I got more games than Milton Bradley: Incentivize a positive change in your security culture

BSidesLV 2017

Presented by: Drew Rose
Date: Wednesday July 26, 2017
Time: 14:30 - 14:55
Location: Proving Ground

Security awareness training is one of the last defenses to dastardly effective social engineering threats. Yet traditional vendor purchased security awareness training is largely ignored by the workforce and can merely serve to ensure compliance without reducing the risk substantially. In fact a 2016 Ponemon Institute survey found that 52% of interviewed organizations found their vendor purchased security training product ‘somewhat or not effective’. Using American Campus Communities, the nation's largest developer, owner and manager of high-quality student housing communities, as a case study, this presentation will demonstrate to session attendees the difference between informational videos and a security awareness gamification program. Attendees will hear obstacles we faced, what worked and what didn't as we introduced a range of interactive games, contests, and rewards to motivate users to buy in to following security protocols.

Drew Rose

Drew has a Bachelors of Science in Cybersecurity with a CISSP and a passion for building security programs and reducing risk. He has worked with institutions in the government, private and public sector. His specialty lies in understanding human behaviors and how emotions impact everyday decisions and he uses this knowledge to help organizations craft security awareness programs with impact. Having spent 8 years in the military Drew is a patriot and loves exploring his new home in Austin, Texas.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats