A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Security Training: Making Your Weakest Link The Strongest - Aaron Hnatiw (Circle City Con 2017 Videos) (Hacking Illustrated Series InfoSec Tutorial Videos)

Security Training: Making Your Weakest Link The Strongest
Aaron Hnatiw

insp3ctre
Circle City Con 2017

It is a common joke amongst security professionals that the weakest link in any organizations security is the employees- the so-called "human element". The unfortunate part about this joke is that it's entirely accurate. The common approach to solving this problem is a combination of training and client-side security controls. Our security controls are often the first thing that we implement, but how often do we actually train our employees on security? The answer is- not often enough (if at all). This talk will cover how you can introduce security training into your organization, and once there, how to make it better. It will cover the common training methods currently available, how you can keep training engaging and fun, how often you should perform security training, and how to ensure that your employees have actually internalized the training material. After that, we will circle back to some specific examples from the speaker's professional experience that show where a properly trained employee could have halted an attack in its tracks. Yes, while it is often said that humans are the weakest link in any organization's security, with training they can become the strongest.

Aaron Hnatiw is a Senior Security Researcher for Security Compass, an information security advisory firm specializing in application security. He is a former professor of Application Security at Georgian College, as well as the founder of Inspectral Security, a security consulting company that provided customized red team and vulnerability assessment services to medium-sized businesses across a wide range of industries. Aaron??¦s background has covered most areas of information technology- he has worked as a security consultant, system administrator, web and desktop application developer, and network security engineer. His current role involves researching information security issues across industries, and developing innovative solutions to these problems. In his free time, Aaron writes open-source security tools, and participates in the occasional hacking CTF from his home in Ontario, Canada.

Back to Circle City Con 2017 Videos list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast