Save the Date for ISSA's Security Education and Awareness SIG webinar.
They Didn't Do What You Trained Them To Do? What Went Wrong?
Speaker: D. Cragin Shelton, DSc, CISSP Lead INFOSEC Engineer / Scientist The MITRE Corporation
You taught them what to do, how to do it, and why to do it. You even threw in some jokes and an XKCD cartoon to entertain and keep them awake. They completed the class exercises easily and passed the final quiz with no trouble. Then they went back to their jobs, and forgot everything. Or did they?
People don't follow infosec rules - we already know that, all too well. Do we really not train them well enough, or often enough? Or don’t we reward or punish them enough? I asked them, "Why?" No one else actually had asked. The answers tell us that the quality of training may not be the problem. One lesson - consider the workers' situations; teach them the policies in ways they can and will follow while getting their jobs done.
This talk is for infosec techies who want to be infosec leaders, making a real impact on security in the workplace. It's also for the leader who wants to be more than a pointy-haired boss, to help her people and manage operations for success and security. Infosec awareness and training is not the infosec program, it is only part of that program. Further, it should not stand alone; it must be integrated into the complete infosec program.
Dr. D. Cragin Shelton, CISSP, a Senior Member of ISSA, has over 17 years of information security experience and over 35 years of information systems experience. Currently with the MITRE Corporation, a not-for-profit in the public interest, his infosec efforts have included PKI, system risk assessment, network perimeter defense, supply chain risk management, and insider threat mitigation. He holds a doctorate in cybersecurity, a masters in systems management, and a bachelors in chemistry. An experienced public speaker, Dr. Shelton has presented at national military leadership conferences; national technology conferences, including the National Information Systems Security Conference (NISSC) and the Systems & Software Technology Conference (SSTC); local professional societies such as ASQ; and local universities.
Please click here to register. After registering, you will receive a confirmation email containing information about joining the webinar.