this post was submitted on 06 May 2024
11 points (100.0% liked)

cybersecurity

3261 readers
8 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Enjoy!

founded 1 year ago
MODERATORS
 

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

top 4 comments
sorted by: hot top controversial new old
[–] arcosenautic 1 points 6 months ago (1 children)

Not strictly career related, but how can I make regular people aware of the importance of cyber security in day to day work? My nontechnical colleagues really brush off security as an optional measure and it's really pissing me and my coworkers off.

[–] [email protected] 2 points 6 months ago (1 children)

Does your org have a security awareness program? It would easier if you can mandate some training or at least some brownbag meetings where you can present some basic security pointers.

[–] arcosenautic 1 points 6 months ago (1 children)

I work at an educational institution that doesn't really prioritize security, or anything IT related for that matter. We are a very small team (3 people) and we can't really enforce any institution-wide training. We send regular PSA emails and that's about it.

Of course, we have control over password policies and external access through workspace management tools, but we don't have control over a lot of higher-up decisions. I wish I could enforce even stricter password policies but it's just not possible for the higherups.

I was thinking of raising funding for some sort of cybersecurity day event at the institution, but when it comes to funding, you know how generous educational institutions are.

[–] [email protected] 2 points 6 months ago* (last edited 6 months ago)

Ah, yeah I feel you. That's indeed an uphill climb especially if the higher ups themselves do not support you. I think a cybersecurity event is a good way to do it. If you end up getting smaller funding, you can also do short brownbag meetings with free snacks and/or giveaways. Free stuff is always an incentive for people to attend. Keeping events short (30 minutes or less) also helps. Then make your presentations interactive, instead of just lecturing do's and dont's to employees. Do scenario based discussions and let employees come up with ideas/solutions. That reinforces the knowledge if they feel like they came up with the answers and you validate them.