Challenges of a Security Awareness Manager, Finding Topics for Training

This week's edition features:

• Virtual Meetup Recap: General Discussion on Challenges and Solutions
• Finding Topics for Security Awareness Training with Gabriel Friedlander - Video & Rewrite
• Upcoming events for this week

Virtual Meetup Recap: General Discussion

Challenges & Solutions

• A challenge with doing external content for awareness training is integrating it to fulfill HR requirements and integrating to the LMS. It’s time-prohibitive to upload content for the employees to get credit through the system.
• Additionally, adding to the company LMS adds security awareness to the noise of all the other required trainings the company may have and thus reduce the effectiveness of the content.?
• One solution is to utilize other channels to push content out to employees and have participation on a voluntary basis - employees want to be safe and many are willing to come to events / consume content that is relevant to them (for home and work).?
• Dennis Legori’s team pushes content out to their Teams channel of Enterprise Defenders and holds monthly webinars on topics around home and work security. They include the SOC team in the channel which opens up opportunities for two-way conversations between the security team and the employees.
• As employees become more comfortable with identifying, reporting and engaging with the SOC team, Dennis has seen them take the lead in correctly mitigating threats with their external vendors as well; they’ve become natural ambassadors to both inside and outside the organization. Hear more here.
• One of the biggest roadblocks to establishing a proper security awareness program is there is currently no forum to address the gap in communicating to businesses how crucial security awareness is to the bottom line and business continuity; in making businesses (CEOs and the board) care about it.?
• If you’re looking for a ‘plug-n-play’ template to use in presenting a short presentation, check out Wizer’s short slides here and edit as you need.

Industry Happenings in Security Awareness

• ?It was noted Equifax VP of Security Awareness (VP!?!) will be presenting at SANS this year to speak about their cybersecurity transformation and the $1.5B investment with a 5 year roadmap. Look for “The Equifax Journey: A Guide to Human Risk Management”- At the end of this presentation, you'll walk away with actionable insights on how to build a measurable human risk management program.

The Role of SA Managers - The Ideal and the Current Reality

• Discussion shifted to the importance of a Security Awareness Manager while it is largely still under-recognized. The ideal SA role would be one at the Senior level that is cross-departmental with an understanding of people, business, and security.
• Currently, the SA manager is thought of typically as ‘the person who pushes the message of ‘think before you cli’ but it’s more than that. It has to be positioned as a Senior Executive position that talks to management and has access to the board because that role is responsible for the people across the organization.

As a SA Manager, what is the goal we want to achieve?

• To have a culture where the moment something goes wrong, people know how to contact the SOC and how to respond to minimize risk. To do that we need to:
• Define a process
• Train people on what that process is
• Measure the process success
• In short it’s building trust and communication

Community Interviews: Finding Topics for your Security Awareness Program with Gabriel Friedlander.

How do you decide on topics for your security awareness program? Gabriel Friedlander had many insights in last week’s interview - some stemming from his creativity and natural ability to think like a marketer.

As with most projects, first you need to think with the end in mind. What do you want to generate??

Watch or read the writeup here.

Resources:

Security Awareness Training Presentation: 25 slides to cover all the basics plus a bit more. Downloadble PDF to use as plug-n-play presentation, or customize to your needs!

Resource Hub for Awareness Managers: Crowdsourced from our community of security awareness managers, we are compiling PDFs, podcasts, book and articles, learning opportunities, and more around Security Awareness

Security Awareness Training Basics: A Guide

Upcoming Events This Week!

Tuesday, June 28 14:00-18:00 - LIVE at CyberWeek Israel! We’ll be doing ‘man on the street’ interviews with attendees at the CyberWeek Israel. If you’re there please find us in the Startup Exhibits and say hi!

Wednesday, June 29 (12:00-1:00 PM Eastern) - Family Webinar for Online Safety! See how to do a family webinar for your employees by attending one! Wizer's Gabriel Friedlander will be doing an interactive webinar for parents and their kids on staying safer online together! Register with your family here: https://webinars.wizer-training.com/online-safety-for-kids-and-teens?

Thursday, June 30 at 11:00 Eastern - Weekly Virtual Meetup with the SAM Community. Weekly virtual meet and greet with other members from our Security Awareness Manager (SAM) community. Each week we'll have a topic for conversation for you to discuss with other fellow security awareness managers. Send Ayelet HaShachar Penrod - the SAM Community Manager - a DM about the SAM Calendar invite along with the email you'd like added or get on our mailing list here.

Until next week!