SlideShare uma empresa Scribd logo

Michael Woolard - Gamify Awareness Training: Failure to engage is failure to secure

Transferir como PPTX, PDF
C
centralohioissa

This document discusses security awareness training conducted by Michael Woolard. It provides links to security talks and presentations he has given. It then describes the organization he works for and security awareness events he held including Derbycon, Louisville InfoSec, and Bsides Las Vegas presentations. It outlines a Hack.Jam event for his company that included OWASP training, games, and a capture the flag competition. Feedback from the event was very positive with participants wanting to participate again next year. It concludes by mentioning the use of Kahoot for future security awareness training.

Tecnologia
1 de 50
OEConnection LLC, Company Confidential. Not for disclosure. MICHAEL WOOLAR http://wooly6bear.wordpress.com Michael.Woolard@outlook.com @WOOLY6BEAR
 @tottenkoph / @ben0xa – Derbycon  2012: http://www.irongeek.com/i.php?page=videos/derbycon2/2-2-7-benjamin- mauch-creating-a-powerful-user-defense-against-attackers  2015: http://www.irongeek.com/i.php?page=videos/derbycon5/teach-me02- pavlovian-security-how-to-change-the-way-your-users-respond-when-the-bell-rings- ben-ten-magen-wu  Brandon Baker – 2015 Louisville InfoSec  http://www.irongeek.com/i.php?page=videos/louisvilleinfosec2015/10-using- gamification-in-security-awareness-training-brandon-baker  Katrina Rodzon – 2015 BSides Las Vegas  http://www.irongeek.com/i.php?page=videos/bsideslasvegas2015/cg03-how-portal- can-change-your-security-forever-katrina-rodzon  Kris French – 2015 CONverge  http://www.irongeek.com/i.php?page=videos/converge2015/track212-10-reasons- your-security-education-program-sucks-kris-french-jr
4
OEConnection LLC, Company Confidential. Not for disclosure. 5
 Org: ~335 employees  275 in Richfield  Technology: ~155  117 in Richfield  30 in Columbus  8 in Poland
…enterprise app developers admit security is not a core priority. …developers are not incentivized to make security a priority 53 percent of developers said they have used shortcuts or put temporary solutions in place in order to get their app out November 10, 2015 http://www.scmagazine.com/report-half-of-developers-rush-apps-to-market-consumers-trust-security/article/452844/
The Role of Security in Application Development 0 5% 10% 15% 20% 25% 30% 35% 40% 45% What security? After Production Deploy At Developers Discretion https://www.sans.org/reading-room/whitepapers/analyst/survey-application-security-programs-practices-35150 https://www.sans.org/reading-room/whitepapers/analyst/2015-state-application-security-closing-gap-35942
“Think Like a Hacker” 9 The Human Element
> KNOWLEDGE= HACKING hack·er /ˈhakər/ • INNOVATORS • CHALLENGE AND CHANGE JUST LOGIC APPLIED Optimize the Mind
Problem Solvers hack·er /ˈhakər/
NIKOLA TESLAADA LOVELACESTEVE WOZNIAK
Gene Kranz – Apollo 13Ed Harris
The Lecture is Dead as a Teaching Tool - Bill Gardner / Valarie Thomas Building an Information Security Awareness Program
Sept 9, 2015 – OWASP CLE “ Tools and Procedures for Securing .NET Applications ”  We Build .NET Web Applications  OWASP Protects Web Applications
“That sounds great!” “Thanks Mike, I will let you know who will be there” AUGUST SEPTEMBER 9th, 2015 ONE person from my company attended – Me. “Perfectly falls in line with the other training you have been working on with the teams”
So Why Gaming?
Hack.Jam v1Events / Games / Training - all month • OWASP Top 10 Demo/Training • OWASP Proactive Controls • Screensaver Game • Crypto Puzzles • Lockpicking at Lunch • (WIFI – Stolen Passwords) Grand event held October 28th  Main Event: Broken Web App CTF  Locksport Tournament  Mini Games (USB, Crypto)  Social Engineering discussion  Screensaver results  Prizes / Candy / Popcorn!!
25
Mini Games
Winner : $10 Starbucks x3
y ensi DtlaW- nwonk reve evah Ina mowyn a naht erom esuoM yekci MevolI Hint: kcuDdl anoD => Donald Duck Winner : $10 Starbucks Answer: I love Mickey Mouse more than any woman I have ever known. -Walt Disney
DEFAULT USERNAME / PASSWORD field training – security misconfiguration Winner : $10 Starbucks
Winner : $10 Starbucks x3
The Games
Screensaver Game Winner: $25 Amazon GC 2nd Place: $10 Subway / $10 Regal Cinema • 312 submissions from 56 people • 97 Individuals were caught o 80 people were nabbed between 1 -5 times o 15 people were nabbed between 6 – 12 times o 2 people were nabbed 19 times • 10 Managers were caught 29 times • 3 Directors were caught 4 times
0 10 20 30 40 50 60 57 45 24 26 30 19 9 9 10 6 3 4 10 2 10 18 15 5 9 - Double the prizes - Bumped $$
“So, Amanda and Jeremy just walked behind me into the executive kitchen and all of a sudden Jeremy yelled ‘on no’ and literally raced by me and disappeared! Amanda and I thought something bad had happened … turned out he left his monitor on and raced back to turn it off per your instructions! When I questioned him he said he may be taking it to extremes and I said I thought that he was!! I told him you would be proud of him! You’ve created a monster – he said he loves games!”
LOCKSPORT
LockSport 2015 HACK.JAM LOCKSPORT COMPETITION Zdenko Zdenko 19.74 Prakash Dinardo Dianrdo Dinardo 24.43 Pascher Z George Z Luu 26.83 Luu Z Bowser Bowser Bowser 19.00 Ward (B.O.Y.) Bowser Koch Luu DQ -- 0:00 Somanna WINNER: Z 2nd Place: Bowser Winner: $25 Amazon GC 2nd Place: $10 Subway / $10 Regal
HACK.JAM CTF
OWASPhttp://www.owasp.org
OEConnection LLC, Company Confidential. Not for disclosure. OWASP iGoat Project OWASP Bricks OWASP Bywaf Project OWASP Mutillidae 2 Project OWASP SeraphimDroid Project OWASP WebSpa Project OWASP NINJA PingU Project OWASP Encoder Comparison Reference Project OWASP sqliX Project OWASP Secure TDD Project OWASP XSecurity Project OWASP Pyttacker Project OWASP HTTP POST Tool OWASP iOSForensic OWASP SonarQube Project OWASP Rainbow Maker Project OWASP JSEC CVE Details OWASP WebGoat.NET WebGoatPHP OWASP ASIDE Project OWASP ZSC Tool Project
• OWASP ZAP / (FoxyProxy) • OWASP Security Shepherd • bWAPP • OWASP WebGoat
Survey Monkey  75% stayed the entire time  85% said they are interested in playing in a game next year after they didn’t this year  100% Do It Again!  “definitely more engaging to learn about security through these events than through lectures. 10/10 would sign up again.”
WIN 48
2016 49 https://getkahoot.com https://kahoot.it
OEConnection LLC, Company Confidential. Not for disclosure. MICHAEL WOOLAR http://wooly6bear.wordpress.com Michael.Woolard@outlook.com @WOOLY6BEAR

Recomendados

Top 20 Free High DA Video Submission Sites list 2018
Top 20 Free High DA Video Submission Sites list 2018 Top 20 Free High DA Video Submission Sites list 2018
Top 20 Free High DA Video Submission Sites list 2018 Digital Marketing Profs Blog
 
The Funny Thing About Information Security
The Funny Thing About Information SecurityThe Funny Thing About Information Security
The Funny Thing About Information SecuritySecurity BSides London
 
Engage! Creating a Meaningful Security Awareness Program
Engage! Creating a Meaningful Security Awareness ProgramEngage! Creating a Meaningful Security Awareness Program
Engage! Creating a Meaningful Security Awareness ProgramBen Woelk, CISSP, CPTC
 
Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...
Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...
Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...centralohioissa
 
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the BattlefieldPhil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefieldcentralohioissa
 
Chris Haley - Understanding Attackers' Use of Covert Communications
Chris Haley - Understanding Attackers' Use of Covert CommunicationsChris Haley - Understanding Attackers' Use of Covert Communications
Chris Haley - Understanding Attackers' Use of Covert Communicationscentralohioissa
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!centralohioissa
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloudcentralohioissa
 

Recomendados

Top 20 Free High DA Video Submission Sites list 2018
Top 20 Free High DA Video Submission Sites list 2018 Top 20 Free High DA Video Submission Sites list 2018
Top 20 Free High DA Video Submission Sites list 2018 Digital Marketing Profs Blog
 
The Funny Thing About Information Security
The Funny Thing About Information SecurityThe Funny Thing About Information Security
The Funny Thing About Information SecuritySecurity BSides London
 
Engage! Creating a Meaningful Security Awareness Program
Engage! Creating a Meaningful Security Awareness ProgramEngage! Creating a Meaningful Security Awareness Program
Engage! Creating a Meaningful Security Awareness ProgramBen Woelk, CISSP, CPTC
 
Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...
Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...
Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...centralohioissa
 
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the BattlefieldPhil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefieldcentralohioissa
 
Chris Haley - Understanding Attackers' Use of Covert Communications
Chris Haley - Understanding Attackers' Use of Covert CommunicationsChris Haley - Understanding Attackers' Use of Covert Communications
Chris Haley - Understanding Attackers' Use of Covert Communicationscentralohioissa
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!centralohioissa
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloudcentralohioissa
 
Jason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 PredictionsJason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 Predictionscentralohioissa
 
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's EnterpriseJustin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprisecentralohioissa
 
Deral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail LaterDeral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail Latercentralohioissa
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directorscentralohioissa
 
Harry Regan - It's Never So Bad That It Can't Get Worse
Harry Regan - It's Never So Bad That It Can't Get WorseHarry Regan - It's Never So Bad That It Can't Get Worse
Harry Regan - It's Never So Bad That It Can't Get Worsecentralohioissa
 
Aaron Bedra - Effective Software Security Teams
Aaron Bedra - Effective Software Security TeamsAaron Bedra - Effective Software Security Teams
Aaron Bedra - Effective Software Security Teamscentralohioissa
 
Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing...
Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing...Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing...
Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing...centralohioissa
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
 
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...centralohioissa
 
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No ShoesCarolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoescentralohioissa
 
Jim Libersky: Cyber Security - Super Bowl 50
Jim Libersky: Cyber Security - Super Bowl 50Jim Libersky: Cyber Security - Super Bowl 50
Jim Libersky: Cyber Security - Super Bowl 50centralohioissa
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!centralohioissa
 
Please, Please, PLEASE Defend Your Mobile Apps!
Please, Please, PLEASE Defend Your Mobile Apps!Please, Please, PLEASE Defend Your Mobile Apps!
Please, Please, PLEASE Defend Your Mobile Apps!Jerod Brennen
 
Bill Lisse - Communicating Security Across the C-Suite
Bill Lisse - Communicating Security Across the C-SuiteBill Lisse - Communicating Security Across the C-Suite
Bill Lisse - Communicating Security Across the C-Suitecentralohioissa
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016centralohioissa
 
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...centralohioissa
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecuritycentralohioissa
 
Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?centralohioissa
 
Gavin Hill - Lessons From the Human Immune System
Gavin Hill - Lessons From the Human Immune SystemGavin Hill - Lessons From the Human Immune System
Gavin Hill - Lessons From the Human Immune Systemcentralohioissa
 
4Developers 2015: Your role in the next release of "World" project! - Milen D...
4Developers 2015: Your role in the next release of "World" project! - Milen D...4Developers 2015: Your role in the next release of "World" project! - Milen D...
4Developers 2015: Your role in the next release of "World" project! - Milen D...PROIDEA
 
Moved to https://slidr.io/azzazzel/your-role-in-the-next-release-of-world-pro...
Moved to https://slidr.io/azzazzel/your-role-in-the-next-release-of-world-pro...Moved to https://slidr.io/azzazzel/your-role-in-the-next-release-of-world-pro...
Moved to https://slidr.io/azzazzel/your-role-in-the-next-release-of-world-pro...Milen Dyankov
 
Protecting Yourself from Cyber Threats
Protecting Yourself from Cyber ThreatsProtecting Yourself from Cyber Threats
Protecting Yourself from Cyber ThreatsRay Brannon
 

Mais conteúdo relacionado

Destaque

Jason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 PredictionsJason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 Predictionscentralohioissa
 
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's EnterpriseJustin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprisecentralohioissa
 
Deral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail LaterDeral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail Latercentralohioissa
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directorscentralohioissa
 
Harry Regan - It's Never So Bad That It Can't Get Worse
Harry Regan - It's Never So Bad That It Can't Get WorseHarry Regan - It's Never So Bad That It Can't Get Worse
Harry Regan - It's Never So Bad That It Can't Get Worsecentralohioissa
 
Aaron Bedra - Effective Software Security Teams
Aaron Bedra - Effective Software Security TeamsAaron Bedra - Effective Software Security Teams
Aaron Bedra - Effective Software Security Teamscentralohioissa
 
Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing...
Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing...Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing...
Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing...centralohioissa
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
 
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...centralohioissa
 
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No ShoesCarolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoescentralohioissa
 
Jim Libersky: Cyber Security - Super Bowl 50
Jim Libersky: Cyber Security - Super Bowl 50Jim Libersky: Cyber Security - Super Bowl 50
Jim Libersky: Cyber Security - Super Bowl 50centralohioissa
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!centralohioissa
 
Please, Please, PLEASE Defend Your Mobile Apps!
Please, Please, PLEASE Defend Your Mobile Apps!Please, Please, PLEASE Defend Your Mobile Apps!
Please, Please, PLEASE Defend Your Mobile Apps!Jerod Brennen
 
Bill Lisse - Communicating Security Across the C-Suite
Bill Lisse - Communicating Security Across the C-SuiteBill Lisse - Communicating Security Across the C-Suite
Bill Lisse - Communicating Security Across the C-Suitecentralohioissa
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016centralohioissa
 
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...centralohioissa
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecuritycentralohioissa
 
Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?centralohioissa
 
Gavin Hill - Lessons From the Human Immune System
Gavin Hill - Lessons From the Human Immune SystemGavin Hill - Lessons From the Human Immune System
Gavin Hill - Lessons From the Human Immune Systemcentralohioissa
 

Destaque (19)

Jason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 PredictionsJason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 Predictions
 
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's EnterpriseJustin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
 
Deral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail LaterDeral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail Later
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directors
 
Harry Regan - It's Never So Bad That It Can't Get Worse
Harry Regan - It's Never So Bad That It Can't Get WorseHarry Regan - It's Never So Bad That It Can't Get Worse
Harry Regan - It's Never So Bad That It Can't Get Worse
 
Aaron Bedra - Effective Software Security Teams
Aaron Bedra - Effective Software Security TeamsAaron Bedra - Effective Software Security Teams
Aaron Bedra - Effective Software Security Teams
 
Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing...
Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing...Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing...
Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing...
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
 
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
 
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No ShoesCarolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
 
Jim Libersky: Cyber Security - Super Bowl 50
Jim Libersky: Cyber Security - Super Bowl 50Jim Libersky: Cyber Security - Super Bowl 50
Jim Libersky: Cyber Security - Super Bowl 50
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!
 
Please, Please, PLEASE Defend Your Mobile Apps!
Please, Please, PLEASE Defend Your Mobile Apps!Please, Please, PLEASE Defend Your Mobile Apps!
Please, Please, PLEASE Defend Your Mobile Apps!
 
Bill Lisse - Communicating Security Across the C-Suite
Bill Lisse - Communicating Security Across the C-SuiteBill Lisse - Communicating Security Across the C-Suite
Bill Lisse - Communicating Security Across the C-Suite
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
 
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
 
Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?
 
Gavin Hill - Lessons From the Human Immune System
Gavin Hill - Lessons From the Human Immune SystemGavin Hill - Lessons From the Human Immune System
Gavin Hill - Lessons From the Human Immune System
 

Semelhante a Michael Woolard - Gamify Awareness Training: Failure to engage is failure to secure

4Developers 2015: Your role in the next release of "World" project! - Milen D...
4Developers 2015: Your role in the next release of "World" project! - Milen D...4Developers 2015: Your role in the next release of "World" project! - Milen D...
4Developers 2015: Your role in the next release of "World" project! - Milen D...PROIDEA
 
Moved to https://slidr.io/azzazzel/your-role-in-the-next-release-of-world-pro...
Moved to https://slidr.io/azzazzel/your-role-in-the-next-release-of-world-pro...Moved to https://slidr.io/azzazzel/your-role-in-the-next-release-of-world-pro...
Moved to https://slidr.io/azzazzel/your-role-in-the-next-release-of-world-pro...Milen Dyankov
 
Protecting Yourself from Cyber Threats
Protecting Yourself from Cyber ThreatsProtecting Yourself from Cyber Threats
Protecting Yourself from Cyber ThreatsRay Brannon
 
Top kids' gaming IPs
Top kids' gaming IPsTop kids' gaming IPs
Top kids' gaming IPsDubit
 
internet safety 2013
internet safety 2013internet safety 2013
internet safety 2013Brian Downey
 
Iasi code camp 20 april 2013 playing buggy-bogdan-alecu
Iasi code camp 20 april 2013 playing buggy-bogdan-alecuIasi code camp 20 april 2013 playing buggy-bogdan-alecu
Iasi code camp 20 april 2013 playing buggy-bogdan-alecuCodecamp Romania
 
ConceitosInterativos_01
ConceitosInterativos_01 ConceitosInterativos_01
ConceitosInterativos_01 Plínio Okamoto
 
Mobile Learning v3 Teachers Workshop
Mobile Learning v3 Teachers WorkshopMobile Learning v3 Teachers Workshop
Mobile Learning v3 Teachers WorkshopDarren Kuropatwa
 
FreeForm: Reality Invaders
FreeForm: Reality InvadersFreeForm: Reality Invaders
FreeForm: Reality InvadersMatthew Guy
 
Bournemouth 10/13
Bournemouth 10/13Bournemouth 10/13
Bournemouth 10/13moongolfer
 
The Lovie Awards and Google present The Lovie Talks
The Lovie Awards and Google present The Lovie TalksThe Lovie Awards and Google present The Lovie Talks
The Lovie Awards and Google present The Lovie Talkslovieawards
 
Bogdan Alecu: Playing buggy Codecamp
Bogdan Alecu: Playing buggy CodecampBogdan Alecu: Playing buggy Codecamp
Bogdan Alecu: Playing buggy Codecampmsecnet
 
Os Nightingale
Os NightingaleOs Nightingale
Os Nightingaleoscon2007
 
November 2012 Cultural Fuel Trend Report
November 2012 Cultural Fuel Trend ReportNovember 2012 Cultural Fuel Trend Report
November 2012 Cultural Fuel Trend ReportLeo Burnett Frankfurt
 
UX Design, Friend of Foe #worldusabilityday
UX Design, Friend of Foe #worldusabilitydayUX Design, Friend of Foe #worldusabilityday
UX Design, Friend of Foe #worldusabilitydayJeremy Johnson
 
3D Vision Syndrome:A Technologically Induced Visual Impairment
3D Vision Syndrome:A Technologically Induced Visual Impairment3D Vision Syndrome:A Technologically Induced Visual Impairment
3D Vision Syndrome:A Technologically Induced Visual ImpairmentDominick Maino
 
David vs. GoliathVille: A Call to Arms for Social Game Designers
David vs. GoliathVille: A Call to Arms for Social Game DesignersDavid vs. GoliathVille: A Call to Arms for Social Game Designers
David vs. GoliathVille: A Call to Arms for Social Game DesignersScott Siegel
 

Semelhante a Michael Woolard - Gamify Awareness Training: Failure to engage is failure to secure (20)

4Developers 2015: Your role in the next release of "World" project! - Milen D...
4Developers 2015: Your role in the next release of "World" project! - Milen D...4Developers 2015: Your role in the next release of "World" project! - Milen D...
4Developers 2015: Your role in the next release of "World" project! - Milen D...
 
Moved to https://slidr.io/azzazzel/your-role-in-the-next-release-of-world-pro...
Moved to https://slidr.io/azzazzel/your-role-in-the-next-release-of-world-pro...Moved to https://slidr.io/azzazzel/your-role-in-the-next-release-of-world-pro...
Moved to https://slidr.io/azzazzel/your-role-in-the-next-release-of-world-pro...
 
Protecting Yourself from Cyber Threats
Protecting Yourself from Cyber ThreatsProtecting Yourself from Cyber Threats
Protecting Yourself from Cyber Threats
 
Top kids' gaming IPs
Top kids' gaming IPsTop kids' gaming IPs
Top kids' gaming IPs
 
internet safety 2013
internet safety 2013internet safety 2013
internet safety 2013
 
Iasi code camp 20 april 2013 playing buggy-bogdan-alecu
Iasi code camp 20 april 2013 playing buggy-bogdan-alecuIasi code camp 20 april 2013 playing buggy-bogdan-alecu
Iasi code camp 20 april 2013 playing buggy-bogdan-alecu
 
ConceitosInterativos_01
ConceitosInterativos_01 ConceitosInterativos_01
ConceitosInterativos_01
 
Mobile Learning v3 Teachers Workshop
Mobile Learning v3 Teachers WorkshopMobile Learning v3 Teachers Workshop
Mobile Learning v3 Teachers Workshop
 
FreeForm: Reality Invaders
FreeForm: Reality InvadersFreeForm: Reality Invaders
FreeForm: Reality Invaders
 
Bournemouth 10/13
Bournemouth 10/13Bournemouth 10/13
Bournemouth 10/13
 
The Lovie Awards and Google present The Lovie Talks
The Lovie Awards and Google present The Lovie TalksThe Lovie Awards and Google present The Lovie Talks
The Lovie Awards and Google present The Lovie Talks
 
Bogdan Alecu: Playing buggy Codecamp
Bogdan Alecu: Playing buggy CodecampBogdan Alecu: Playing buggy Codecamp
Bogdan Alecu: Playing buggy Codecamp
 
Os Nightingale
Os NightingaleOs Nightingale
Os Nightingale
 
Getting The Word Out
Getting The Word OutGetting The Word Out
Getting The Word Out
 
November 2012 Cultural Fuel Trend Report
November 2012 Cultural Fuel Trend ReportNovember 2012 Cultural Fuel Trend Report
November 2012 Cultural Fuel Trend Report
 
UX Design, Friend of Foe #worldusabilityday
UX Design, Friend of Foe #worldusabilitydayUX Design, Friend of Foe #worldusabilityday
UX Design, Friend of Foe #worldusabilityday
 
3D Vision Syndrome:A Technologically Induced Visual Impairment
3D Vision Syndrome:A Technologically Induced Visual Impairment3D Vision Syndrome:A Technologically Induced Visual Impairment
3D Vision Syndrome:A Technologically Induced Visual Impairment
 
David vs. GoliathVille: A Call to Arms for Social Game Designers
David vs. GoliathVille: A Call to Arms for Social Game DesignersDavid vs. GoliathVille: A Call to Arms for Social Game Designers
David vs. GoliathVille: A Call to Arms for Social Game Designers
 
Real World Games-INBADD
Real World Games-INBADDReal World Games-INBADD
Real World Games-INBADD
 
Mobile Learning v3.6
Mobile Learning v3.6Mobile Learning v3.6
Mobile Learning v3.6
 

Mais de centralohioissa

Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security ProgramMike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Programcentralohioissa
 
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...centralohioissa
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access SystemsValerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systemscentralohioissa
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?centralohioissa
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...centralohioissa
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the Warcentralohioissa
 
Sean Whalen - How to Hack a Hospital
Sean Whalen - How to Hack a HospitalSean Whalen - How to Hack a Hospital
Sean Whalen - How to Hack a Hospitalcentralohioissa
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Designcentralohioissa
 
Rafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack ChainRafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack Chaincentralohioissa
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNcentralohioissa
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metricscentralohioissa
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiativescentralohioissa
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligencecentralohioissa
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Casescentralohioissa
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Securitycentralohioissa
 
Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...
Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...
Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...centralohioissa
 
Jon Gorenflo - Burp Collaborator
Jon Gorenflo - Burp CollaboratorJon Gorenflo - Burp Collaborator
Jon Gorenflo - Burp Collaboratorcentralohioissa
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...centralohioissa
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Toolscentralohioissa
 

Mais de centralohioissa (19)

Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security ProgramMike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Program
 
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access SystemsValerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
 
Sean Whalen - How to Hack a Hospital
Sean Whalen - How to Hack a HospitalSean Whalen - How to Hack a Hospital
Sean Whalen - How to Hack a Hospital
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Design
 
Rafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack ChainRafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack Chain
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metrics
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiatives
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligence
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Cases
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Security
 
Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...
Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...
Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...
 
Jon Gorenflo - Burp Collaborator
Jon Gorenflo - Burp CollaboratorJon Gorenflo - Burp Collaborator
Jon Gorenflo - Burp Collaborator
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Tools
 

Último

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 

Último (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 

Michael Woolard - Gamify Awareness Training: Failure to engage is failure to secure

  • 1.
  • 2. OEConnection LLC, Company Confidential. Not for disclosure. MICHAEL WOOLAR http://wooly6bear.wordpress.com Michael.Woolard@outlook.com @WOOLY6BEAR
  • 3.  @tottenkoph / @ben0xa – Derbycon  2012: http://www.irongeek.com/i.php?page=videos/derbycon2/2-2-7-benjamin- mauch-creating-a-powerful-user-defense-against-attackers  2015: http://www.irongeek.com/i.php?page=videos/derbycon5/teach-me02- pavlovian-security-how-to-change-the-way-your-users-respond-when-the-bell-rings- ben-ten-magen-wu  Brandon Baker – 2015 Louisville InfoSec  http://www.irongeek.com/i.php?page=videos/louisvilleinfosec2015/10-using- gamification-in-security-awareness-training-brandon-baker  Katrina Rodzon – 2015 BSides Las Vegas  http://www.irongeek.com/i.php?page=videos/bsideslasvegas2015/cg03-how-portal- can-change-your-security-forever-katrina-rodzon  Kris French – 2015 CONverge  http://www.irongeek.com/i.php?page=videos/converge2015/track212-10-reasons- your-security-education-program-sucks-kris-french-jr
  • 4. 4
  • 5. OEConnection LLC, Company Confidential. Not for disclosure. 5
  • 6.  Org: ~335 employees  275 in Richfield  Technology: ~155  117 in Richfield  30 in Columbus  8 in Poland
  • 7. …enterprise app developers admit security is not a core priority. …developers are not incentivized to make security a priority 53 percent of developers said they have used shortcuts or put temporary solutions in place in order to get their app out November 10, 2015 http://www.scmagazine.com/report-half-of-developers-rush-apps-to-market-consumers-trust-security/article/452844/
  • 8. The Role of Security in Application Development 0 5% 10% 15% 20% 25% 30% 35% 40% 45% What security? After Production Deploy At Developers Discretion https://www.sans.org/reading-room/whitepapers/analyst/survey-application-security-programs-practices-35150 https://www.sans.org/reading-room/whitepapers/analyst/2015-state-application-security-closing-gap-35942
  • 9. “Think Like a Hacker” 9 The Human Element
  • 10. > KNOWLEDGE= HACKING hack·er /ˈhakər/ • INNOVATORS • CHALLENGE AND CHANGE JUST LOGIC APPLIED Optimize the Mind
  • 13. Gene Kranz – Apollo 13Ed Harris
  • 14. The Lecture is Dead as a Teaching Tool - Bill Gardner / Valarie Thomas Building an Information Security Awareness Program
  • 15.
  • 16.
  • 17.
  • 18. Sept 9, 2015 – OWASP CLE “ Tools and Procedures for Securing .NET Applications ”  We Build .NET Web Applications  OWASP Protects Web Applications
  • 19. “That sounds great!” “Thanks Mike, I will let you know who will be there” AUGUST SEPTEMBER 9th, 2015 ONE person from my company attended – Me. “Perfectly falls in line with the other training you have been working on with the teams”
  • 20.
  • 22. Hack.Jam v1Events / Games / Training - all month • OWASP Top 10 Demo/Training • OWASP Proactive Controls • Screensaver Game • Crypto Puzzles • Lockpicking at Lunch • (WIFI – Stolen Passwords) Grand event held October 28th  Main Event: Broken Web App CTF  Locksport Tournament  Mini Games (USB, Crypto)  Social Engineering discussion  Screensaver results  Prizes / Candy / Popcorn!!
  • 23.
  • 24.
  • 25. 25
  • 27. Winner : $10 Starbucks x3
  • 28. y ensi DtlaW- nwonk reve evah Ina mowyn a naht erom esuoM yekci MevolI Hint: kcuDdl anoD => Donald Duck Winner : $10 Starbucks Answer: I love Mickey Mouse more than any woman I have ever known. -Walt Disney
  • 29. DEFAULT USERNAME / PASSWORD field training – security misconfiguration Winner : $10 Starbucks
  • 30. Winner : $10 Starbucks x3
  • 32. Screensaver Game Winner: $25 Amazon GC 2nd Place: $10 Subway / $10 Regal Cinema • 312 submissions from 56 people • 97 Individuals were caught o 80 people were nabbed between 1 -5 times o 15 people were nabbed between 6 – 12 times o 2 people were nabbed 19 times • 10 Managers were caught 29 times • 3 Directors were caught 4 times
  • 33. 0 10 20 30 40 50 60 57 45 24 26 30 19 9 9 10 6 3 4 10 2 10 18 15 5 9 - Double the prizes - Bumped $$
  • 34.
  • 35. “So, Amanda and Jeremy just walked behind me into the executive kitchen and all of a sudden Jeremy yelled ‘on no’ and literally raced by me and disappeared! Amanda and I thought something bad had happened … turned out he left his monitor on and raced back to turn it off per your instructions! When I questioned him he said he may be taking it to extremes and I said I thought that he was!! I told him you would be proud of him! You’ve created a monster – he said he loves games!”
  • 37. LockSport 2015 HACK.JAM LOCKSPORT COMPETITION Zdenko Zdenko 19.74 Prakash Dinardo Dianrdo Dinardo 24.43 Pascher Z George Z Luu 26.83 Luu Z Bowser Bowser Bowser 19.00 Ward (B.O.Y.) Bowser Koch Luu DQ -- 0:00 Somanna WINNER: Z 2nd Place: Bowser Winner: $25 Amazon GC 2nd Place: $10 Subway / $10 Regal
  • 38.
  • 40.
  • 41.
  • 42.
  • 44. OEConnection LLC, Company Confidential. Not for disclosure. OWASP iGoat Project OWASP Bricks OWASP Bywaf Project OWASP Mutillidae 2 Project OWASP SeraphimDroid Project OWASP WebSpa Project OWASP NINJA PingU Project OWASP Encoder Comparison Reference Project OWASP sqliX Project OWASP Secure TDD Project OWASP XSecurity Project OWASP Pyttacker Project OWASP HTTP POST Tool OWASP iOSForensic OWASP SonarQube Project OWASP Rainbow Maker Project OWASP JSEC CVE Details OWASP WebGoat.NET WebGoatPHP OWASP ASIDE Project OWASP ZSC Tool Project
  • 45. • OWASP ZAP / (FoxyProxy) • OWASP Security Shepherd • bWAPP • OWASP WebGoat
  • 46.
  • 47. Survey Monkey  75% stayed the entire time  85% said they are interested in playing in a game next year after they didn’t this year  100% Do It Again!  “definitely more engaging to learn about security through these events than through lectures. 10/10 would sign up again.”
  • 50. OEConnection LLC, Company Confidential. Not for disclosure. MICHAEL WOOLAR http://wooly6bear.wordpress.com Michael.Woolard@outlook.com @WOOLY6BEAR

Notas do Editor

  1. .
  2. It doesn’t have to be expensive. $10 here, $25 there. I gave away in total $290 between 16 prizes. I reached out to my HR and pulled some training and even budgets. I contacted a security organization in the Cleveland area, SecureState and laid everything out. They were on board. Hack.Jam cost my about $600 to put on, not terrible. For some, doable if you budget. For others it is a drop in the bucket and you can get more and do it bigger.