Elevator Pitch
Cybersecurity Awareness training has become grossly ineffective. Organizations use automated solutions that fail to engage end users but allow them to check the box for compliance requirements.
Description
Have you ever watched someone do their cybersecurity awareness training? I have. The window is minimized to the farthest corner of the screen, the headphones are on, and normal job tasks are being performed during “training.” The quiz at the end of the training is retaken over and over till a passing score is reached.
The sales technique of “Training the human firewall” is a phrase that makes you think that the automated service you’re buying is suddenly going to engage every end user on every level. It’s not. As someone who has worked on incident response teams, I’ve seen firsthand how automated cybersecurity awareness training platforms are failing organizations left and right. Bill in Marketing clicked on a link and entered his credentials. Sally from Accounting opened a malicious audio file that installed a malicious agent that utilizes Live Off the Land Binaries (LOL Bins). Ad Infinitum!
Re-engaging users on their level and in person is how we make a difference. A user cannot ask a video questions, and they are asking questions. However, by the time they can ask, they’re on the phone with a SOC Analyst having their computer triaged for an incident.
Notes
I have such a diverse work history that I have interacted with users of every level. From manufacturing to behavioral health to transportation and logistics, I’ve been the voice of reason when it comes to dealing with technology and people. This isn’t just the C-Suite or finance department that is being targeted, it’s everyone with an email address or phone.