It is a common joke among security professionals that the weakest link in any organization’s security is the employees—the so-called “human element.” The unfortunate part about this joke is that it’s entirely accurate.
How do you solve this seemingly insurmountable problem? The best solution to these problems is a combination of training and client-side security controls. But while security controls are often the first thing an organization will implement, how often do we actually train our employees on security? The answer is: not often enough, if at all.
Recently, our Senior Security Researcher Aaron Hnatiw spoke at CircleCityCon 2017 about this problem. The recording of his talk below will cover how organizations can introduce security training into their operations, and once there, how to make training as effective and painless as possible. It will cover the common training methods currently available, how organizations can keep training engaging and fun, how often teams should perform security training, and how to ensure employees have actually internalized training material. After that, Aaron will circle back to some specific examples from his professional experience that show where a properly trained employee could have halted an attack in its tracks.
Yes, while it is often said that humans are the weakest link in any organization’s security, with the right training, they can become the strongest.
Watch the video and follow along with the slides below.
Security Compass offers a variety of eLearning and instructor-led training options for large businesses with complex security needs. Our Software Security Champions program is a top-to-bottom solution that includes training with industry experts, hands-on workshops, regular seminars, and more. We also offer Secure Software Practitioner (SSP) eLearning suites with learning paths tailored to specific roles and the possibility of (ISC)2 certification. Learn more about our eLearning options here and our Software Security Champions program here.