People / Phishing
The most efficient phishing attacks are precisely crafted messages that use our known psychological attributes against us, stimulating us to act against our own training and better judgment. Security Awareness writer Keil Hubert describes a mysterious email message that could... Read more
People / Process
Oh no! The users have learned about a terrible new cyber threat and want immediate guidance! What do you do? There are several options; the most challenging option requires to you to engage your users according to their varying levels... Read more
Privacy / Process
There’s no such thing as “perfect security” just like there’s no such thing as a “real” unicorn. Most people have come to accept these truths as they’ve matured. Some haven’t for whatever reason. As security professionals, we have a duty... Read more
Information Security / Process
Security training isn’t a one-to-one analogue for technical skills instruction, especially when you’re training non-technical people. Security trainers need to adjust their course designs and teaching method to account for the probability that some students don’t share a common reference... Read more
Culture / People
April Fools’ surprises can be a delight, making this the one day each year that security professionals don’t mind getting exposed to shocking content. The rest of the year, the sort of awfulness that arises in monitoring and investigations can... Read more
Information Security / People
Security is the art and science of protecting people. Sometimes, the “personnel security” subdiscipline involves defending people against environmental threats like irritating repetitive noise … from a public television. I’d like to share a personal opinion on workplace happiness: if... Read more
Culture / People
The most difficult security rules to obey are the ones that don’t seem to make a meaningful difference. When teaching people security skills, use humorous stories to help them remember why those skills are necessary and why disciplined, consistent application... Read more
People / Process
Well-written and well-understood rules help everyone in an organisation succeed and minimize unproductive conflict. Why, then, are so many security professionals reluctant to openly discuss what their rules are? Especially with brand-new hires? Rules are important. Regulators, auditors, and lawyers... Read more
People / Process
Good security depends on people responding properly to a wide range of cyber threats. To train people effectively, you first need some nuanced understanding about how and why people react strangely – or don’t react – to sudden treats. For... Read more
Culture / Process
Every organisational culture has unwritten rules for How Things Are Done. Leaders and trainers need to understand their own culture so that they can help new hires upgrade the ingrained habits and understandings that they’ve unconsciously carried forward from previous... Read more
Join our community of cyber professionals today!