10 Reasons Your Security Education Program Sucks

Discover 10 reasons why security education programs often fall short in this BSides Cleveland 2015 conference talk. Learn how to improve your organization's security training by addressing common pitfalls such as wasted training efforts, lack of managerial support, and ineffective presentation techniques. Explore strategies to make security education more engaging, including speaking the language of your audience, avoiding academic creep, and conveying the "cool factor" of cybersecurity. Gain insights on creating relatable content, incorporating hands-on exercises, and turning employees into ethical hackers. Understand the importance of metrics, quality content, and effective delivery methods to enhance retention and attention. By the end of this talk, you'll be equipped with practical tips to transform your security education program and strengthen your organization's weakest points.

Intro
Were only as strong as our weakest point
Hands up
Wasted training
You dont care enough
Showing up
Managers dont care
Work up front
Speak the language
Academic creep
Inside info
Encryption
Crosssite request forgery
What is your goal
You are a terrible speaker
How to find speakers
Find Your Voice
Your Slides AreRidiculous
Walls of Text
Bullets
White Background
Big Words
Pictures
PowerPoint
Computer Based Training
Quality Content
Content isnt relatable yet
QA needs to know the exploit
Top 10 CVT training
Expect attention and retention
Get some metrics
You treat training too much like work
Jason Street
You dont convey the cool
Turn your people into hackers
Contact me