Special Guests: Dave Aitel, Lance Spitzner, Javvad Malik, Dameon Welch-Abernathy (aka “Phoneboy”), SpaceRogue
Of all the topics we discussed for this episode none sparked more passionate debate than the effectiveness of end user security awareness training. On one side, its something that we must do in order to help our organization’s be resilient to attack. Users must be trained not to “click shit”, succumb to social engineering and ignore malicious behavior. On the other side of the fence, its a waste of time. Not all users will “Get it”, and the attackers may only need one user to be a victim. The threats are constantly changing, so users will need constant training, and security will just “get in the way”. Somewhere in the middle perhaps is a happy medium.