Skip to content Skip to footer

Convene: Clearwater 2023 Sessions

Clearwater, FloridaJanuary 10-11, 2023

Featured Sessions

Hearts, Minds, and Actions: Counterintuitive Methods for Building Connection and Changing Behaviors 

Security awareness leaders have it hard. We know that information alone doesn’t change behavior, but sharing information is still critical to the success of our programs. We also know that shaping security behaviors and influencing culture is critical… but those are fuzzy concepts. In this session, Perry Carpenter will share a number of counterintuitive insights he’s stumbled upon since writing his first book, “Transformational Security Awareness” back in 2019. He’ll discuss his most recent lessons learned about human connection, relationship building, empathetic engagement, behavior shaping, and more.

Lessons Learned from the Inside of the SolarWinds Attack

SolarWinds CISO Tim Brown will provide a moment-by-moment insider perspective of being the victim of an extremely sophisticated attack, sharing insights on public/private partnership when it really matters, and on how SolarWinds proved resilient at the end of the day.

Economic Espionage: Behavioral Study on Employee Reporting of Security Incidents 

In 2020, MITRE behavioral psychologists conducted a sensitive behavioral experiment, the first of its kind, to derive a data-driven understanding of why employees do not report insider threat incidents. To accomplish this, we sent out a series of LinkedIn Messages from a recruiter with ties to a foreign adversary to 300 random employees at a medium size company in the National Capital Region. Learn the results from this experiment, presented by Dr. Deanna Caputo, Chief Scientist for Behavioral Sciences and Cybersecurity, MITRE

Lessons from Aviation: Building a Just Culture in Cybersecurity 

Airlines don’t “do safety”, they are safe. This wasn’t always the case. By accepting that humans are fallible and building systems that both anticipate human error and poor individual human risk decisions the airline industry improved safety. Join John Elliot, Author, Pluralsight to learn the key lesson from aviation’s experience that culture is vital, and move from “doing security” to being secure.

Live! The CISO Series Podcast

David Spark will record a special LIVE show for his podcast, The CISO Series, with Hadas Cassorla, CISO, M1 and Chris Hatter, CISO, Nielsen.

Stop, Drop & Roll

If we catch fire, we are taught to STOP, DROP, and ROLL!  But how many times have you caught on fire?  The odds of a cyber incident are far greater than catching on fire, yet we make security awareness programs so difficult.  Instead, they need to be easy, relatable, and retainable.   This is where behavior truly is changed.  This is what winning looks like in the security awareness world. Learn how to design your security awareness programs to be as easy as Stop, Drop, and Roll!

Cyber Rosetta Stone: Using Tabletops to Engage Executives in the Cyber Risk Conversation

The biggest barrier to the cyber risk discussion is the language we use to talk about cybersecurity. Tabletop exercises, when done right, can be the Rosetta stone needed to translate the ones and zeros of security to the dollar and cents of financial and reputational losses. Join cybersecurity author and expert, Mark Sangster, as he walks identifies the pitfalls of tabletops, and builds a simple framework to bring executives and security leaders to the table to collaborate, reduce business risk, and prepare for an inevitable cyber incident.

Scamming the Scammer

Over the last few months, researchers at Cofense have been trying to gain more insights into the world’s most lucrative cybercrime, Business Email Compromise. Business email compromise, often known simply as BEC or CEO Fraud, is when threat actors use email fraud to attack commercial, government and non-profit organizations to achieve a specific outcome which negatively impacts the target organization. Basically, BEC’s goal is to deceive people into thinking they have received a legitimate business-related email and convince them into doing something they believe is necessary to help the company.  

How Phishing Simulation Training Fuels a Security-Aware Culture

Now more than ever, phishing simulation training plays an integral part of weaving cyber security best practices into your organization’s culture. Phishing and other cyber threats are becoming increasingly complex and commonplace, yet, according to a recent report published by Fortra’s Terranova Security and IPSOS, 1 in 5 U.S. employees don’t believe they can be targeted by a cyber attack. Join Terranova Security CISO Theo Zafirakos as he guides you through crucial data-driven insights that demonstrate the value of deploying real-world phishing simulations as part of your security awareness training program.

Why Human Risk Management is the Next Logical Step

Humans hold the key to securing organizations from breaches. Today’s threats require us to predict potential employee vulnerabilities, focus training and awareness where they have the biggest impact, and measure the impact on the organization’s risk index. We call this Human Risk Management (HRM). In this session, you’ll hear how Medtronic views HRM and its importance, how they’re preparing to implement it across their businesses and regions, and how they are evolving awareness around Ambassadors and Very Attacked People inside their organization. 

Sign Up to Our Newsletter

Be the first to know the latest updates

[yikes-mailchimp form="1"]