BSidesLV has ended
Thank you for joining us for our 5th Anniversary celebration! We certainly hope you enjoy the conference. Here’s to Education, Collaboration, and Community!

Remember, we don’t take ourselves too seriously and you shouldn’t, either! To quote the old motto of another collaborative community, "We trick into learning with a laugh".

We wish you both laughter and learning - and lots of both!

-= Team BSidesLV 
Back To Schedule
Wednesday, August 6 • 15:45 - 16:15
Pwning the hapless or How to Make Your Security Program Not Suck

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Pwning the hapless or How to Make Your Security Program Not Suck

Customer data is our business. Whether within the financial or healthcare industries, the root of our business is to safely house and transmit information to and from trusted parties.

With the growing demand of increased access – in healthcare, from providers, employees, visitors and patients, from a variety of devices, increased federal enforcements of privacy and security requirements under the new HIPAA Omnibus Rule, there is an ongoing challenge of ensuring patient and customer information is adequately protected.

Numerous breaches within both the healthcare and financial fields have involved lost or stolen unencrypted devices, but mistakes by employees continue to be the biggest security threats to all businesses. Even tech-based companies are shown to be at risk for various social engineering attempts.

Why do these breaches keep happening? How can you, as an IT professional, or merely an employee with the safety of your customers’ data a concern, help your business create useful prevention strategies that employees will pay attention to? How do you train your non-tech employees to not be susceptible to social engineering attacks?

Emily, an insurance professional with ten years experience of working for 3 of the 5 biggest US disability insurance companies, and Casey, a Security Engineer with history working for commercial financial firms, will explore the unawareness non-tech employees have of their actions, discuss useful training and resource organization and allocation. We will walk through a few scenarios (the successful and non) and discuss what we have learned from human behavior and how it can apply to enforcing security policies or creating a culture of care.

Technical solutions will not be discussed specifically, as the focus will be on employee awareness, education and how we can do better.

By working through a few scenarios that we have personally encountered, we will address the topics of

- “Why To Care” – Problems with people caring about security
- Testing your people
- Getting the peons out of the loop
- Rewarding Security Efforts


Casey Dunham

Casey Dunham, is currently a Security Engineer with Bigelow Laboratories in Booth Harbor, ME. He also runs his own security consultancy, Gnosis Security, Inc. His InfoSec history includes working for commercial financial firms and volunteering at numerous regional and national InfoSec... Read More →

Emily Pience

Emily Pience is currently a Clinical Innovation Specialist with [redacted name of major American health and medical insurance company]. She has never worked in InfoSec but was raised by an Electrical Engineer in the cable industry, and believes herself to be a bastard of the engineering... Read More →

Wednesday August 6, 2014 15:45 - 16:15 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

Attendees (0)