The New CISO Podcast

Episode 5: Does Security Training Really Work?

If we believe that employees are our first line of defense against attacks – like phishing, credential theft, and business email compromise, we need their active participation. But is security training – specifically phishing training – really effective? Should we be doing it differently? We touch on the idea of training versus education, positive reinforcement versus negative, suggestions for engaging with employees, and the best sushi in Vegas.

David Tyburski, Chief Information Security Officer at Wynn Resort sits down with Steve Moore to talk about security training, specifically phishing training. He shares his thoughts on the idea of training vs education, positive vs negative reinforcement, and offers suggestions for engaging with employees.

On advice to your younger self

David believes new CISOs could stand to be a little more attentive to the toolset they bring, which could avoid a lot of false starts along the way as far as buying tools. If we spent a little more time evaluating where we could really use them, we would be in a better position in the early days. And we do that today by ensuring we have good proper use of cases for every tool that we bring.

Listen as Steve and David hit on topics like the importance of understanding use cases, as well as:

  • Issues around phishing training
  • Training versus education
  • Should information security be more aggressive when it comes to email?
  • What does a good security program need?
  • How can we improve security awareness?

Check out the full episode here, and if you like the show, remember to review, rate us and subscribe to get new episodes when they drop.

Listen and Subscribe

iTunes Button (via Listen on Google Play Music Listen on Spotify RSS Feed

More About David Tyburski

David Tyburski is the Global Chief Information Security Officer for Wynn Resorts, where for over the last 10 years, he has been responsible for leading the enterprise strategy for information security, identity / access, governance, and incident management for the Las Vegas based developer and operator of high-end luxury hotels and casinos.