Simon Parkin
Simon Parkin is an Assistant Professor in the Cybersecurity group in the Technology, Policy, and Management (TPM) faculty at the Delft University of Technology (TU Delft, Netherlands). His specialization is in human-centred security: usability and perceptions of security-related technologies, security behaviour change, security economics, and decision-making in security technology management, support, and policy.
Sessie
Here we explore security awareness and training (SAT) from the view of full-time security awareness managers, and through the lens of SAT solutions. Through interviews with SAT managers and SAT vendor website analysis, we uncover a range of successes and ongoing challenges. Interviews with SAT managers identify a range of restrictions, and mismatched drivers and goals for security awareness, affecting how it is structured, delivered, measured, and improved. We find that beyond compliance needs, security awareness as a practice is underspecified and largely left to SAT managers to define. Efforts are split between maintaining messaging around secure behaviours, and activities to connect to employees. By analyzing SAT vendor websites, we develop a picture of what is signaled as important in awareness management. We find that product messaging targets customers' need for easy-to-implement and compliance-fulfilling SAT products; what is spoken of less is the need for effective user support, and the role of usable security technologies within the organization environment to ensure that security expectations are doable for users.