Publications and Works

Business Password Management for Storing and Sharing Credentials

“With the average person having 130 different accounts, the fight for password security can feel a bit overwhelming. If your employees follow password management best practices, that means 130 different passwords for every account. The chances anyone can recall that many strong, unique passwords from memory is slim to none. Expecting employees to practice good password security is a tall order if you aren't giving them a tool to assist them. Without a solution to help manage their credentials, many will throw their hands up in defeat and reuse passwords. Let’s look at how you can implement standards and practices for storing and sharing passwords securely so employees don't have to forge their own path.”

Is Your Security Awareness Program a Total Snoozefest?

“So you put everyone in a room (or video call) and run through your security policy. You checked the compliance boxes for HIPAA, SOC 2, GDPR, PCI-DSS, or NIST data privacy regulations. You're all set, right? Not so fast. Let’s see dive into why your cybersecurity awareness training program might be failing and what you can do to improve it.”

Progress in Education - Vol. 69
Ch. 5 - “The Impact of Learning Theories in Cybersecurity Education”

“Learning is accomplished when a proper response is demonstrated following the presentation of a specific environmental stimulus. There are five educational learning theories that have investigated and applied heavily in the past: Cognitive Behaviorism, Constructivism, Humanism, and Connectivism. Gamification is an example of constructivism that has been a popular teaching strategy. Serious games is a special type of games that are developed for the purpose of education/training and have been an increasingly popular method to teach a variety of skills, including cybersecurity education. They provide greater immersion and simulations of scenarios to determine what an individual would do when faced with that issue in the real world. Many studies have advocated for the effectiveness of serious games to teach cybersecurity, boasting about the increased engagement, retention, and personalization of content. With the increased importance of cybersecurity education, this chapter will look into the application of these learning theories with a focus on serious games to teach and train people in cybersecurity education to better understand the role and impact of each of these theories in this domain.”

Why security scare tactics aren't effective – and what to do instead

“We hear a lot about the consequences of practicing poor security. And for a while, this was rightfully so. When the importance of cybersecurity was still emerging, many people didn’t understand what could happen if they weren’t following proper security procedures. But those days are long behind us, so it’s time to retire the scare tactics of the past.”

Tech needs women: an interview with the women leading security at 1Password

“On International Women’s Day, we shared highlights from our recent Women in Tech panel, where women at 1Password discussed the obstacles faced by women and non-binary people in the tech industry. One of the issues raised during the panel was how important it is for women working in male-dominated spaces to see other women succeeding. With that in mind, we wanted to highlight and celebrate our women-led Security team.”