Winn Schwartau, founder and chief visionary officer of security awareness training firm The Security Awareness Company and information warfare conference series, InforwarCon, has a message for organizations and their security awareness programs: keep it simple if you want it to succeed. Schwartau comes from a family of entertainment industry professionals and he, himself, was an audio engineer and producer, giving him the two perspectives needed to make a security awareness program succeed.
His Dec. 5 keynote (“How to Make Your Security Awareness Program Fail (And Then Succeed!”) at the Content Delivery & Security Association’s (CDSA) annual Content Protection Summit (CPS) in Marina del Rey, Calif. will offer up guidelines on how to avoid common mistakes that he has seen global enterprises make for three decades.
This upside-down approach will help each attendee design and implement an organization-wide security awareness program, one that most effectively conveys acceptable policy and compliance behavior.
“Over the last 30-plus years, I’ve learned that too many organizations try to accomplish entirely too much in their security awareness efforts. They think they know better than what history and experience has taught us,” said Schwartau, who’s authored multiple security-related books, most recently “Analogue Network Security.” “That is the reason so many security awareness programs, designed with the best of intentions, fall flat on their faces. They expect user behavior to change overnight, and that is a goal designed to fail.”
According to Schwartau, the most common mistake is to make a security awareness program boring. Mind-numbingly so. In addition, failure is guaranteed by avoiding interactive multi-media content and, especially, that programs should definitely avoid anything remotely resembling humor.
“Security is serious, and there’s no need to use amusing pictures, art or videos,” he said. “Awareness, courses and videos should never be funny.”
Among his “how to make your security awareness program fail big time” suggestions: scare your employees with serious consequences for failure; get your CISO involved in the multi-media production of your program; never use casual written or spoken language that your audience will understand — instead make it as unintelligibly technical as possible; tell employees to just follow policy and that will fix all security problems.
“Managers only need to get employees to memorize corporate policies, from cover to cover, word for word, and live and breathe them perfectly every day,” Schwartau said, holding up a Huge Sarcasm Sign.
During his presentation, Schwartau will also relay how media and entertainment companies can utilize their core competencies — entertaining and storytelling — to launch better security awareness campaigns. No sarcasm sign, there, Schwartau assures us.
The 2018 CDSA Content Protection Summit is presented by SafeStream, and sponsored by EdgeScan, Microsoft Azure, LiveTiles, Aspera, Amazon Web Services, Convergent Risks, Dolby, NAGRA, EIDR, the Trusted Partner Network (TPN), Videocites, Human-i-t, Telesoft and Bob Gold and Associates and is produced by the Media & Entertainment Services Alliance (MESA) in association with CDSA, the Hollywood IT Society (HITS), Smart Content Council and Women in Technology Hollywood (WiTH).
To activate a sponsorship, contact Christian Calson at [email protected].