Hi folks! Cyber security awareness month is right around the corner and I'd love to know what you or your security teams are planning on putting out there.
I've been trying to plan a month of challenges and games with some talks thrown in for good measure.
The challenges will be themed each week;
Week 1 we're looking at passwords and authentication methods - I'll be giving a talk on Daniel Meisslers Consumer Authentication Strength Maturity Model and we'll have some password cracking challenges.
Week 2 is phishing:
The challenge will be to craft the most believable phishing email/attack.
We'll also be talking about other social engineering attacks and take a look at OSINT and how users can protect information.
Week 3 will be physical security
Like many organisations we're starting to move back into the office and with that comes bad habits like forgetting to lock screens or not locking up behind you. The challenge here is to think about how you might get somewhere you're not supposed to, with some spare offices we might make a mock-up office that users will have to infiltrate - maybe using some social engineering tricks from last week?
Talks will cover clear desk policy, access keys and more
This will be consolidation week - we'll make a challenge that requires skills picked up from the whole month with lots of refresher talks and a final chat about where to get more information, how to contact the security team and get feedback for future events.
I'd love to hear your ideas!