Welcome to another installment of the Cybersecurity Growth show, a blog, webcast, and podcast for aspiring and existing cybersecurity leaders. In this episode, Shawn and Garrett continue the discussion on Security Awareness Training.
For part 2 of our Security Awareness Training deep dive, we focused on three core areas:
1. Phishing Simulations
- Dos and Don’ts:
- Avoid tactics that alienate your users (like cruel or overly tricky simulations).
- Focus on educating rather than humiliating.
- Key Question: Do you really need expensive phishing simulation software? We explored budget-friendly alternatives and ways to roll out impactful training without breaking the bank.
2. Social Engineering
- Training Against SE Tactics: Teaching teams how to spot social engineering attempts is crucial.
- Real-world scenarios: We discussed SE’s role in major breaches and how to build robust resistance.
- Competitions: Social engineering competitions—what we can learn from red team exercises and events like DEF CON’s SE Village.
3. OPSEC (Operational Security)
- What is OPSEC?: Operational security isn’t just for military teams—it’s critical for everyday business.
- OSINT Training: We discussed ways to teach employees to avoid oversharing on LinkedIn (e.g., new hire photos, conference badge selfies) or posting vacation details that could expose them to physical and digital risks.
- The Donut Game: We highlighted creative ways to gamify security awareness and make OPSEC training stick.
For more insights on this topic, check out episode #22 of Cybersecurity Growth on YouTube:
or listen to the podcast:
Tune in live every other week by following the account at Twitch.tv/CybersecurityGrowth
Subscribe in your favorite podcatcher: https://feeds.captivate.fm/cybersecurity-growth