It’s Not Your Perimeter, It’s You That Sucks!

Presented at DerbyCon 2.0 Reunion (2012), Sept. 29, 2012, 11 a.m. (50 minutes)

At the Inaugural Derbycon, Boris Sverdlik struck a nerve with participants by claiming that ‘users’ need to ‘stop clicking shit’. That is well and dandy for catchphrases and pillow talk, but the ‘user’ continues to be a scapegoat for our own inabilities to educate and execute. The information security programs we are so heavily invested in are failing when it comes to security awareness training and addressing the needs of the people chartered with protecting your company’s assets. In response to the challenge issued during the presentation, a handful of brave, attractive, and sometimes intelligent people launched the Security Awareness Training Framework (SATF) with the explicit goal of establishing a free and open source living, industry-wide framework to provide practitioners the crucial components necessary to address security awareness at the proper context for the ‘user’, whomever the ‘user’ is. In this presentation, we will provide an update as to how the project has progressed after one year, where it is going, and provide information on how to get involved with this project.

Presenters:

• Boris Sverdlik
  Boris Sverdlik is a Senior Partner at Jaded Security Consulting. He is a Solutions-oriented Information security consultant with a proven record of directing a range of security initiatives; adhering to best practices and regulatory requirements. He have been at the forefront of information security spanning more than a decade. Boris has been on both sides of the fence, protecting assets as head of security within the financials as well as performing penetration tests as an external entity. The value I believe I bring to the table is that breadth of experience.He does defense during the day and offense at night. And he says he loves absolutely every minute of it. Boris is also a co-host of the ISDPodcast.
• Matt Jezorek
  Matt Jezorek is a security student who does not actually do anything. He thought about getting paper certified but decided that money was better spent on alcohol.
• K.C. Yerrid
  K.C. Yerrid is an independent consultant with a wide range of experience in information security, organizational behavior, and psychology. With his undergraduate degree in Computer Science, he can bang out a mean Turbo Pascal or COBOL program. With his Master’s Degree in Information Security Management (MISM) he can tell you what is wrong with an organization’s security department. With his Master’s Degree in Business Administration (MBA), he can forecast and explain how you don’t have enough money allocated to your security departments initiatives. Finally, upon his completion of his Doctorate in Organizational Management within Information Technology, he will be able to tell you why your staff is leaving for greener pastures or how to make them work smarter. K.C. has deferred his student loans nearly as far as he can by remaining an active student in studying the hands-off aspects of information security, yet is just curious and resourceful enough to remain semi-relevant amongst techies that are much smarter than he is.

Similar Presentations:

• Black Hat USA 2016 / Exploiting Curiosity and Context: How to Make People Click on a Dangerous Link Despite Their Security Awareness
• Black Hat USA 2018 / Exposing the Bait: A Qualitative Look at the Impact of Autonomous Peer Communication to Enhance Organizational Phishing Detection
• Wild West Hackin' Fest 2019 / Campfire Stories - 15 minutes each