SlideShare a Scribd company logo

Michael Woolard - Gamify Awareness Training: Failure to engage is failure to secure

Download as PPTX, PDF
C
centralohioissa

This document discusses security awareness training conducted by Michael Woolard. It provides links to security talks and presentations he has given. It then describes the organization he works for and security awareness events he held including Derbycon, Louisville InfoSec, and Bsides Las Vegas presentations. It outlines a Hack.Jam event for his company that included OWASP training, games, and a capture the flag competition. Feedback from the event was very positive with participants wanting to participate again next year. It concludes by mentioning the use of Kahoot for future security awareness training.

Technology
1 of 50
OEConnection LLC, Company Confidential. Not for disclosure. MICHAEL WOOLAR http://wooly6bear.wordpress.com Michael.Woolard@outlook.com @WOOLY6BEAR
 @tottenkoph / @ben0xa – Derbycon  2012: http://www.irongeek.com/i.php?page=videos/derbycon2/2-2-7-benjamin- mauch-creating-a-powerful-user-defense-against-attackers  2015: http://www.irongeek.com/i.php?page=videos/derbycon5/teach-me02- pavlovian-security-how-to-change-the-way-your-users-respond-when-the-bell-rings- ben-ten-magen-wu  Brandon Baker – 2015 Louisville InfoSec  http://www.irongeek.com/i.php?page=videos/louisvilleinfosec2015/10-using- gamification-in-security-awareness-training-brandon-baker  Katrina Rodzon – 2015 BSides Las Vegas  http://www.irongeek.com/i.php?page=videos/bsideslasvegas2015/cg03-how-portal- can-change-your-security-forever-katrina-rodzon  Kris French – 2015 CONverge  http://www.irongeek.com/i.php?page=videos/converge2015/track212-10-reasons- your-security-education-program-sucks-kris-french-jr
4
OEConnection LLC, Company Confidential. Not for disclosure. 5
 Org: ~335 employees  275 in Richfield  Technology: ~155  117 in Richfield  30 in Columbus  8 in Poland
…enterprise app developers admit security is not a core priority. …developers are not incentivized to make security a priority 53 percent of developers said they have used shortcuts or put temporary solutions in place in order to get their app out November 10, 2015 http://www.scmagazine.com/report-half-of-developers-rush-apps-to-market-consumers-trust-security/article/452844/
The Role of Security in Application Development 0 5% 10% 15% 20% 25% 30% 35% 40% 45% What security? After Production Deploy At Developers Discretion https://www.sans.org/reading-room/whitepapers/analyst/survey-application-security-programs-practices-35150 https://www.sans.org/reading-room/whitepapers/analyst/2015-state-application-security-closing-gap-35942
“Think Like a Hacker” 9 The Human Element
> KNOWLEDGE= HACKING hack·er /ˈhakər/ • INNOVATORS • CHALLENGE AND CHANGE JUST LOGIC APPLIED Optimize the Mind
Problem Solvers hack·er /ˈhakər/
NIKOLA TESLAADA LOVELACESTEVE WOZNIAK
Gene Kranz – Apollo 13Ed Harris
The Lecture is Dead as a Teaching Tool - Bill Gardner / Valarie Thomas Building an Information Security Awareness Program
Sept 9, 2015 – OWASP CLE “ Tools and Procedures for Securing .NET Applications ”  We Build .NET Web Applications  OWASP Protects Web Applications
“That sounds great!” “Thanks Mike, I will let you know who will be there” AUGUST SEPTEMBER 9th, 2015 ONE person from my company attended – Me. “Perfectly falls in line with the other training you have been working on with the teams”
So Why Gaming?
Hack.Jam v1Events / Games / Training - all month • OWASP Top 10 Demo/Training • OWASP Proactive Controls • Screensaver Game • Crypto Puzzles • Lockpicking at Lunch • (WIFI – Stolen Passwords) Grand event held October 28th  Main Event: Broken Web App CTF  Locksport Tournament  Mini Games (USB, Crypto)  Social Engineering discussion  Screensaver results  Prizes / Candy / Popcorn!!
25
Mini Games
Winner : $10 Starbucks x3
y ensi DtlaW- nwonk reve evah Ina mowyn a naht erom esuoM yekci MevolI Hint: kcuDdl anoD => Donald Duck Winner : $10 Starbucks Answer: I love Mickey Mouse more than any woman I have ever known. -Walt Disney
DEFAULT USERNAME / PASSWORD field training – security misconfiguration Winner : $10 Starbucks
Winner : $10 Starbucks x3
The Games
Screensaver Game Winner: $25 Amazon GC 2nd Place: $10 Subway / $10 Regal Cinema • 312 submissions from 56 people • 97 Individuals were caught o 80 people were nabbed between 1 -5 times o 15 people were nabbed between 6 – 12 times o 2 people were nabbed 19 times • 10 Managers were caught 29 times • 3 Directors were caught 4 times
0 10 20 30 40 50 60 57 45 24 26 30 19 9 9 10 6 3 4 10 2 10 18 15 5 9 - Double the prizes - Bumped $$
“So, Amanda and Jeremy just walked behind me into the executive kitchen and all of a sudden Jeremy yelled ‘on no’ and literally raced by me and disappeared! Amanda and I thought something bad had happened … turned out he left his monitor on and raced back to turn it off per your instructions! When I questioned him he said he may be taking it to extremes and I said I thought that he was!! I told him you would be proud of him! You’ve created a monster – he said he loves games!”
LOCKSPORT
LockSport 2015 HACK.JAM LOCKSPORT COMPETITION Zdenko Zdenko 19.74 Prakash Dinardo Dianrdo Dinardo 24.43 Pascher Z George Z Luu 26.83 Luu Z Bowser Bowser Bowser 19.00 Ward (B.O.Y.) Bowser Koch Luu DQ -- 0:00 Somanna WINNER: Z 2nd Place: Bowser Winner: $25 Amazon GC 2nd Place: $10 Subway / $10 Regal
HACK.JAM CTF
OWASPhttp://www.owasp.org
OEConnection LLC, Company Confidential. Not for disclosure. OWASP iGoat Project OWASP Bricks OWASP Bywaf Project OWASP Mutillidae 2 Project OWASP SeraphimDroid Project OWASP WebSpa Project OWASP NINJA PingU Project OWASP Encoder Comparison Reference Project OWASP sqliX Project OWASP Secure TDD Project OWASP XSecurity Project OWASP Pyttacker Project OWASP HTTP POST Tool OWASP iOSForensic OWASP SonarQube Project OWASP Rainbow Maker Project OWASP JSEC CVE Details OWASP WebGoat.NET WebGoatPHP OWASP ASIDE Project OWASP ZSC Tool Project
• OWASP ZAP / (FoxyProxy) • OWASP Security Shepherd • bWAPP • OWASP WebGoat
Survey Monkey  75% stayed the entire time  85% said they are interested in playing in a game next year after they didn’t this year  100% Do It Again!  “definitely more engaging to learn about security through these events than through lectures. 10/10 would sign up again.”
WIN 48
2016 49 https://getkahoot.com https://kahoot.it
OEConnection LLC, Company Confidential. Not for disclosure. MICHAEL WOOLAR http://wooly6bear.wordpress.com Michael.Woolard@outlook.com @WOOLY6BEAR

Recommended

Top 20 Free High DA Video Submission Sites list 2018
Top 20 Free High DA Video Submission Sites list 2018 Top 20 Free High DA Video Submission Sites list 2018
Top 20 Free High DA Video Submission Sites list 2018 Digital Marketing Profs Blog
 
The Funny Thing About Information Security
The Funny Thing About Information SecurityThe Funny Thing About Information Security
The Funny Thing About Information SecuritySecurity BSides London
 
Engage! Creating a Meaningful Security Awareness Program
Engage! Creating a Meaningful Security Awareness ProgramEngage! Creating a Meaningful Security Awareness Program
Engage! Creating a Meaningful Security Awareness ProgramBen Woelk, CISSP, CPTC
 
Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...
Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...
Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...centralohioissa
 
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the BattlefieldPhil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefieldcentralohioissa
 
Chris Haley - Understanding Attackers' Use of Covert Communications
Chris Haley - Understanding Attackers' Use of Covert CommunicationsChris Haley - Understanding Attackers' Use of Covert Communications
Chris Haley - Understanding Attackers' Use of Covert Communicationscentralohioissa
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!centralohioissa
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloudcentralohioissa
 

Recommended

Top 20 Free High DA Video Submission Sites list 2018
Top 20 Free High DA Video Submission Sites list 2018 Top 20 Free High DA Video Submission Sites list 2018
Top 20 Free High DA Video Submission Sites list 2018 Digital Marketing Profs Blog
 
The Funny Thing About Information Security
The Funny Thing About Information SecurityThe Funny Thing About Information Security
The Funny Thing About Information SecuritySecurity BSides London
 
Engage! Creating a Meaningful Security Awareness Program
Engage! Creating a Meaningful Security Awareness ProgramEngage! Creating a Meaningful Security Awareness Program
Engage! Creating a Meaningful Security Awareness ProgramBen Woelk, CISSP, CPTC
 
Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...
Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...
Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...centralohioissa
 
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the BattlefieldPhil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefieldcentralohioissa
 
Chris Haley - Understanding Attackers' Use of Covert Communications
Chris Haley - Understanding Attackers' Use of Covert CommunicationsChris Haley - Understanding Attackers' Use of Covert Communications
Chris Haley - Understanding Attackers' Use of Covert Communicationscentralohioissa
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!centralohioissa
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloudcentralohioissa
 
Jason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 PredictionsJason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 Predictionscentralohioissa
 
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's EnterpriseJustin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprisecentralohioissa
 
Deral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail LaterDeral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail Latercentralohioissa
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directorscentralohioissa
 
Harry Regan - It's Never So Bad That It Can't Get Worse
Harry Regan - It's Never So Bad That It Can't Get WorseHarry Regan - It's Never So Bad That It Can't Get Worse
Harry Regan - It's Never So Bad That It Can't Get Worsecentralohioissa
 
Aaron Bedra - Effective Software Security Teams
Aaron Bedra - Effective Software Security TeamsAaron Bedra - Effective Software Security Teams
Aaron Bedra - Effective Software Security Teamscentralohioissa
 
Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing...
Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing...Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing...
Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing...centralohioissa
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
 
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...centralohioissa
 
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No ShoesCarolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoescentralohioissa
 
Jim Libersky: Cyber Security - Super Bowl 50
Jim Libersky: Cyber Security - Super Bowl 50Jim Libersky: Cyber Security - Super Bowl 50
Jim Libersky: Cyber Security - Super Bowl 50centralohioissa
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!centralohioissa
 
Please, Please, PLEASE Defend Your Mobile Apps!
Please, Please, PLEASE Defend Your Mobile Apps!Please, Please, PLEASE Defend Your Mobile Apps!
Please, Please, PLEASE Defend Your Mobile Apps!Jerod Brennen
 
Bill Lisse - Communicating Security Across the C-Suite
Bill Lisse - Communicating Security Across the C-SuiteBill Lisse - Communicating Security Across the C-Suite
Bill Lisse - Communicating Security Across the C-Suitecentralohioissa
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016centralohioissa
 
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...centralohioissa
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecuritycentralohioissa
 
Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?centralohioissa
 
Gavin Hill - Lessons From the Human Immune System
Gavin Hill - Lessons From the Human Immune SystemGavin Hill - Lessons From the Human Immune System
Gavin Hill - Lessons From the Human Immune Systemcentralohioissa
 
4Developers 2015: Your role in the next release of "World" project! - Milen D...
4Developers 2015: Your role in the next release of "World" project! - Milen D...4Developers 2015: Your role in the next release of "World" project! - Milen D...
4Developers 2015: Your role in the next release of "World" project! - Milen D...PROIDEA
 
Moved to https://slidr.io/azzazzel/your-role-in-the-next-release-of-world-pro...
Moved to https://slidr.io/azzazzel/your-role-in-the-next-release-of-world-pro...Moved to https://slidr.io/azzazzel/your-role-in-the-next-release-of-world-pro...
Moved to https://slidr.io/azzazzel/your-role-in-the-next-release-of-world-pro...Milen Dyankov
 
Protecting Yourself from Cyber Threats
Protecting Yourself from Cyber ThreatsProtecting Yourself from Cyber Threats
Protecting Yourself from Cyber ThreatsRay Brannon
 

More Related Content

Viewers also liked

Jason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 PredictionsJason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 Predictionscentralohioissa
 
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's EnterpriseJustin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprisecentralohioissa
 
Deral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail LaterDeral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail Latercentralohioissa
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directorscentralohioissa
 
Harry Regan - It's Never So Bad That It Can't Get Worse
Harry Regan - It's Never So Bad That It Can't Get WorseHarry Regan - It's Never So Bad That It Can't Get Worse
Harry Regan - It's Never So Bad That It Can't Get Worsecentralohioissa
 
Aaron Bedra - Effective Software Security Teams
Aaron Bedra - Effective Software Security TeamsAaron Bedra - Effective Software Security Teams
Aaron Bedra - Effective Software Security Teamscentralohioissa
 
Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing...
Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing...Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing...
Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing...centralohioissa
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
 
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...centralohioissa
 
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No ShoesCarolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoescentralohioissa
 
Jim Libersky: Cyber Security - Super Bowl 50
Jim Libersky: Cyber Security - Super Bowl 50Jim Libersky: Cyber Security - Super Bowl 50
Jim Libersky: Cyber Security - Super Bowl 50centralohioissa
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!centralohioissa
 
Please, Please, PLEASE Defend Your Mobile Apps!
Please, Please, PLEASE Defend Your Mobile Apps!Please, Please, PLEASE Defend Your Mobile Apps!
Please, Please, PLEASE Defend Your Mobile Apps!Jerod Brennen
 
Bill Lisse - Communicating Security Across the C-Suite
Bill Lisse - Communicating Security Across the C-SuiteBill Lisse - Communicating Security Across the C-Suite
Bill Lisse - Communicating Security Across the C-Suitecentralohioissa
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016centralohioissa
 
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...centralohioissa
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecuritycentralohioissa
 
Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?centralohioissa
 
Gavin Hill - Lessons From the Human Immune System
Gavin Hill - Lessons From the Human Immune SystemGavin Hill - Lessons From the Human Immune System
Gavin Hill - Lessons From the Human Immune Systemcentralohioissa
 

Viewers also liked (19)

Jason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 PredictionsJason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 Predictions
 
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's EnterpriseJustin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
 
Deral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail LaterDeral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail Later
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directors
 
Harry Regan - It's Never So Bad That It Can't Get Worse
Harry Regan - It's Never So Bad That It Can't Get WorseHarry Regan - It's Never So Bad That It Can't Get Worse
Harry Regan - It's Never So Bad That It Can't Get Worse
 
Aaron Bedra - Effective Software Security Teams
Aaron Bedra - Effective Software Security TeamsAaron Bedra - Effective Software Security Teams
Aaron Bedra - Effective Software Security Teams
 
Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing...
Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing...Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing...
Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing...
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
 
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
 
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No ShoesCarolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
 
Jim Libersky: Cyber Security - Super Bowl 50
Jim Libersky: Cyber Security - Super Bowl 50Jim Libersky: Cyber Security - Super Bowl 50
Jim Libersky: Cyber Security - Super Bowl 50
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!
 
Please, Please, PLEASE Defend Your Mobile Apps!
Please, Please, PLEASE Defend Your Mobile Apps!Please, Please, PLEASE Defend Your Mobile Apps!
Please, Please, PLEASE Defend Your Mobile Apps!
 
Bill Lisse - Communicating Security Across the C-Suite
Bill Lisse - Communicating Security Across the C-SuiteBill Lisse - Communicating Security Across the C-Suite
Bill Lisse - Communicating Security Across the C-Suite
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
 
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
 
Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?
 
Gavin Hill - Lessons From the Human Immune System
Gavin Hill - Lessons From the Human Immune SystemGavin Hill - Lessons From the Human Immune System
Gavin Hill - Lessons From the Human Immune System
 

Similar to Michael Woolard - Gamify Awareness Training: Failure to engage is failure to secure

4Developers 2015: Your role in the next release of "World" project! - Milen D...
4Developers 2015: Your role in the next release of "World" project! - Milen D...4Developers 2015: Your role in the next release of "World" project! - Milen D...
4Developers 2015: Your role in the next release of "World" project! - Milen D...PROIDEA
 
Moved to https://slidr.io/azzazzel/your-role-in-the-next-release-of-world-pro...
Moved to https://slidr.io/azzazzel/your-role-in-the-next-release-of-world-pro...Moved to https://slidr.io/azzazzel/your-role-in-the-next-release-of-world-pro...
Moved to https://slidr.io/azzazzel/your-role-in-the-next-release-of-world-pro...Milen Dyankov
 
Protecting Yourself from Cyber Threats
Protecting Yourself from Cyber ThreatsProtecting Yourself from Cyber Threats
Protecting Yourself from Cyber ThreatsRay Brannon
 
Top kids' gaming IPs
Top kids' gaming IPsTop kids' gaming IPs
Top kids' gaming IPsDubit
 
Iasi code camp 20 april 2013 playing buggy-bogdan-alecu
Iasi code camp 20 april 2013 playing buggy-bogdan-alecuIasi code camp 20 april 2013 playing buggy-bogdan-alecu
Iasi code camp 20 april 2013 playing buggy-bogdan-alecuCodecamp Romania
 
ConceitosInterativos_01
ConceitosInterativos_01 ConceitosInterativos_01
ConceitosInterativos_01 Plínio Okamoto
 
Mobile Learning v3 Teachers Workshop
Mobile Learning v3 Teachers WorkshopMobile Learning v3 Teachers Workshop
Mobile Learning v3 Teachers WorkshopDarren Kuropatwa
 
FreeForm: Reality Invaders
FreeForm: Reality InvadersFreeForm: Reality Invaders
FreeForm: Reality InvadersMatthew Guy
 
Bournemouth 10/13
Bournemouth 10/13Bournemouth 10/13
Bournemouth 10/13moongolfer
 
The Lovie Awards and Google present The Lovie Talks
The Lovie Awards and Google present The Lovie TalksThe Lovie Awards and Google present The Lovie Talks
The Lovie Awards and Google present The Lovie Talkslovieawards
 
Bogdan Alecu: Playing buggy Codecamp
Bogdan Alecu: Playing buggy CodecampBogdan Alecu: Playing buggy Codecamp
Bogdan Alecu: Playing buggy Codecampmsecnet
 
Os Nightingale
Os NightingaleOs Nightingale
Os Nightingaleoscon2007
 
UX Design, Friend of Foe #worldusabilityday
UX Design, Friend of Foe #worldusabilitydayUX Design, Friend of Foe #worldusabilityday
UX Design, Friend of Foe #worldusabilitydayJeremy Johnson
 
3D Vision Syndrome:A Technologically Induced Visual Impairment
3D Vision Syndrome:A Technologically Induced Visual Impairment3D Vision Syndrome:A Technologically Induced Visual Impairment
3D Vision Syndrome:A Technologically Induced Visual ImpairmentDominick Maino
 
David vs. GoliathVille: A Call to Arms for Social Game Designers
David vs. GoliathVille: A Call to Arms for Social Game DesignersDavid vs. GoliathVille: A Call to Arms for Social Game Designers
David vs. GoliathVille: A Call to Arms for Social Game DesignersScott Siegel
 

Similar to Michael Woolard - Gamify Awareness Training: Failure to engage is failure to secure (18)

4Developers 2015: Your role in the next release of "World" project! - Milen D...
4Developers 2015: Your role in the next release of "World" project! - Milen D...4Developers 2015: Your role in the next release of "World" project! - Milen D...
4Developers 2015: Your role in the next release of "World" project! - Milen D...
 
Moved to https://slidr.io/azzazzel/your-role-in-the-next-release-of-world-pro...
Moved to https://slidr.io/azzazzel/your-role-in-the-next-release-of-world-pro...Moved to https://slidr.io/azzazzel/your-role-in-the-next-release-of-world-pro...
Moved to https://slidr.io/azzazzel/your-role-in-the-next-release-of-world-pro...
 
Protecting Yourself from Cyber Threats
Protecting Yourself from Cyber ThreatsProtecting Yourself from Cyber Threats
Protecting Yourself from Cyber Threats
 
Top kids' gaming IPs
Top kids' gaming IPsTop kids' gaming IPs
Top kids' gaming IPs
 
Iasi code camp 20 april 2013 playing buggy-bogdan-alecu
Iasi code camp 20 april 2013 playing buggy-bogdan-alecuIasi code camp 20 april 2013 playing buggy-bogdan-alecu
Iasi code camp 20 april 2013 playing buggy-bogdan-alecu
 
ConceitosInterativos_01
ConceitosInterativos_01 ConceitosInterativos_01
ConceitosInterativos_01
 
Mobile Learning v3 Teachers Workshop
Mobile Learning v3 Teachers WorkshopMobile Learning v3 Teachers Workshop
Mobile Learning v3 Teachers Workshop
 
FreeForm: Reality Invaders
FreeForm: Reality InvadersFreeForm: Reality Invaders
FreeForm: Reality Invaders
 
Bournemouth 10/13
Bournemouth 10/13Bournemouth 10/13
Bournemouth 10/13
 
The Lovie Awards and Google present The Lovie Talks
The Lovie Awards and Google present The Lovie TalksThe Lovie Awards and Google present The Lovie Talks
The Lovie Awards and Google present The Lovie Talks
 
Bogdan Alecu: Playing buggy Codecamp
Bogdan Alecu: Playing buggy CodecampBogdan Alecu: Playing buggy Codecamp
Bogdan Alecu: Playing buggy Codecamp
 
Os Nightingale
Os NightingaleOs Nightingale
Os Nightingale
 
Getting The Word Out
Getting The Word OutGetting The Word Out
Getting The Word Out
 
UX Design, Friend of Foe #worldusabilityday
UX Design, Friend of Foe #worldusabilitydayUX Design, Friend of Foe #worldusabilityday
UX Design, Friend of Foe #worldusabilityday
 
3D Vision Syndrome:A Technologically Induced Visual Impairment
3D Vision Syndrome:A Technologically Induced Visual Impairment3D Vision Syndrome:A Technologically Induced Visual Impairment
3D Vision Syndrome:A Technologically Induced Visual Impairment
 
David vs. GoliathVille: A Call to Arms for Social Game Designers
David vs. GoliathVille: A Call to Arms for Social Game DesignersDavid vs. GoliathVille: A Call to Arms for Social Game Designers
David vs. GoliathVille: A Call to Arms for Social Game Designers
 
Real World Games-INBADD
Real World Games-INBADDReal World Games-INBADD
Real World Games-INBADD
 
Mobile Learning v3.6
Mobile Learning v3.6Mobile Learning v3.6
Mobile Learning v3.6
 

More from centralohioissa

Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security ProgramMike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Programcentralohioissa
 
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...centralohioissa
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access SystemsValerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systemscentralohioissa
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?centralohioissa
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...centralohioissa
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the Warcentralohioissa
 
Sean Whalen - How to Hack a Hospital
Sean Whalen - How to Hack a HospitalSean Whalen - How to Hack a Hospital
Sean Whalen - How to Hack a Hospitalcentralohioissa
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Designcentralohioissa
 
Rafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack ChainRafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack Chaincentralohioissa
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNcentralohioissa
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metricscentralohioissa
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiativescentralohioissa
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligencecentralohioissa
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Casescentralohioissa
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Securitycentralohioissa
 
Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...
Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...
Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...centralohioissa
 
Jon Gorenflo - Burp Collaborator
Jon Gorenflo - Burp CollaboratorJon Gorenflo - Burp Collaborator
Jon Gorenflo - Burp Collaboratorcentralohioissa
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...centralohioissa
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Toolscentralohioissa
 

More from centralohioissa (19)

Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security ProgramMike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Program
 
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access SystemsValerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
 
Sean Whalen - How to Hack a Hospital
Sean Whalen - How to Hack a HospitalSean Whalen - How to Hack a Hospital
Sean Whalen - How to Hack a Hospital
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Design
 
Rafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack ChainRafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack Chain
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metrics
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiatives
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligence
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Cases
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Security
 
Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...
Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...
Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...
 
Jon Gorenflo - Burp Collaborator
Jon Gorenflo - Burp CollaboratorJon Gorenflo - Burp Collaborator
Jon Gorenflo - Burp Collaborator
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Tools
 

Recently uploaded

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 

Recently uploaded (20)

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 

Michael Woolard - Gamify Awareness Training: Failure to engage is failure to secure

  • 1.
  • 2. OEConnection LLC, Company Confidential. Not for disclosure. MICHAEL WOOLAR http://wooly6bear.wordpress.com Michael.Woolard@outlook.com @WOOLY6BEAR
  • 3.  @tottenkoph / @ben0xa – Derbycon  2012: http://www.irongeek.com/i.php?page=videos/derbycon2/2-2-7-benjamin- mauch-creating-a-powerful-user-defense-against-attackers  2015: http://www.irongeek.com/i.php?page=videos/derbycon5/teach-me02- pavlovian-security-how-to-change-the-way-your-users-respond-when-the-bell-rings- ben-ten-magen-wu  Brandon Baker – 2015 Louisville InfoSec  http://www.irongeek.com/i.php?page=videos/louisvilleinfosec2015/10-using- gamification-in-security-awareness-training-brandon-baker  Katrina Rodzon – 2015 BSides Las Vegas  http://www.irongeek.com/i.php?page=videos/bsideslasvegas2015/cg03-how-portal- can-change-your-security-forever-katrina-rodzon  Kris French – 2015 CONverge  http://www.irongeek.com/i.php?page=videos/converge2015/track212-10-reasons- your-security-education-program-sucks-kris-french-jr
  • 4. 4
  • 5. OEConnection LLC, Company Confidential. Not for disclosure. 5
  • 6.  Org: ~335 employees  275 in Richfield  Technology: ~155  117 in Richfield  30 in Columbus  8 in Poland
  • 7. …enterprise app developers admit security is not a core priority. …developers are not incentivized to make security a priority 53 percent of developers said they have used shortcuts or put temporary solutions in place in order to get their app out November 10, 2015 http://www.scmagazine.com/report-half-of-developers-rush-apps-to-market-consumers-trust-security/article/452844/
  • 8. The Role of Security in Application Development 0 5% 10% 15% 20% 25% 30% 35% 40% 45% What security? After Production Deploy At Developers Discretion https://www.sans.org/reading-room/whitepapers/analyst/survey-application-security-programs-practices-35150 https://www.sans.org/reading-room/whitepapers/analyst/2015-state-application-security-closing-gap-35942
  • 9. “Think Like a Hacker” 9 The Human Element
  • 10. > KNOWLEDGE= HACKING hack·er /ˈhakər/ • INNOVATORS • CHALLENGE AND CHANGE JUST LOGIC APPLIED Optimize the Mind
  • 13. Gene Kranz – Apollo 13Ed Harris
  • 14. The Lecture is Dead as a Teaching Tool - Bill Gardner / Valarie Thomas Building an Information Security Awareness Program
  • 15.
  • 16.
  • 17.
  • 18. Sept 9, 2015 – OWASP CLE “ Tools and Procedures for Securing .NET Applications ”  We Build .NET Web Applications  OWASP Protects Web Applications
  • 19. “That sounds great!” “Thanks Mike, I will let you know who will be there” AUGUST SEPTEMBER 9th, 2015 ONE person from my company attended – Me. “Perfectly falls in line with the other training you have been working on with the teams”
  • 20.
  • 22. Hack.Jam v1Events / Games / Training - all month • OWASP Top 10 Demo/Training • OWASP Proactive Controls • Screensaver Game • Crypto Puzzles • Lockpicking at Lunch • (WIFI – Stolen Passwords) Grand event held October 28th  Main Event: Broken Web App CTF  Locksport Tournament  Mini Games (USB, Crypto)  Social Engineering discussion  Screensaver results  Prizes / Candy / Popcorn!!
  • 23.
  • 24.
  • 25. 25
  • 27. Winner : $10 Starbucks x3
  • 28. y ensi DtlaW- nwonk reve evah Ina mowyn a naht erom esuoM yekci MevolI Hint: kcuDdl anoD => Donald Duck Winner : $10 Starbucks Answer: I love Mickey Mouse more than any woman I have ever known. -Walt Disney
  • 29. DEFAULT USERNAME / PASSWORD field training – security misconfiguration Winner : $10 Starbucks
  • 30. Winner : $10 Starbucks x3
  • 32. Screensaver Game Winner: $25 Amazon GC 2nd Place: $10 Subway / $10 Regal Cinema • 312 submissions from 56 people • 97 Individuals were caught o 80 people were nabbed between 1 -5 times o 15 people were nabbed between 6 – 12 times o 2 people were nabbed 19 times • 10 Managers were caught 29 times • 3 Directors were caught 4 times
  • 33. 0 10 20 30 40 50 60 57 45 24 26 30 19 9 9 10 6 3 4 10 2 10 18 15 5 9 - Double the prizes - Bumped $$
  • 34.
  • 35. “So, Amanda and Jeremy just walked behind me into the executive kitchen and all of a sudden Jeremy yelled ‘on no’ and literally raced by me and disappeared! Amanda and I thought something bad had happened … turned out he left his monitor on and raced back to turn it off per your instructions! When I questioned him he said he may be taking it to extremes and I said I thought that he was!! I told him you would be proud of him! You’ve created a monster – he said he loves games!”
  • 37. LockSport 2015 HACK.JAM LOCKSPORT COMPETITION Zdenko Zdenko 19.74 Prakash Dinardo Dianrdo Dinardo 24.43 Pascher Z George Z Luu 26.83 Luu Z Bowser Bowser Bowser 19.00 Ward (B.O.Y.) Bowser Koch Luu DQ -- 0:00 Somanna WINNER: Z 2nd Place: Bowser Winner: $25 Amazon GC 2nd Place: $10 Subway / $10 Regal
  • 38.
  • 40.
  • 41.
  • 42.
  • 44. OEConnection LLC, Company Confidential. Not for disclosure. OWASP iGoat Project OWASP Bricks OWASP Bywaf Project OWASP Mutillidae 2 Project OWASP SeraphimDroid Project OWASP WebSpa Project OWASP NINJA PingU Project OWASP Encoder Comparison Reference Project OWASP sqliX Project OWASP Secure TDD Project OWASP XSecurity Project OWASP Pyttacker Project OWASP HTTP POST Tool OWASP iOSForensic OWASP SonarQube Project OWASP Rainbow Maker Project OWASP JSEC CVE Details OWASP WebGoat.NET WebGoatPHP OWASP ASIDE Project OWASP ZSC Tool Project
  • 45. • OWASP ZAP / (FoxyProxy) • OWASP Security Shepherd • bWAPP • OWASP WebGoat
  • 46.
  • 47. Survey Monkey  75% stayed the entire time  85% said they are interested in playing in a game next year after they didn’t this year  100% Do It Again!  “definitely more engaging to learn about security through these events than through lectures. 10/10 would sign up again.”
  • 50. OEConnection LLC, Company Confidential. Not for disclosure. MICHAEL WOOLAR http://wooly6bear.wordpress.com Michael.Woolard@outlook.com @WOOLY6BEAR

Editor's Notes

  1. .
  2. It doesn’t have to be expensive. $10 here, $25 there. I gave away in total $290 between 16 prizes. I reached out to my HR and pulled some training and even budgets. I contacted a security organization in the Cleveland area, SecureState and laid everything out. They were on board. Hack.Jam cost my about $600 to put on, not terrible. For some, doable if you budget. For others it is a drop in the bucket and you can get more and do it bigger.