October Is Security Awareness Month

If you haven't done anything by now, feel free to take something from the playbook below. You can also do this year round. :)

Below are some brief tips and links to tools you can use to have a successful security awareness month.

Intro

October is security awareness month, which is a great time to schedule activities company wide to facilitate the awareness of Information Security. It's also a great opportunity for security practitioners to (re) introduce ourselves to employees and contractors and have them put a face to the name.

Of course, make sure you clear these activities with your designated stakeholder. They may be aware of corporate meetings and activities that may work well with your plan.

Make sure your activities are FUN and ENGAGING.

General Audience Activities

Entice people to join and participate in your activities. See Swag & Rewards below for ideas.

Slack

Everyone is in slack! Use some of the methods below to facilitate.

Engagement should generally not exceed more than 2X/week.
Create a #security channel if not already
Cross-post informaiton in the #general
Get HR/PeopleOps heads up/buy in prior

Introduce Security Awareness Month

Send an introduction to #general or #announcements channel, depending on the slack. Obtain permission before using @here or @channel

Slack Poll & Quizzes

Send a slack poll periodically in public channels with interesting questions.

Interactive Games and Events

Make sure to TEST your setup properly before deploying.

Hacker Jeopardy

JeopardyLabs - Online Jeopardy Template

Online Buzzers

BuzzIn.live

Multibuzzer

COSMOBUZZ - Online Multiplayer Buzzer

Kahoot

Kahoot is a popular game.

kahoot.it

Engineer Specific Activities

CTFs

CTFd : The Easiest Capture The Flag Framework

OWASP Juice Shop

Swag / Rewards

Give away some things. Can be to participants, the whole company, or winners.

Rubber duckies
Stickers
T-Shirts
Mentions in Slack & Email, or at All-Hands
Leaderboards

Need Help Designing Your Program?

Need help designing your security awareness program for October or the year? Need someone to design or MC a Hacker Jeopardy event for you? Get in touch!

Thank you for reading Last Week As A vCISO. This post is public so feel free to share it.