Tom Pendergast

Tom is the chief strategist of MediaPro’s Adaptive Awareness Framework, an approach to solving an organization’s human problems in security, privacy, and corporate compliance. Tom’s work focuses on identifying the nature of human awareness challenges then developing education programs targeted at bringing about real changes in behavior. He’s a self-described learning nerd in the areas of privacy and security.

Tom has a Ph.D. in American Studies from Purdue University and is the author or editor of 26 books and reference collections. Outside of work, Tom enjoys trail running, climbing mountains, and spending time with his family.

Two Paths to Meeting GDPR Training Requirements

This article was originally published on the IAPP Privacy Advisor blog.  A DPO stands at a fork in the road, just six months before the General Data Protection Regulation (GDPR) goes into effect. For months, the DPO’s team has been working on getting their program in place. They can finally see their way past writing policies… Read more »

View Post

Is All Fair in Simulated Phishing?

This article originally appeared on CSO Online.  We’ve all heard the saying “all is fair in love and war,” but what about when it comes to simulated phishing? Is there a limit to how far we should go in attempting to emulate the trickery and deceptive tactics of the cybercriminals who bombard our employees with… Read more »

View Post

The Silver Lining on the Equifax Breach

A version of this article originally appeared in CSO Online By any measure, the Equifax data breach was and is a disaster. Most importantly, it exposed the data of 143 million American consumers, which could cause years of trouble for all involved. It also revealed all too clearly the tenuous protections provided for consumer data… Read more »

View Post

A Note to Mom About Cybersecurity

Originally published on CSO Online. If you could get the people you know to commit to doing just a few things right around cybersecurity, what would they be? I often ask myself this question. Given my line of work in cybersecurity awareness, I guess that’s no surprise. But it’s not just a work question. I’m… Read more »

View Post

The Privacy Paradox: GDPR Compliance in the U.S.

Originally published in Venture Beat. Figure this one out: Just shy of 100% of U.S.-based privacy professionals believe that the importance and complexity of managing privacy in their organizations is increasing. Similar numbers (97%!) acknowledge that they will increase their investment in managing privacy. Yet fully 61% of these same professionals acknowledge that they have… Read more »

View Post

5 Signs Your Cybersecurity Awareness Program Is Paying Off

Originally posted on TripWire’s State of Security blog. Not too long ago, a client of ours who had just released a dynamic new cybersecurity awareness course told me how blown away he was with the response they were getting. His inbox was full of compliments, and his colleagues wanted to duplicate his training success in… Read more »

View Post

Reaching the Cybersecurity Tipping Point

Originally posted on Network World Remember that moment when you really committed yourself to solid security and privacy practices? The moment when you committed to never clicking on a link you weren’t sure about, to always checking for badges on people coming in the door, to always using your password manager to create a complex password?… Read more »

View Post