"There's no patch for human stupidity." This phrase is used often and with prejudice. I say it's nothing more than an excuse. If users are truly our largest attack surface and a vulnerable ingress point to our environments, it's our job to secure them. And if that security is failing, it's our fault, not theirs. Security education doesn't have to be as hard as most make it out to be. I'll go over the 10 most common pitfalls I've seen in commercial and hand-rolled security education programs. Armed with this information, hopefully you can build a quality program of your own or at least make improvements to your existing one.

Kris is one of the founders of local information security group CleveSec, and serves on the board of the Northeast Ohio Information Security Forum (NEOISF). Kris works at a local software vendor where he helped to create and implement their first secure development and company-wide security culture initiatives.

Back to Bsides Cleveland 2015 video list