GE Capital

  • Security awareness training officers
  • Chief Security Officers (CSO's) and security management
  • Security auditors, governance, and compliance officers
  • Training, human resources and communications staff
  • Organizations regulated by Health Insurance Portability and Accountability Act (HIPAA), Federal Information Security Management Act (FISMA), Family Educational Rights and Privacy Act (FERPA), Payment Card Industry-Data Security Standards (PCI-DSS), ISO/IEC 27001, Family Educational Rights and Privacy Act (FERPA), Sarbanes-Oxley Act (SOX), or any other compliance driven standards.
  • Anyone responsible for planning, deploying, or maintaining an awareness program

Author Statement

After being actively involved in information security for over fifteen years I have seen one constant factor, employees are the weakest link. What amazes me is so many people agree on this point, but so few organizations do anything about it. I'm determined to change that. I am extremely excited about Securing the Human, as we provide organizations the skills they need to build an effective awareness program and secure their employees. By securing the human, organizations will not only be fully compliant but be far more secure then they could ever be with just technology alone. - Lance Spitzner

Venue Information

  • World Wide Web
  • Secure Site Requires Login ID & Password
    Webcast Classroom Training,