The fact that nation state actors and cyber criminals are targeting humans is not exactly breaking news to the Incident Response (IR) industry, and yet we have continually failed to cultivate the human element of security. Where have we gone wrong as an industry? In many cases, the IT department doesn’t see the security value in humans at all. If it does, security awareness takes the form of posters and mind numbing training. It’s no surprise then, that our efforts to improve behavior have failed. This presentation will discuss effective ways to train employees that will not only lower your organization’s risk profile, but also turn employees into intrusion detection sensors that save IR time and limit the damage caused by advanced threats.
- Understand the prevalence of phishing and current compromise techniques
- Why has security awareness been ineffective in changing behavior?
- Convert users into valuable assets aiding the incident response process
About Rohyt Belani

Rohyt has over a decade of experience in the information security industry with prior roles including – Co-founder & CEO of Intrepidus Group (acquired by NCC Group), Managing Director at Mandiant, Principal Consultant at Foundstone (acquired by McAfee), and Researcher at the Software Engineering Institute. He has served as an Adjunct Professor at Carnegie Mellon University and is a contributing author for Hack Notes – Network Security and Extrusion Detection: Security Monitoring for Internal Intrusions.
Rohyt is a regular speaker at various industry conferences including the RSA Conference, Black Hat, OWASP, Hack in the Box, InfoSec World, and several forums catering to the FBI, US Secret Service, and US Military. He is also often called upon to provide commentary and analysis on cybersecurity issues for national print and broadcast media including The Wall Street Journal, BBC World News, The Washington Post, The Harvard Business Review, and ABC News.