author photo
By Bruce Sussman
Wed | May 16, 2018 | 1:15 PM PDT

Sometimes you attend a webcast and you're sorry when it's over because the presenters really make you think.

That was the case in our May 16th web conference, "Securing the Human Layer," which came with a number of fresh perspectives on security awareness. Here are some key highlights.

[On-demand: Watch "Securing the Human Layer" and earn CPE credits]

Key takeaway #1: Think about users differently

Alexandra Panaretos, Practice Lead for Security Awareness and Training at Ernst & Young, feels strongly that InfoSec professionals should stop referring to users as "the weakest link," and instead, flip the script and make them champions of security. Why? Because there are more of them with more collective intelligence that can help the IT security team.
“When we see mistakes, it’s a teachable moment," she says, "It's not an opportunity to scold them. Because really, we still need them."

Key takeaway #2: Sell your users on security as a service that your team provides

Julie Rinehart is an Information Security Advisor in the healthcare industry, and she's seen firsthand what happens if you don't tell employees you are looking out for them as if you are in cybersecurity public relations.

"I’ve been in situations where people are not even aware they have a security awareness team," she says. “Sell security as a service within your organization by highlighting the benefits of them and the risks we’re protecting against.”

And she also shared this simple but powerful concept on security awareness:

How many times have we said things like this around the IoT? Now, apply it to humans: "Awareness should be baked in, not bolted on."

Key takeaway #3: Focus on creating secure behaviors

Perry Carpenter, Chief Evangelist and Strategy Officer at KnowBe4, says security awareness programs must guide end-users toward secure behaviors. What happens when technology fails or attackers go around the hardening you've done? We've seen the results.

“Humans are the thing attackers will turn to when the technology is too difficult to overcome or when we’re trying to speed access into a system.”

He believes we're finally emerging from an almost myopic focus on cybersecurity technology that has left organizations more vulnerable than they should be to the human factor.


He sums it up this way: "Technology is important but flawed... humans are flawed but important." Working together, they create a strong fabric of security for your organization. So start focusing more on security awareness.

These are just the highlights of the web conference; it is loaded with actionable items to improve your security awareness program and ultimately your success at defending your organization.

Watch "Securing the Human Layer" on-demand or pass it along to a member of your team. And thanks to our web conference presenters who did such a fantastic job.