Security Training: Making Your Weakest Link the Strongest

June 15, 2017

 

It is a common joke among security professionals that the weakest link in any organization’s security is the employees—the so-called “human element.” The unfortunate part about this joke is that it’s entirely accurate.

How do you solve this seemingly insurmountable problem? The best solution to these problems is a combination of training and client-side security controls. But while security controls are often the first thing an organization will implement, how often do we actually train our employees on security? The answer is: not often enough, if at all.

Recently, our Senior Security Researcher Aaron Hnatiw spoke at CircleCityCon 2017 about this problem. The recording of his talk below will cover how organizations can introduce security training into their operations, and once there, how to make training as effective and painless as possible. It will cover the common training methods currently available, how organizations can keep training engaging and fun, how often teams should perform security training, and how to ensure employees have actually internalized training material. After that, Aaron will circle back to some specific examples from his professional experience that show where a properly trained employee could have halted an attack in its tracks.

Yes, while it is often said that humans are the weakest link in any organization’s security, with the right training, they can become the strongest.

Watch the video and follow along with the slides below.

[embed]https://www.youtube.com/watch?v=kqGn04dXgAY[/embed] [embed]https://www.slideshare.net/AaronHnatiw/security-training-making-your-weakest-link-the-strongest-circlecitycon-2017[/embed]

Security Compass offers a variety of eLearning and instructor-led training options for large businesses with complex security needs. Our Software Security Champions program is a top-to-bottom solution that includes training with industry experts, hands-on workshops, regular seminars, and more. We also offer Secure Software Practitioner (SSP) eLearning suites with learning paths tailored to specific roles and the possibility of (ISC)2 certification. Learn more about our eLearning options here and our Software Security Champions program here.

Aaron Hnatiw is a Senior Security Researcher at Security Compass. Follow him on Twitter @insp3ctre.

 

 

Previous Article
Petya Has Left the World Afraid of Cyberattacks — And Our Industry is to Blame
Petya Has Left the World Afraid of Cyberattacks — And Our Industry is to Blame

By Nish Bhalla, CEO of Security Compass Image via Bhalla’s BNN interviewThis is not another article about P...

Next Article
SSRF as a Service: Mitigating a Design-Level Software Security Vulnerability
SSRF as a Service: Mitigating a Design-Level Software Security Vulnerability

Aaron Hnatiw is a Senior Security Researcher in Security Compass’s Advisory unit. His work involves learnin...

×

Schedule a live demo

First Name
Last Name
Company Name
!
Thank you!
Error - something went wrong!