A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


10 Reasons Your Security Education Program Sucks - Kris French Jr @Turtl3Up Bsides Cleveland 2015 (Hacking Illustrated Series InfoSec Tutorial Videos)

10 Reasons Your Security Education Program Sucks
Kris French Jr @Turtl3Up

"There's no patch for human stupidity." This phrase is used often and with prejudice. I say it's nothing more than an excuse. If users are truly our largest attack surface and a vulnerable ingress point to our environments, it's our job to secure them. And if that security is failing, it's our fault, not theirs. Security education doesn't have to be as hard as most make it out to be. I'll go over the 10 most common pitfalls I've seen in commercial and hand-rolled security education programs. Armed with this information, hopefully you can build a quality program of your own or at least make improvements to your existing one.

Kris is one of the founders of local information security group CleveSec, and serves on the board of the Northeast Ohio Information Security Forum (NEOISF). Kris works at a local software vendor where he helped to create and implement their first secure development and company-wide security culture initiatives.


Back to Bsides Cleveland 2015 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast