How to Build Security Awareness Programs That Don’t Suck

This is the script of my talk at BruCON 0x09. You can find the video here: https://www.youtube.com/watch?v=40tUy6TNXM8; the slides are here: https://files.brucon.org/2017/006_Vlad_Styran_Security_Awareness_v3.pdf. Introduction Hi everyone. Thanks for coming. Before we...

Leveraging the Strongest Factor in Security (Part II)

Since I’ve written the first part of this post in May, several related articles have appeared in different well-known online resources. The most notable of them, in my opinion, is this piece on Fortune that is trying to bridge infosec and business as many tried (and...

Leveraging the Strongest Factor in Security (Part I)

In January 2013, Gary McGraw has written an excellent piece on 13 secure design principles that summarize the high level ideas any security engineer or architect should be familiar with in order to be called so. Dr McGraw is of course that smart gentlemen from Cigital...