Skip to main content

[Webinar] Security Awareness - Where Have We Gone Wrong?

 What does it take for people to enjoy their online, digital experience without getting scammed?

Hosted by Wizer's Chris Roberts, featuring Joanna Udo, Gabriel Friedlander, Ryan Cloutier, & Christopher Sant.*

Security is daunting; Even I think so, and I work here. How do we get influencers to care, chefs, marketing professionals, anyone who isn't us? How can we make cybersecurity accessible and not daunting, because it affects everybody?

Let's hit on the big points (the giant headers, and the quotes from the panel follow. Quotes are slightly paraphrased. I'm working on the journalistic integrity to keep it short while not bastardizing the answer.)

Try to connect to the audience. Get them to understand how serious security is without making it big and scary.


FRIEDLANDER: It's really about how do we communicate it, we have to make it personal.

UDO: We talk about Target being hacked, people lost something, credit card information was stolen, but people don't really connect to that.

That's true. I care because 

A) I'm about security, and 

B) I'm an avid Target shopper. Still! 

If I still consider the risk worth it to continue shopping there and I know what's happening, the ordinary user probably stopped caring years ago.


Cyber education has not kept up with the tech.

Yep. When I was growing up, there was a lot of 'online stranger danger' warnings and education. Look at sitcoms in the 90s where kids talked on giant towers, reading CRT monitors in IRC chat rooms and ended up in someone's basement. It seems that, with the rapid advancement of technology, education has not kept up.

Someone in the chat asked:

[w]hy is C suite not serious about security awareness? and how best to convince employee to embrace security awareness?

 

SANT: I think it's a different engagement approach - Showing a gamified experience where you split the board in two, half get to be the attacker, half get to be the defender, you pick cool hacker names.

(He encourage explaining reconnaissance activities - Show C-Suite members how much information about themselves - and their families - are out there. It makes sense. My thoughts are you can certainly get people to care if you have information that can be used to threaten their families).

UDO: We made security a thing we check off - 'Compliance'.  Why is it not part of someone's performance review? Nobody ever goes 'Dang, you have really, really bad security hygiene.'  We need to tie it more into everyday stuff.

Be Nice(r)

SANT: Security professionals get phished all the time, we're all humans. Bringing it down a level and not calling people 'the weakest link' is a good approach.

FRIEDLANDER: Emotions drive us to make decisions and act. If we cool down, we sleep overnight, we come back to it, we can, analytically, review what is going on. We're not emotionally affected anymore.

I am learning this. Sometimes, in 2020, I'll get annoyed at my mother asking me if every single thing she's doing on her phone is okay, is it safe, and I need to have more patience. Especially as she has found some cool tools I didn't know about. 

The fact that this is a valued skill in IT gives me hope.

Make things easier for people to understand.

CLOUTIER: If I make the user jump through 100 steps to use my product safely, I've lost them at step 3.

FRIEDLANDER: We have to think 'Will people share this?', and this is crucial in the mindset of a security context.

Screenshots. Arrows. Red circles in MS Paint. Clear instructions help.

That is part of why I am interested in giving UX feedback and website auditing - "If this is hard for me to understand, what about people who aren't 'techy'?" 

When people would approach me at the cell phone booth, asking "How do I get my email in this app and not this one.", part of me did ask if they had bothered to try or interact with the device. 

This was in 2013; Touchscreens were not rare. There's only one way to interface with the device, but it was still seen as scary. "What if I broke something? better take it to someone else." - and that wasn't even regarding security (Sort of - What kind of email app is this? Is it the stock Android/iOS one or a random one?)


wizer-training.com is available for your user-education needs. This was not a paid post. You can watch the panel here, and read more notes at that link.


I actually know the first 3 people! I'm sure the other two are great.

Comments

Popular posts from this blog

The Updated "What I'm Looking For In A Role" Post (2020)

Thank you for wanting to help with my job search! Here are some parameters.


Ideal:
Part time remote, text based support [Example Description]. It's a little far fetched, but the positions do exist. I enjoy having the flexibility to take on temporary projects from time to time!
Also; If anything sounds weird, out there, or unusual - Feel free to e-mail me. Doesn't have to be tech related. I just have to find it interesting and flexible.


Looking For This Type of Work:
Simplified writing about tech. [Example Job Description] You want to pay me to write more of *waves hand* this blog? I am game.
IT SupportUX Auditing [See Here]eCommerce merchandising [See Here]Email Marketing Specialist [Example Job Description]  ProofreadingThe following is what I was trained in. Roles will be considered, and I am looking to pivot to the above. Still part-time, contract, and/or temporary
Azure
Cisco routing and switching technician

Volunteering:
Find me on Jumpstart and CareerVillage.

Location:
Remote is…

Azure Networking Options - Core Cloud Services

I have done a lot of AWS things on here. Time to give Azure some attention. After all, since employers don't think Cisco or COMPTIA certifications are important, maybe Microsoft ones are?

First, let's really think about why these are the two biggest cloud services providers in the world:

They've been doing internet things for a long time.Amazon launched in 1995, a virtual bookstore.
Microsoft, well, you know. 

They've lived, breathed, and frankly, created, infrastructure that we use today, that they're selling to us today. Of course the Store of Everything and the Company of Everything would encourage us to put everything in their hands.

Also: Azure has a lot less silly names for modules. Important. I appreciate straightforwardness.


I said 'a lot less', not '100% sensible names'

Microsoft has a clear set of Azure Fundamentals that anyone can interact with. Let's talk about networking basics, basically to say, again, "Hi, employers, I have an …

Grace Hopper Celebration 2019 (GHC19)

From Aicha Evans' speech at the Keynote.
September 6th - I receive an email from Anita B Organization, saying "We read your application, we like your website, and here's a free ticket to GHC 2019 in Orlando, Florida!"


After a few more questions, it seemed everything was on the up and up, and so I accepted - and that's what this post is about!

For those who don't know, Grace Hopper Celebration is the largest gathering of Women in Technology in the world.

On a personal note, This is the first trip I've taken without my parents. Sure, they've left me behind to go on vacations, but I've never left them. I was totally worried! But you know what happened?

I met a lot of cool people in Orlando, learned a lot of neat things, and had a blast just walking around airports for upwards of 8 hours.

New Delta Sky Club on Wikimedia I really, really love airports! And I survived.

I know in the past, I've wormed my way out of jobs despite being interested simpl…