There's more to a security awareness program than an on-boarding video and the occasional phishing simulation. The most effective way to manage your organisation's human risk is to implement a security awareness program that goes beyond compliance, changes people's behaviors, and ultimately creates a secure culture. This workshop will look at the Security Awareness Maturity Model, and how it can be a guide for developing your program. We will also examine risk, human risk, key elements to consider in developing your program and strategies for getting executive support.


Don Devenney
Senior IT Security Specialist | Royal Roads

Throughout his 20 year career in Information Technology Don has held a number of roles, including Information Technology Manager for Canadian Sport Institute Pacific and as a member of the Infrastructure Team at Royal Roads University. In 2017 Don was appointed to the first dedicated IT security position at Royal Roads University. In developing an Information Security strategy for Royal Roads Don identified a need for increased security awareness and over the next 2 years developed a cybersecurity awareness program that has resulted in Royal Roads seeing a marked decrease in cybersecurity events related to human factors.The latest initiative in Royal Roads' awareness program, a Cybersecurity Ambassador program, has made noticeable changes to the cybersecurity culture of the organization.