Security Training: Making Your Weakest Link The Strongest presented at CircleCityCon 2017

by Aaron Hnatiw,

Summary : It is a common joke amongst security professionals that the weakest link in any organizations security is the employees- the so-called "human element". The unfortunate part about this joke is that it's entirely accurate. The common approach to solving this problem is a combination of training and client-side security controls. Our security controls are often the first thing that we implement, but how often do we actually train our employees on security? The answer is- not often enough (if at all). This talk will cover how you can introduce security training into your organization, and once there, how to make it better. It will cover the common training methods currently available, how you can keep training engaging and fun, how often you should perform security training, and how to ensure that your employees have actually internalized the training material. After that, we will circle back to some specific examples from the speaker's professional experience that show where a properly trained employee could have halted an attack in its tracks. Yes, while it is often said that humans are the weakest link in any organization's security, with training they can become the strongest.