Explore effective strategies for developing human-centric cybersecurity defenses in this BSides Nashville 2018 conference talk. Delve into topics such as phishing, ransomware, and social engineering, while learning how to create impactful security awareness training programs. Discover the importance of moving beyond compliance-driven approaches and setting meaningful goals for your organization's cybersecurity efforts. Gain insights on leveraging nudge theory, designing relevant awareness programs, and measuring their effectiveness. Learn how to cultivate a security-conscious culture without resorting to public shaming, and explore valuable resources for enhancing your organization's human firewall.
Overview
Syllabus
Intro
About Erich
Before Ransomware
Phishing
Ransomware
Social Engineering
Email Phishing
The Norm
Security Awareness Training
Compliance is not Security
Setting Goals
Magic Wand Experiment
Messaging
Metrics
Endpoint Protection
Three Truths
Design Products
Awareness Program
Awareness Training
Relevance
Explicit Goals
Stages of Confidence
Nudge Theory
Reporting
Agenda
Dont publicly shame the users
Does it work
Resources
