Welcome to 鈥淭ruman鈥檚 Take,鈥 where Product Marketing Manager James O鈥橪eary sits down with Senior Product Researcher Truman Kain. As one of the leading minds behind our security training, Truman truly brings the brains and bold ideas to 杏吧传媒 Managed Security Awareness Training (SAT). In this chat, the two discussed managed learning, the process of choosing each episode鈥檚 topic in relation to the threat landscape, and the upcoming episode for December.
But before we dive into the interview, let鈥檚 take a step back and examine what Managed SAT is and why we do it in the first place. Since our inception in 2015, 杏吧传媒 has strived to create quality cybersecurity products that empower resource-strapped IT and security teams that other vendors often overlook.聽
When it came to SAT, we quickly realized that an area that our partners and customers really struggled with was managing their programs. This usually resulted in high overhead, wasted resources, or neglect of their programs altogether. They simply didn鈥檛 have the time or security expertise to keep an SAT program running, let alone one that would go beyond merely satisfying their compliance requirements and improving their security posture.聽
We repeatedly heard this challenge from our partners and customers, and so we decided to do something about it. After all, we have an entire team of cybersecurity researchers and practitioners whose expertise we can leverage to build an SAT program that reflects current threats. So with that, we developed Managed SAT, where the 杏吧传媒 team takes over the creation, curation, and scheduling of your training programs (including episodes, phishing simulations, and Phishing Defense Coaching recovery training). All this means you can spend more time on other priorities, all while being confident your SAT program is taken care of.聽
With that in mind, let's get into the interview with Truman, the man behind the management.
James O鈥橪eary: What does your role as a product researcher here at 杏吧传媒 look like?
Truman Kain: As a product researcher at 杏吧传媒, my job is to take the expertise of our team and our knowledge of hacker tradecraft and make it accessible to our partners and users. As the lead researcher for our Security Awareness Training product, I keep a close eye on what's being seen in the wild from attackers, what's impacting our customers, and how we can train our learners to be vigilant against today鈥檚 threats. This training comes in the form of educational content, phishing simulations, and Phishing Defense Coaching.
What鈥檚 your background as a threat/product researcher?
Prior to joining 杏吧传媒, I worked for several years as a social engineer conducting phishing, vishing, and physical penetration tests against the Fortune 500. I鈥檝e developed and presented novel security tooling at DEFCON, GrrCON, SaintCon, and Devoxx. I鈥檝e also led the development of a Phishing Simulation platform and conducted more traditional forms of penetration testing. I hold OSCP and CESE (formerly known as SEPP) certifications.
This month鈥檚 managed learning episode follows Matt, the Founder and CEO of BopTalk, as he learns first-hand about the importance of data privacy.
When it comes to choosing episodes of 杏吧传媒 SAT, what are the biggest considerations?
We like to think about what鈥檚 topical while also taking into account the episodes that a learner has recently watched as part of our Managed SAT offering. We want to ensure that all of the various cybersecurity themes are being hit on a regular basis, we aren鈥檛 fatiguing learners on a particular subject, and we鈥檙e providing a wide range of foundational security awareness training over time.聽
What makes those considerations so important?
If learners don鈥檛 complete their assignments, their security awareness suffers. It鈥檚 our job not only to make world-class educational content but also to schedule and assign it in a way that keeps people engaged and wanting to learn more, all without overwhelming the learner or diluting the security awareness information we provide.
What sources of information do you rely on to help with your decision?
We follow the threat landscape and cutting-edge techniques seen in the wild, work with our Security Operations Center to find common denominators in attacks against 杏吧传媒 endpoints, and analyze phishing emails reported to us by our learners. We then use these data points to decide which topic will be most beneficial for our learner base.
What's the benefit of this approach?
By looking at all of these data points and finding commonalities between prevalent threats and the ones that our SOC is seeing affect our user base the most, we鈥檙e able to prescribe training content that鈥檚 not only relevant to what a learner is most likely to encounter but also what鈥檚 most likely to produce the desired security awareness outcomes that our partners and customers rely on to improve their security postures.聽聽
This month鈥檚 episode is about privacy. Why did you choose this topic?
Sometimes, we get into the weeds on a very specific attack vector, like Adversary-in-the-Middle. On the other hand, it鈥檚 also important to take a step back every once in a while and look at the bigger picture. Privacy is one of the core concerns that carry over into the lives of our learners outside of work, but it can be difficult to understand the implications of 鈥済iving away your data鈥 when you鈥檙e at work. This episode helps break it all down.
After watching this episode, learners will better understand their rights to data privacy and how to protect sensitive data.
What are the learning objectives and desired outcomes/behaviors for this episode?
This episode goes into:
How will this benefit the learners and their organizations?
Learners will gain a better understanding of the importance of protecting sensitive or personal data, whether it be that of external customers, coworkers, or their own.
Want to see how an SAT program that鈥檚 tailored to today鈥檚 threats can benefit your organization? Start your free trial of 杏吧传媒 SAT today!
Get insider access to 杏吧传媒 tradecraft, killer events, and the freshest blog updates.
