Two camps exist on the importance of Security Awareness in an organization. One camp feels it is a complete waste of time, money and effort to reduce a risk that will never be fully mitigated. The other camp feels it is crucial to securing a corporate environment, even though it will never be 100% effective. Many security awareness training programs concentrate on past breach scenarios or promote security policies, because as GI Joe would say…Knowing is half the battle. But is this the best way of promoting awareness?
This presentation will shed some light on the viewpoint of an organization versus the individual and how they differ. Knowing this will help you as a practitioner throw out the expensive 3rd party “Awareness” consultants and focus on what needs to be done. Proposed changes will also be made on how different controls and education itself needs to be re-evaluated.
- Shedding some light on the viewpoint of an organization versus the individual and how they differ
- Help you throw out the expensive 3rd party “Awareness” consultants and focus on what needs to be done
- Proposed changes on how different controls and education need o be re-evaluated
About Aaron Wampach
Dr. Aaron Wampach has been active in the field of technology for over 25 years. In the last 18 years, he has focused primarily on the area of information assurance. He holds several industry certifications: CISSP, GSEC, GCIH, CRISC and CISM. In his spare time he is an active member of the local information assurance community: volunteering his time in the local ISSA chapter; is an ISSA International Fellow; a SANS mentor; and teaches various graduate level cybersecurity classes.
His previous experience includes working or consulting for numerous Fortune 500 organizations to small start-up organizations. He has experience in several business verticals ranging from government and transportation to medical device manufacturing and healthcare. He is currently a manager of security engineering and is a security architect for a HealthPartners and is also an adjunct associate professor at St Mary’s University.
About Perry Hemmingsen
Perry Hemmingsen has worked in information security for nine years. Before landing at Target, he has been employed in the energy industry, healthcare/insurance and global finance. With a background in information security, data encryption and software development, his main focus is in application security. In addition to technical savvy, Hemmingsen has heavy experience working with software developers and managers in creating and maintaining application security programs. Throughout his time in the industry, he has done everything from complex code reviews to designing corporate-wide policies and procedures for brand new AppSec programs.
