Tom Pendergast


Tom is the chief strategist of MediaPRO’s Adaptive Awareness Framework, an approach to solving an organization’s human problems in security, privacy, and corporate compliance. Tom’s work focuses on identifying the nature of human awareness challenges then developing education programs targeted at bringing about real changes in behavior. He’s a self-described learning nerd in the areas of privacy and security.

Tom has a Ph.D. in American Studies from Purdue University and is the author or editor of 26 books and reference collections. Outside of work, Tom enjoys trail running, climbing mountains, and spending time with his family.

Two Paths to Meeting GDPR Training Requirements

This article was originally published on the IAPP Privacy Advisor blog.  A DPO stands at a fork in the road, just six months before the General Data Protection Regulation (GDPR) goes into effect. For months, the DPO’s team has been working on getting their program in place. They can finally see their way past writing policies … Continued

Read More

Is All Fair in Simulated Phishing?

This article originally appeared on CSO Online. We’ve all heard the saying “all is fair in love and war,” but what about when it comes to simulated phishing? Is there a limit to how far we should go in attempting to emulate the trickery and deceptive tactics of the cybercriminals who bombard our employees with … Continued

Read More

The Silver Lining on the Equifax Breach

A version of this article originally appeared in CSO Online By any measure, the Equifax data breach was and is a disaster. Most importantly, it exposed the data of 143 million American consumers, which could cause years of trouble for all involved. It also revealed all too clearly the tenuous protections provided for consumer data … Continued

Read More

A Note to Mom About Cybersecurity

Originally published on CSO Online. If you could get the people you know to commit to doing just a few things right around cybersecurity, what would they be? I often ask myself this question. Given my line of work in cybersecurity awareness, I guess that’s no surprise. But it’s not just a work question. I’m … Continued

Read More

The Privacy Paradox: GDPR Compliance in the U.S.

Originally published in Venture Beat. Figure this one out: Just shy of 100% of U.S.-based privacy professionals believe that the importance and complexity of managing privacy in their organizations is increasing. Similar numbers (97%!) acknowledge that they will increase their investment in managing privacy. Yet fully 61% of these same professionals acknowledge that they have … Continued

Read More

What Pepsi’s Failed Ad Can Teach Us About Data Privacy

Originally published on Network World.  By now, you’ve seen the ad that Pepsi released to the world and then quickly withdrew when it became obvious how tone deaf it was. I don’t have anything to say about the ad that hasn’t been said already, but I do want to examine the conditions that led to … Continued

Read More

5 Signs Your Cybersecurity Awareness Program Is Paying Off

Originally posted on TripWire’s State of Security blog. Not too long ago, a client of ours who had just released a dynamic new cybersecurity awareness course told me how blown away he was with the response they were getting. His inbox was full of compliments, and his colleagues wanted to duplicate his training success in … Continued

Read More