
Confessions of an Awareness Nerd
A blog providing insights and tips into the ways people learn about cybersecurity and privacy
Subscribe to RSS Feed
I’m Tom Pendergast, and I’m the Chief Learning Officer at MediaPRO.
I believe that every person cares about protecting their data, they just don’t know it yet. That’s why I write this blog and why I’ve spent my career at the intersection of education, training, culture, cybersecurity, and privacy.
I’ll use this space to write about how people, organizations, and cultures learn about cybersecurity and privacy.
Follow along if you’re interested in any of these topics:
- How people learn about information security and privacy
- Large-scale ramifications of peoples’ understanding of data privacy in greater depth
- Social, political, and cultural impacts of privacy and security regulation, law, and policy
On UFOs, Bonus Checks, and Nigerian Princes: Phishing Gets Complicated
6 minute read
From the old Nigerian Prince scams to bonus checks and UFOs, phishing scams never fail to adapt with the times. Here’s what you can learn from them.
What’s Love Got to Do with Security Awareness?
5 minute read
Can applying a little love to security training and awareness have an impact? I make the case for “yes” and give some ideas for getting there.
5 Things to Try in Your Training and Awareness Program in 2021
4 minute read
Looking for some renewed excitement for your employee training and awareness program in 2021? Try something new! Here are some ideas.
For Year-Round Privacy Awareness, You’ll Need to Chop a Little Wood
12 minute read
A year-round privacy training and awareness effort will likely mean rolling up your sleeves. Here’s some advice on getting there.
Getting in the Right Mindset to Run a Year-Round Privacy Training Program
4 minute read
Running a year-round privacy program means applying planning, passion, and patience—all mental skills that you can develop.
Executives: Life in the Cybersecurity Fast Lane
4 minute read
Executives face life in the cybersecurity fast lane, with higher risks than most. That’s why we need to prepare them with advanced risk avoidance skills.
What to Do When Spam Feels Like Phishing
5 minute read
Spam and phishing can feel similar, but you should delete both—even if you think they really have something for you. Read what I mean.
2021 Predictions Are Foolhardy – Here Are Four of Mine
6 minute read
Everybody has their own set of 2021 predictions. Though the ubiquitous practice seems foolhardy, here are four of mine.
4 Holiday Cybersecurity Projects to Fill Some Quiet Time
7 minute read
Are you fortunate enough to be able to enjoy some time away from work this time of year? If 100% down time is not your thing, I’ve got four simple cybersecurity projects you can tackle during the holidays.
Can Security Awareness Lead to Peace on Earth?
4 minute read
If you’re craving peace of mind during this holiday season, why not look to the habits and mental models you develop when you’re cybersecure? Read what I mean.
The Anti-Tom’s Guide to Reckless Holiday Shopping
2 minute read
The Anti-Tom is up to his old tricks again, this time promoting his own take on holiday shopping. Read more if you dare.
A Security Awareness Nerd’s Safe Online Shopping Checklist
5 minute read
The online shopping season will be on us before you know it, and so will the scams. Here’s a checklist for shopping with cybersecurity in mind.
5 Lessons from a Month of Security Awareness Barnstorming
5 minute read
This Cybersecurity Awareness Month I’ve been around the country (virtually) spreading the good word about cybersecurity and how to communicate it to your employees. Here’s what I learned.
When a Documentary Is Also a Horror Movie: The Social Dilemma
7 minute read
Just in time for Halloween, I share my thoughts on the recent and surprisingly spooky Netflix documentary The Social Dilemma. Grab the popcorn.
Don’t Let Amazon Prime Day Become Scam Day
3 minute read
Excited for the buying extravaganza that is Amazon Prime Day Oct. 13-14? Online scammers are, too. Here’s how to shop securely.
What Security Awareness Has to Do with Democracy
3 minute read
Security training and awareness ultimately promotes the same skills necessary to make informed decisions as part of the democratic process. Here’s what I mean.
How to Show You Care (Virtually) During Cybersecurity Awareness Month
5 Minute Read
Prepping a presentation for Cybersecurity Awareness Month? Follow these tips for connecting with employees and upping engagement with cybersecurity.
3 Alternatives to Using Fear In Your Security Awareness Training
4 Minute Read
Fear can undermine your security training and awareness efforts and weaken your security culture. Learn about three alternatives to fear that can help create the behaviors and security culture you want.
Why Your Privacy Training Should Hit the Spirit, Not the Letter, of the Law
5 minute read
When it comes to creating privacy training, it’s better to follow the spirit, not the letter of the law. Read more for advice on doing just that.
Interview with an Awareness Nerd: Warren Avery’s IT Weekly Newsletter
4 minute read
I interview the man mind behind one of my favorite InfoSec reads: The IT Weekly Newsletter, put out by Warren Avery.
Engagement Is for Suckers: The Real Training Manifesto
3 minute read
While I was away on vacation for a spell, the “anti-Tom” snatched the opportunity to give an “alternative” point of view on engagement in training. It’s not pretty.
6 Ideas for Building Engagement Into Your Security Awareness Training
7 minute read
Learn how engagement built into training and awareness provides value and builds trust with employees and why it should be the goal of any training program.
Why You Should Strive for Engagement, Not Just Awareness
5 minute read
Learn how what engages you in your life can inspire you to go beyond awareness and truly engage employees with your security training and awareness efforts.
Summer Reading List for Training and Awareness Program Managers: Part 2
9 minute read
Some other book nerds at MediaPRO join in for Part 2 of our series and discuss three more books training and awareness managers should read this summer.
3 Things to Do Before You Accept That LinkedIn Request (and 1 to Do After)
8 minute read
Everyone wants to be liked; and LinkedIn scammers know this. Follow these tips to avoid falling prey to phony LinkedIn connection requests.
Summer Reading List for Training and Awareness Program Managers: Part 1
8 minute read
Need some reading ideas for our stay-at-home summer this year? Here are three books training and awareness managers should dive into.
5 Questions Employees Should Ask About Workplace Contact Tracing
5 minute read
Contact tracing required to go back to work? Here are five questions employees should ask their employers about the health data that gets collected.
2 Cybersecurity Skills You Can Apply to Combat Racism
4 minute read
Can a few cybersecurity skills we likely already know be employed to fight racism and discrimination? I think so. Here’s why.
Patching: It’s Not Just for IT Anymore
4 minute read
Your IT team undoubtedly has your back, working from home or not, but patching your own machine’s software is one thing you can do to help them out.
Privacy and a Return to Normal Part 3: We Will Trust Because We Must
7 minute read
Universal contact tracing to combat the spread of COVID-19 will likely start on an employer to employee basis. Read why trust must be part of the equation.
The Annual, Breathless ‘What the DBIR Means for You’ Blog Post
3 minute read
Verizon’s annual Data Breach Investigations Report (DBIR) truly has something for everyone. Don’t take my word for it; dive in for yourself! If you can’t, read this brief roundup.
What the COVID ‘Normal’ and Your Email Inbox Have in Common
5 minute read
What have become everyday precautions against COVID-19 might seem similar to those taken while navigating your email inbox. Or at least they should. Let me explain.
What I Learned from My Own Unemployment Scam
6 minute read
After a scammer filed for unemployment in my name, I did some detective work to take back my account. Here’s what I learned from my own unemployment scam.
Privacy and a Return to Normal Part 2: Contact Tracing Apps Are Doomed
6 minute read
If returning to normal after the coronavirus pandemic means implementing contact tracing apps large-scale, trust will be a key factor. This might spell doom for them.
Learning the Hard Way: Zoom and the Public Face of Security and Privacy
6 minute read
The Zoom platform learned the hard way the importance of data privacy and security to consumers. We can all take some lessons from this experience.
The Perfect Pandemic Project: Set Up a Password Manager
3 minute read
Tired of baking and endlessly organizing all the nooks and crannies of your home during the pandemic? Take on a new project: Setting up a password manager.
Is a Return to Normal Worth Our Privacy? Part 1: Voluntary Health Tracking
7 minute read
Health tracking may raise tough questions on privacy as we work on returning to normal after the coronavirus pandemic.
Phishing Paranoia Doesn’t Fall Far from the Tree: A True Story
2 minute read
The lessons promoted in the security training and awareness world can show up in surprising places in your personal life. Exhibit A: This true story.
6 Things the Coronavirus Can Teach About Security Training and Awareness
8 minute read
Even hard times can be learning experiences. Here are six lessons training and awareness managers can take from the coronavirus pandemic.
When 'Use a VPN' Becomes 'Stranger Danger'
2 minute read
When situations change, your advice should change too. Here’s how my advice on VPN use changed when the world started working from home.
Building a Privacy Culture for GDPR, CCPA and Beyond
6 minute read
Building an organizational privacy culture will require executive messaging, training, and ongoing communications. Here are some tips for getting there.
The Time Is Now for Privacy Officers to Build Privacy Cultures in Our Organizations
5 minute read
The increased focus on data privacy rights means now is the time for privacy officers to focus on creating organizational privacy cultures. Here’s why.
8 Tips for Building a Security Culture
10 minute read
Achieving a security culture through security awareness training is far from easy, but here are eight tips to put you on the path.
It’s Time to Combine Security and Privacy Awareness Training
8 minute read
Can the seemingly disparate disciplines of security and privacy awareness training find something in common? Read my take on this topic.