A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Building a better user: Developing a security-fluent society - Rich Cassara Converge 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

Building a better user: Developing a security-fluent society
Rich Cassara
@rjcassara

The quality of your security always boils down to the people in your organization. An executive clicking a link in a phishing email, a developer failing to sanitize an input field, or the front desk person letting an unscheduled maintenance worker through can all have disastrous results. These events keep repeating themselves because the people involved aren't fluent in security. Anyone can learn the "language of security", but like any foreign language becoming fluent requires either immersion or regular exposure at an early age. Using past techniques that have helped shaped modern society, I'll present some ideas that could lead to a future where the average person is more fluent in security -- and with employees that natively think about security, breaches may be fewer and further between.

Currently a DevOps curmudgeon.

@rjcassara.freeTime = 10;
$security_projects = [PoshSec, ShaDOS, Home_Lab];

If (@rjcassara.freeTime > 0) {
 @rjcassara.workOn($security_projects);
 }

for ($i=0;$i<@rjcassara.kids[].length;$i++){
  if (@rjcassara.kids[$i].age < 3){
   @rjcassara.freeTime = @rjcassara.freeTime - 6;
   }
  else if(@rjcassara.kids[$i].age < 6){
   @rjcassara.freeTime = @rjcassara.freeTime - 4;
   }
  else if(@rjcassara.kids[$i].age < 9){
   @rjcassara.freeTime = @rjcassara.freeTime - 2;
   }
}

print @rjcassara.freeTime;
> -2
Two-time recipient of an honorable mention in the annual SANS Holiday Hack



The quality of your security always boils down to the people in your organization. An executive clicking a link in a phishing email, a developer failing to sanitize an input field, or the front desk person letting an unscheduled maintenance worker through can all have disastrous results. These events keep repeating themselves because the people involved aren't fluent in security. Anyone can learn the "language of security", but like any foreign language becoming fluent requires either immersion or regular exposure at an early age. Using past techniques that have helped shaped modern society, I'll present some ideas that could lead to a future where the average person is more fluent in security -- and with employees that natively think about security, breaches may be fewer and further between.

Back to Converge 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast