Security decisions that employees make comprise the bulk of enterprise-wide vulnerabilities increasing the exposure to cyber risk. The security industry's traditional approach to mitigating this risk is predicated on the assumption that individuals will make the right security decisions if they have enough training and fear the consequences. Years of security research indicates otherwise. This briefing will share key insights from security research studies and analysis of several dozen remediation campaigns to more than a million employees across industries. We will show why industry’s traditional approaches to reducing employee risk are ineffective. Instead, our findings highlight innovative, data driven techniques that are proven to reduce employee risk; why viewing this problem with a new lens is most effective and provide concrete examples of how security teams can leverage these approaches to effectively reduce employee risks such as phishing, password security, malware, data handling, and privilege abuse in their own organizations.
Masha Sedova is an award-winning people-security expert, speaker, and trainer focused on engaging people to be key elements of secure organizations. She is the co-founder of Elevate Security, the leader in Human Risk Management software helping security leaders in enterprises measure, communicate and reduce human risk to keep their companies safe from cyber threats.
Before Elevate Security, Masha Sedova was a security executive at Salesforce where she built and led the security engagement team focused on improving the security among employees, partners, and customers. In addition, Masha has been a member of the Board of Directors for the National Cyber Security Alliance and regular presenter at conferences such as Black Hat, RSA, ISSA, Enigma, and SANS.
Perry Carpenter currently serves as Chief Evangelist and Strategy Officer for KnowBe4, the world's most popular security awareness and simulated phishing platform.
Previously, Perry led security awareness, security culture management, and anti-phishing behavior management research at Gartner Research, in addition to covering areas of IAM strategy, CISO Program Management mentoring, and Technology Service Provider success strategies. With a long career as a security professional and researcher, Mr. Carpenter has broad experience in North America and Europe, providing security consulting and advisory services for many of the best-known global brands.
Perry holds a Master of Science in Information Assurance (MSIA) from Norwich University in Vermont and is a Certified Chief Information Security Officer (C|CISO).