More and more, the human factor is being recognized as a key component of an overall cybersecurity strategy. Technology alone will not solve our cybersecurity issues; we have to ensure that our people are aware and taking the appropriate action when confronted with phishing, social engineering, etc. Traditional cybersecurity awareness training, while part of baseline training, may fall short of expectations. What's needed is a change in the organization's culture: good cybersecurity practices need to be viewed as a valued component of that culture. "Champions" or "ambassador" programs are an effective way of creating and maintaining this culture change. In this session, Don will review the Security Awareness Maturity Model and why culture is important. He will then discuss the concept of an ambassador program, and how it can influence culture. Finally, Don will delve into the practical side of implementing an ambassador program based on his experiences at Royal Roads University.


Don Devenney
Senior IT Security Specialist | Royal Roads University

Throughout his 20-year career in information technology Don has held a number of roles, including information technology manager for Canadian Sport Institute Pacific and as a member of the infrastructure team at Royal Roads University. In 2017, Don was hired as the first dedicated IT security professonal at the University. In developing an information security strategy, he identified the need for increased security awareness. In the next two years, he developed a cybersecurity awareness program that has resulted in a marked decrease in cybersecurity events related to human factors. The latest initiative in Royal Roads' awareness program, the cybersecurity ambassador program, has made noticeable changes to the cybersecurity culture of the organization.

Session Recording