181
177 182
178 183
179 184
180 185
181 186
182 187
183 188
184 189
185 190
186 191
187 192
188 193
189 194
190 195
191 196
192 197
193 198
194 199
195 200
196 201
197 202
198 203
199 204
200 205
201 206
202 207
203 208
204 209
205 210
206 211
207 212
208 213
209 214
210 215
211 216
212 217
213 218
214 219
215 220
216 221
217 222
218 223
219 224
220 225
221 227
222 228
223 229
224 230
225 231
226 233
227 234
228 235
229 236
230 237
231 238
232 239
233 240
234 241
235 242
236 243
237 244
238 245
239 246
240 247
241 248
242 249
243 250
244 251
245 253
246 254
247 255
248 256
249 257
250 258
251 259
252 260
253 261
254 262
255 263
256 264
257 265
258 266
259 267
260 268
261 269
262 270
263 271
264 272
265 273
Introduction
Creating security awareness among users is much more difficult and complicated than just telling them, “Bad people will try to trick you. Don’t fall for their tricks.” Not only is that advice usually insufficient, but you also have to account for much more than just bad people tricking your users. People lose equipment. They frequently know what to do, but have competing priorities. They may just not care. Relying on the user knowing what to do is not a silver bullet that creates a true firewall. However, with the right plan and strategy, you can make a measurable difference in improving user behavior. This book puts you on the right path to creating effective security awareness programs that meaningfully reduce risk to your organization.
About This Book
I started my career in cybersecurity performing social engineering and penetration tests. I put together teams of former special forces officers and intelligence operatives, and we targeted companies as nation-states would. I focused on black bag operations, which often consist of clandestine activities such as lock picking or safecracking, and otherwise infiltrating protected facilities. I went undercover to infiltrate organizations and persuade users
