I know that security awareness programmes are difficult to run, for a number of reasons. First, it can feel like herding cats to get people to adopt more secure behaviours (i.e. not clicking random links and attachments).
Second, the pressures from management, regulators, and auditors can make it feel like the failure of any one individual is your fault.
I have worked onsite with companies in the US, Canada, and the UK to implement and improve their security awareness programmes with teaching techniques I honed as an adult educator.
My approach is very different
My approach is very different from the norm because of my ability to draw from my wide range of work experiences, including: stage actor, singer, director, undertaker, tax preparer, and business owner.
I also designed and created what might be the world’s most advanced phishing engine: SelfPhish, which gives me insight into the particular problems organisations face when trying to teach secure behaviours.
Information Security is My Passion
But besides security awareness, I have a deep passion for information security, in general. I moderate Security StackExchange, the world’s premiere Q&A site for information security professionals. I hold the CISSP and CISM certifications, and was recognised as a “World Leading Exceptional Talent in the field of cyber security” by Tech City UK.
I’m an In-Demand Speaker
I have been invited to speak at a variety of security events and conferences about non-awareness topics for organisations such as ISACA, (ISC)2, The Business Continuity Institute, Fortinet, SANS, and presented with Rapid7 at RSAC 2016 in San Fransisco.