October Is Security Awareness Month

If you haven't done anything by now, feel free to take something from the playbook below. You can also do this year round. :)

Below is a literal cut and paste from my internal playbook to my consultants to help make security awareness month a little more fun. I’m always expanding it, but wanted to share it with you. If you have any fun activities you’d like to share, feel free to comment below.

Leave a comment

Intro

October is security awareness month, which is a great time to schedule activities company wide to facilitate the awareness of Information Security. It's also a great opportunity for us to (re) introduce ourselves to employees and contractors and have them put a face to the name.

If you are the Lead vCISO for a client, you are expected to conduct and facilitate some of these activities.

Of course, make sure you clear these activities with your designated stakeholder. They may be aware of corporate meetings and activities that may work well with your plan.

Make sure your activities are FUN and ENGAGING. If you don't have the stomach or creativity for such activities, please contact @Ayman Elsawah or anyone else for help. We'd be happy to help you.

General Audience Activities

Entice people to join and participate in your activities. See Swag & Rewards below for ideas.

Slack

Everyone is in slack! Use some of the methods below to facilitate.

Engagement should generally not exceed more than 2X/week.

Use the #general for short

Introduce Security Awareness Month

Send an introduction to #general or #announcements channel, depending on the slack. Obtain permission before using @here or @channel

Slack Poll & Quizzes

Send a slack poll periodically in public channels with interesting questions.

Interactive Games and Events

Make sure to TEST your setup properly before deploying.

Hacker Jeopardy

JeopardyLabs - Online Jeopardy Template

Online Buzzers

BuzzIn.live

Multibuzzer

COSMOBUZZ - Online Multiplayer Buzzer

Kahoot

Kahoot is a popular game.

kahoot.it

Engineer Specific Activities

CTFs

CTFd : The Easiest Capture The Flag Framework

OWASP Juice Shop

Swag / Rewards

Give away some things. Can be to participants, the whole company, or winners.

  • Rubber duckies

  • Stickers

  • T-Shirts

  • Mentions in Slack & Email, or at All-Hands

  • Leaderboards