Does your security defense stop at the firewall, antivirus, logging, auditing, and the IDS? Regardless of the size or complexity of your perimeter security if your user clicks on a malicious link or opens an infected file it could still be ‘game over’ for your network. One of the strongest defenses is knowledge and empowerment. In this talk, I will show you how we were able to get our executives, IT team, and all of our users excited about security. I will show you examples of how we convinced everyone in our organization that they are a part of the security defense team. I will show you what worked and what didn’t work when we implemented this in our organization. I’ll talk about how these techniques that I used in an organization of 70 employees can work at organizations of all sizes. I will give you practical tools to sell the idea to your boss, sell the idea to your IT team, and sell the idea to your users which will help you create a powerful user defense against attackers.
I am the Vice President of Information Systems and the Security Officer for a medical billing company in Illinois. I have 11 years of experience doing Application & Web Development; Security Implementation, Consulting, & Training (Blue Team); Federal Regulation and Compliance oversight in relation to Information Technology (HIPAA, HITECH, PCI); and managing a team of developers and IT professionals.