Confessions of an Awareness Nerd
A blog providing insights and tips into the ways people learn about cybersecurity and privacy
Subscribe to RSS Feed
I’m Tom Pendergast, and I’m the Chief Learning Officer at MediaPRO.
I believe that every person cares about protecting their data, they just don’t know it yet. That’s why I write this blog and why I’ve spent my career at the intersection of education, training, culture, cybersecurity, and privacy.
I’ll use this space to write about how people, organizations, and cultures learn about cybersecurity and privacy.
Follow along if you’re interested in any of these topics:
- How people learn about information security and privacy
- Large-scale ramifications of peoples’ understanding of data privacy in greater depth
- Social, political, and cultural impacts of privacy and security regulation, law, and policy
How to Show You Care (Virtually) During Cybersecurity Awareness Month
5 Minute Read
Prepping a presentation for Cybersecurity Awareness Month? Follow these tips for connecting with employees and upping engagement with cybersecurity.
3 Alternatives to Using Fear In Your Security Awareness Training
4 Minute Read
Fear can undermine your security training and awareness efforts and weaken your security culture. Learn about three alternatives to fear that can help create the behaviors and security culture you want.
Why Your Privacy Training Should Hit the Spirit, Not the Letter, of the Law
5 minute read
When it comes to creating privacy training, it’s better to follow the spirit, not the letter of the law. Read more for advice on doing just that.
Interview with an Awareness Nerd: Warren Avery’s IT Weekly Newsletter
4 minute read
I interview the man mind behind one of my favorite InfoSec reads: The IT Weekly Newsletter, put out by Warren Avery.
Engagement Is for Suckers: The Real Training Manifesto
3 minute read
While I was away on vacation for a spell, the “anti-Tom” snatched the opportunity to give an “alternative” point of view on engagement in training. It’s not pretty.
6 Ideas for Building Engagement Into Your Security Awareness Training
7 minute read
Learn how engagement built into training and awareness provides value and builds trust with employees and why it should be the goal of any training program.
Why You Should Strive for Engagement, Not Just Awareness
5 minute read
Learn how what engages you in your life can inspire you to go beyond awareness and truly engage employees with your security training and awareness efforts.
Summer Reading List for Training and Awareness Program Managers: Part 2
9 minute read
Some other book nerds at MediaPRO join in for Part 2 of our series and discuss three more books training and awareness managers should read this summer.
3 Things to Do Before You Accept That LinkedIn Request (and 1 to Do After)
8 minute read
Everyone wants to be liked; and LinkedIn scammers know this. Follow these tips to avoid falling prey to phony LinkedIn connection requests.
Summer Reading List for Training and Awareness Program Managers: Part 1
8 minute read
Need some reading ideas for our stay-at-home summer this year? Here are three books training and awareness managers should dive into.
5 Questions Employees Should Ask About Workplace Contact Tracing
5 minute read
Contact tracing required to go back to work? Here are five questions employees should ask their employers about the health data that gets collected.
2 Cybersecurity Skills You Can Apply to Combat Racism
4 minute read
Can a few cybersecurity skills we likely already know be employed to fight racism and discrimination? I think so. Here’s why.
Patching: It’s Not Just for IT Anymore
4 minute read
Your IT team undoubtedly has your back, working from home or not, but patching your own machine’s software is one thing you can do to help them out.
Privacy and a Return to Normal Part 3: We Will Trust Because We Must
7 minute read
Universal contact tracing to combat the spread of COVID-19 will likely start on an employer to employee basis. Read why trust must be part of the equation.
The Annual, Breathless ‘What the DBIR Means for You’ Blog Post
3 minute read
Verizon’s annual Data Breach Investigations Report (DBIR) truly has something for everyone. Don’t take my word for it; dive in for yourself! If you can’t, read this brief roundup.
What the COVID ‘Normal’ and Your Email Inbox Have in Common
5 minute read
What have become everyday precautions against COVID-19 might seem similar to those taken while navigating your email inbox. Or at least they should. Let me explain.
What I Learned from My Own Unemployment Scam
6 minute read
After a scammer filed for unemployment in my name, I did some detective work to take back my account. Here’s what I learned from my own unemployment scam.
Privacy and a Return to Normal Part 2: Contact Tracing Apps Are Doomed
6 minute read
If returning to normal after the coronavirus pandemic means implementing contact tracing apps large-scale, trust will be a key factor. This might spell doom for them.
Learning the Hard Way: Zoom and the Public Face of Security and Privacy
6 minute read
The Zoom platform learned the hard way the importance of data privacy and security to consumers. We can all take some lessons from this experience.
The Perfect Pandemic Project: Set Up a Password Manager
3 minute read
Tired of baking and endlessly organizing all the nooks and crannies of your home during the pandemic? Take on a new project: Setting up a password manager.
Is a Return to Normal Worth Our Privacy? Part 1: Voluntary Health Tracking
7 minute read
Health tracking may raise tough questions on privacy as we work on returning to normal after the coronavirus pandemic.
Phishing Paranoia Doesn’t Fall Far from the Tree: A True Story
2 minute read
The lessons promoted in the security training and awareness world can show up in surprising places in your personal life. Exhibit A: This true story.
6 Things the Coronavirus Can Teach About Security Training and Awareness
8 minute read
Even hard times can be learning experiences. Here are six lessons training and awareness managers can take from the coronavirus pandemic.
When 'Use a VPN' Becomes 'Stranger Danger'
2 minute read
When situations change, your advice should change too. Here’s how my advice on VPN use changed when the world started working from home.
Building a Privacy Culture for GDPR, CCPA and Beyond
6 minute read
Building an organizational privacy culture will require executive messaging, training, and ongoing communications. Here are some tips for getting there.
The Time Is Now for Privacy Officers to Build Privacy Cultures in Our Organizations
5 minute read
The increased focus on data privacy rights means now is the time for privacy officers to focus on creating organizational privacy cultures. Here’s why.
8 Tips for Building a Security Culture
10 minute read
Achieving a security culture through security awareness training is far from easy, but here are eight tips to put you on the path.
It’s Time to Combine Security and Privacy Awareness Training
8 minute read
Can the seemingly disparate disciplines of security and privacy awareness training find something in common? Read my take on this topic.
