Managing Human Vulnerability with Reg Harnish | Phin Security | Phishing Training & Simulation

TL;DR

Explore the current state of security awareness programs, their shortcomings in managing human vulnerability, and potential solutions.

Transcript

so let me introduce start by introducing both of these fine people reg harness if you don't know him is a serial entrepreneur he is the founder and former cto of autotask he is a board member and advisor nationally recognized speaker and the founder of grey castle security and also the ceo of orbital fire that was a mouthful you've been doing a lot... Read More

Key Insights

• 👥 Reg Harness is a serial entrepreneur and cybersecurity expert, while Wes Spencer is nationally recognized and well-known in the cybersecurity field.
• 🔒 Building better relationships through security awareness programs can be challenging, as conversations with clients often become confrontational.
• 💡 The current state of security awareness programs is in its second generation, with a focus on connecting awareness training to psychology and cognitive bias.
• 📊 Tools for security awareness programs are evolving to automate processes, eliminate waste, and measure outcomes based on human behaviors.
• 💪 There has been progress in security awareness, but there is still a lot of work to be done, as seen in compliance and phishing testing fail rates.
• 🎯 The commitment and intent are present in the industry, but more effort is needed to improve security awareness programs.
• ⛓️ Managing human vulnerability is a crucial aspect of security awareness programs.
• 💬 The key challenge is finding effective ways to address human behavior and decision-making in relation to cybersecurity.

Questions & Answers

Q: What is the current state of security awareness programs?

The current state of security awareness programs can be considered as the second generation, where there is a focus on content, psychology, and human decision-making. However, there is still work to be done in automating processes, measuring outcomes, and addressing compliance and phishing testing failure rates.

Q: In what ways do security awareness programs fall short in managing human vulnerability?

Security awareness programs often fall short in managing human vulnerability by lacking automation, effective measurement of outcomes, and addressing compliance and phishing testing failure rates. This results in confrontational conversations and an inability to effectively address human weaknesses in cybersecurity.

Q: What progress has been made in security awareness programs?

Security awareness programs have made progress in terms of focusing on content, psychology, and human decision-making. However, there is still work to be done in terms of automation, outcome measurement, and addressing compliance and phishing testing failure rates.

Q: How can security awareness programs improve in the future?

Security awareness programs can improve in the future by further automating processes, implementing effective outcome measurement strategies, and addressing compliance and phishing testing failure rates. These improvements will help manage human vulnerability and build better relationships between clients and security providers.

Summary & Key Takeaways

• Security awareness programs have evolved from a primitive stage to a second generation focused on content, psychology, and human decision-making.

• While progress has been made, there is still a need to automate processes, measure outcomes, and address compliance and phishing testing failure rates.

• The conversation aims to discuss where security awareness programs fall short in managing human vulnerability and provide potential solutions.