The Inner Circle

 View Only

  • 1.  Employee Centric Security Awareness & Training

    Posted Jul 27, 2021 03:00:00 PM
    Do you think companies actually care about educating their employees around Security Awareness or do think they do it to check off the compliance requirement?

    ------------------------------
    Alexander Oddo
    Sr. Account Executive
    Hoxhunt
    ------------------------------


  • 2.  RE: Employee Centric Security Awareness & Training

    Posted Jul 27, 2021 04:11:00 PM
    A representation of why I imagine some companies decide to initiate security awareness training


    ------------------------------
    Olivia Rempe
    ------------------------------

    Original Message


  • 3.  RE: Employee Centric Security Awareness & Training

    Posted Aug 05, 2021 01:40:00 PM
    Edited by Olivia Rempe Aug 05, 2021 01:40:47 PM
    This article from Forbes reminded me of this question. Especially this quote "The large army of the good guys is led by hapless, incompetent, unmotivated bureaucrats with meaningless certifications in this or that, consumed by building an audit trail showing that they've followed the ever-growing body of useless regulations so that when the nearly-inevitable security disaster happens, they can prove it wasn't their fault."

    https://www.forbes.com/sites/davidblack/2021/05/26/cyber-security-heres-why-the-bad-guys-are-winning/?sh=60f0e7c83061

    ------------------------------
    Olivia Rempe
    ------------------------------

    Original Message


  • 4.  RE: Employee Centric Security Awareness & Training

    Posted Aug 06, 2021 07:50:00 AM
    Let's be clear - without boxes to check they would be 100% focused on delivering value to customers.  But...I think they are genuinely interested in developing their workforce's skills for risk reduction and predictability - but then quickly become disengaged once they see what is out there for "security awareness".  Current content seems to be targeted to someone who has never used a computer before.

    CISO: You need security awareness training!
    CEO: great!
    CISO: go to this content full of cute videos or tropes and generic hand waving
    CEO: do you think I'm a 5 year old moron?
    KUBERNETES DEVOPS: iptables -A INPUT -s $cisoIpAddress -j DROP
    CISO: box checked!

    ------------------------------
    Robert Ficcaglia
    CTO
    SunStone Secure, LLC
    ------------------------------

    Original Message