More Soft Skills are Needed for Leading Today's Security Awareness Programmes

22 Apr 2015
Author: HSD Foundation

Organisations need the right people and skills to enable security awareness to reduce the human error leading to today's security breaches. The SANS Institute recently published their 2015 Security Awareness Report. The main outcome is that many organisations’ security awareness programmes are still in their infancy and many lack the soft skills needed to ensure successful implementation.


"In many cases, the wrong people are leading security awareness programmes or lack the training they need to be successful," says Spitzner, an internationally recognised leader in the field of cyber threat research and security training and awareness and director of SANS. "The majority are from highly technical backgrounds and lack skills such as communication and an understanding of human behaviour."


More than 75% of the awareness programmes surveyed are run by people with highly technical backgrounds, such as IT admins or security analysts, but with little experience in softer skills, such as communications, change management, learning theory or human behaviour. In addition, people limited to just technical backgrounds may be prone to view security strictly from a technical perspective. This shows the importance of a strong and diverse cyber security talent and of training programmes in cyber security. The Hague Security Delta and its partners are therefore working hard to grow the HSD Security Talent Community.


The report found the top two challenges facing security awareness officers are employee engagement and lack of support from senior management. "They need to understand that their organisation cannot effectively mitigate risk if security is treated only as a technical issue; the human issue must be addressed also," says Spitzner.


The report can be downloaded here.


SANS Secure Europe 2015 The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of training and certification to professionals at governments and commercial institutions world-wide.


From May 5th to May 25th, SANS Institute organises their  IT Security training event, SANS Secure Europe 2015, in the Netherlands. The ten-course line-up covers topics including Security Essentials, Incident Handling, Mobile Device Security, Forensic Analysis and Private Cloud Security. Also running at this event is the popular new SANS course SEC511: Continuous Monitoring and Security Operations led by SANS Instructor Eric Conrad. SANS Secure Europe will also include SANS@night talks as well as social/networking functions, free of charge to all students.

Click here for more information.