Part 1 of a 4-part series on building and maintaining a security awareness program, in support of Cybersecurity Awareness Month. #BeCyberSmart
I’ve been with Cofense for two and a half years now interacting with several groups internally, but there are plenty of moments when I still get to chat with Awareness professionals. It’s in these moments that I realize there’s still some passion for helping others with their programs. I wrote this series early in my first few months of joining the organization and find these are still the recommendations I provide to others building or maturing their programs.
In 2011, I began my journey into security awareness. At that time, there were limited resources and most programs were still compliance focused. Even though I had previously spent five years in IT compliance, I knew this wasn’t the right approach to get users to learn or care about security. I kept telling the director who owned the role, “Compliance focus is wrong –you have to market to the users.”
Seven years later, I have a few tips to share about creating a security awareness program. The first tip might sound obvious, but how many times have you seen it ignored? Make sure you have a strategy. And while you’re strategizing, remember to set some goals.