The evolution of #securityawareness

The first Australian information security awareness conference takes place next week. It’s right here in Melbourne and run by a dedicated bunch called Security, Influence and Trust. The good news is, it’s a sell-out! (yes it’s free but you get the gist). The bad news?…there is no bad news. For all the messengers out there that have tirelessly spread the security word to our peers, leaders, staff and partners…sometimes at broken record volumes, this event is recognition that there is enough of us who believe that at the centre of protecting our businesses are our people. A full day to share our challenges, discuss what’s worked and help others who are just starting out.

When I received my invitation to this inaugural event, it reminded me of how far this industry has come. We have been talking about the importance of information security awareness programs for well over a decade…closing in on two decades actually. For many years, security awareness was a mandatory annual e-learning course. It was faceless, cheap and repetitive. We then moved to bigger programs (which is great) and we called it cultural change – a term used (and I’m guilty too) to describe how we were going to change the old school information security attitudes of our staff, our boards and our customers. But you know and I know that no one wants to be told they need to change (especially when most people we were trying to change believed security was an IT problem…). These days, we do everything in our power to spread our message without trying to change people…we duck into meetings people are already having to chat about the value of security, we provide our security message with coffee that people are already planning on drinking to make security less formal and more engaging and we hold great events that combine security with topics and information that the business is passionate about. In doing this we build relationships and trust that can’t be achieved through compliance training alone. We don't want to change people...we want to join people to reach a common goal.

Next week I will be surrounded by peers and some new faces to discuss the best approaches to security awareness from those who have lived through the evolution. Sounds great, right? Yes, this year is at capacity....should I save you a seat for 2017?