How to Test a Security Awareness Program - Matt Perry

Learn how to effectively test and improve your organization's security awareness program in this comprehensive talk from AIDE 2018. Explore various aspects of security testing, including external assessments, network vulnerabilities, and physical penetration testing. Discover the importance of creating a security-conscious culture, understanding legal implications, and implementing practical measures like visitor management and lock screen policies. Gain insights into common attack vectors such as phishing emails, ransomware, and social engineering tactics. Examine controversial topics in password policies and device management. Walk away with actionable strategies to strengthen your organization's overall security posture and better protect against evolving cyber threats.

Introduction
Start from the outside
Know yourself
Google
Social Media Use
First Amendment
How hard are you defined
How many entry points are there
How hard is your network
Statistics
Three kinds of liars
Create a better culture
Physical penetration testing
Surveillance footage
Physical penetration test
Story time
What would have stopped these attacks
Visitors Law
Locks
Security Camera
Lock Screen
USB Autorun
Mission
Example
Dont click stuff
Email warning signs
The ransomware attack
Autoopen macro
Snail mail
Double blind
Password policy
Bills password
Password controversy
Users devices
Outro