Welcome back to Security Culture TV! In this 2nd season, host Kai Roer invites a number of industry experts to share their views, experiences and tips on security awareness, behaviors and culture.
The guest of this episode, Mo Amin, has been a strong supporter and central part of the security culture community. His background is from IT, security, operation security and consultancy. For him, culture and awareness are the two most interesting aspects of security.
For about eight years he has been working with security awareness and culture focusing on people. During this time, Mo has often spoken to Kai and engaged in the security culture community. One of Mo’s strong beliefs about security is that people can be a strength in the defense line. Today Mo is an independent security consultant based in London.
Here are some of his main points about information security and security training that he thinks need to change.
Mo has found numerous solutions and good tips for how to change these common problems. Watch the full video to learn what you can do in your organisation to improve security culture.
- Do not use a one fit all approach to security training. Mo highlights that a one fit all approach, where everyone is sent through the same videos and lectures with quizzes at the end, has been common for a long time. However, he thinks it is important to move away from it because the learning outcome tends to be low.
- Do not assume where you are today. Mo draws attention to the fact that many organizations do not accurately look at where they are in terms of security culture and awareness. He thinks it is important to measure security culture to know where the organization is today and in order to be able to accurately say where they want and need to be tomorrow.
- Do not think you are an expert at everything. Mo highlights that infosec tend to have a history of no transparency, negative communication and negative perception in organizations. He says that this is important to change as it most likely will negatively impact the effectiveness of security training and the security culture.
In the next months, we will publish a new episode every second week. To be the first to see the episodes, join the LinkedIn Group Security Culture Framework, and get access a full week ahead of the rest!
Receive early invitations, take part in the discussion and engage with your peers in the Security Culture Framework community on Linkedin.