Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-015-Dr._Hend_Ezzeddine_and_finding_security_training_that_works.mp3
iTunes Link: https://itunes.apple.com/us/podcast/2016-015-dr.-hend-ezzeddine/id799131292?i=366936677&mt=2
Dr. Ezzeddine's slides from Bsides Austin (referenced during the interview): https://drive.google.com/file/d/0B-qfQ-gWynwiQnBXMnJVeko4M25pdk1Sa0JnMGJrZmltWlRr/view?usp=sharing
You open the flash animation, click click click, answer 10 security questions that your 5 year old could answer, get your certificate of completion... congratulations, you checked the compliance box...
But what did you learn in that training? If you can't remember the next day, maybe it's because the training failed to resonate with you?
Have you ever heard red team #pentester say that the weakest link in any business is not the applications, or the hardware, but the people? If they can't find a vulnerability, the last vulnerability is the people. One email with a poisoned .docx, and you have a shell into a system...
Targeted trainings, and the use of certain styles of #training (presentations, in-person, hand puppets, etc) can be more effective for certain groups. Also, certain groups should have training based on the threat they might be susceptible to...
Dr. Hend #Ezzeddine came by this week to discuss how she helps #organizations get people to understand security topics and concepts, to create a positive security culture. Maybe even a culture that will not click on that attachment...