It is a common joke amongst security professionals that the weakest link in any organizations security is the employees- the so-called "human element". The unfortunate part about this joke is that it's entirely accurate. The common approach to solving this problem is a combination of training and client-side security controls. Our security controls are often the first thing that we implement, but how often do we actually train our employees on security? The answer is- not often enough (if at all). This talk will cover how you can introduce security training into your organization, and once there, how to make it better. It will cover the common training methods currently available, how you can keep training engaging and fun, how often you should perform security training, and how to ensure that your employees have actually internalized the training material. After that, we will circle back to some specific examples from the speaker's professional experience that show where a properly trained employee could have halted an attack in its tracks. Yes, while it is often said that humans are the weakest link in any organization's security, with training they can become the strongest.

Aaron Hnatiw is a Senior Security Researcher for Security Compass, an information security advisory firm specializing in application security. He is a former professor of Application Security at Georgian College, as well as the founder of Inspectral Security, a security consulting company that provided customized red team and vulnerability assessment services to medium-sized businesses across a wide range of industries. Aaron??¦s background has covered most areas of information technology- he has worked as a security consultant, system administrator, web and desktop application developer, and network security engineer. His current role involves researching information security issues across industries, and developing innovative solutions to these problems. In his free time, Aaron writes open-source security tools, and participates in the occasional hacking CTF from his home in Ontario, Canada.

Back to Circle City Con 2017 Videos list