V1-confessions-awareness-nerd-tom-pendergast-banner-image-2200x800

Confessions of an Awareness Nerd

A blog providing insights and tips into the ways people learn about cybersecurity and privacy

Subscribe to RSS Feed
Tom Pendergast Confessions of an Awareness Nerd Blog

I’m Tom Pendergast, and I’m the Chief Learning Officer at MediaPRO.

I believe that every person cares about protecting their data, they just don’t know it yet. That’s why I write this blog and why I’ve spent my career at the intersection of education, training, culture, cybersecurity, and privacy 

I’ll use this space to write about how people, organizations, and cultures learn about cybersecurity and privacy.

Follow along if you’re interested in any of these topics:

  • How people learn about information security and privacy
  • Large-scale ramifications of peoples’ understanding of data privacy in greater depth
  • Social, political, and cultural impacts of privacy and security regulation, law, and policy

 

6 Questions About the CPRA, Answered

6 minute read

California just passed the California Privacy Rights Act (CPRA). I answer some simple questions about the law, why it matters, and why it likely won’t be the last word we hear on U.S. privacy laws. 

Read More

Can Security Awareness Lead to Peace on Earth?

4 minute read

If you’re craving peace of mind during this holiday season, why not look to the habits and mental models you develop when you’re cybersecure? Read what I mean.

Read Article

The Anti-Tom’s Guide to Reckless Holiday Shopping

2 minute read

The Anti-Tom is up to his old tricks again, this time promoting his own take on holiday shopping. Read more if you dare.

"Learn" More

A Security Awareness Nerd’s Safe Online Shopping Checklist

5 minute read

The online shopping season will be on us before you know it, and so will the scams. Here’s a checklist for shopping with cybersecurity in mind.

Read the Checklist

5 Lessons from a Month of Security Awareness Barnstorming

5 minute read

This Cybersecurity Awareness Month I’ve been around the country (virtually) spreading the good word about cybersecurity and how to communicate it to your employees. Here’s what I learned.

Learn More

When a Documentary Is Also a Horror Movie: The Social Dilemma

7 minute read

Just in time for Halloween, I share my thoughts on the recent and surprisingly spooky Netflix documentary The Social Dilemma. Grab the popcorn.

Read If You Dare

Don’t Let Amazon Prime Day Become Scam Day

3 minute read

Excited for the buying extravaganza that is Amazon Prime Day Oct. 13-14? Online scammers are, too. Here’s how to shop securely.

Read Article

What Security Awareness Has to Do with Democracy

3 minute read

Security training and awareness ultimately promotes the same skills necessary to make informed decisions as part of the democratic process. Here’s what I mean.

Read More

How to Show You Care (Virtually) During Cybersecurity Awareness Month

5 Minute Read

Prepping a presentation for Cybersecurity Awareness Month? Follow these tips for connecting with employees and upping engagement with cybersecurity.

Learn More

3 Alternatives to Using Fear In Your Security Awareness Training

4 Minute Read

Fear can undermine your security training and awareness efforts and weaken your security culture. Learn about three alternatives to fear that can help create the behaviors and security culture you want.

Read More

Why Your Privacy Training Should Hit the Spirit, Not the Letter, of the Law

5 minute read

When it comes to creating privacy training, it’s better to follow the spirit, not the letter of the law. Read more for advice on doing just that.

Learn More

Interview with an Awareness Nerd: Warren Avery’s IT Weekly Newsletter

4 minute read

I interview the man mind behind one of my favorite InfoSec reads: The IT Weekly Newsletter, put out by Warren Avery.

Read the Interview

Engagement Is for Suckers: The Real Training Manifesto

3 minute read

While I was away on vacation for a spell, the “anti-Tom” snatched the opportunity to give an “alternative” point of view on engagement in training. It’s not pretty.

Read If You Dare

6 Ideas for Building Engagement Into Your Security Awareness Training

7 minute read

Learn how engagement built into training and awareness provides value and builds trust with employees and why it should be the goal of any training program.

Read More

Why You Should Strive for Engagement, Not Just Awareness

5 minute read

Learn how what engages you in your life can inspire you to go beyond awareness and truly engage employees with your security training and awareness efforts.

Learn More

Summer Reading List for Training and Awareness Program Managers: Part 2

9 minute read

Some other book nerds at MediaPRO join in for Part 2 of our series and discuss three more books training and awareness managers should read this summer.

Get Started

3 Things to Do Before You Accept That LinkedIn Request (and 1 to Do After)

8 minute read

Everyone wants to be liked; and LinkedIn scammers know this. Follow these tips to avoid falling prey to phony LinkedIn connection requests.

Read More

Summer Reading List for Training and Awareness Program Managers: Part 1

8 minute read

Need some reading ideas for our stay-at-home summer this year? Here are three books training and awareness managers should dive into.

Dive In

5 Questions Employees Should Ask About Workplace Contact Tracing

5 minute read

Contact tracing required to go back to work? Here are five questions employees should ask their employers about the health data that gets collected.

Learn More

2 Cybersecurity Skills You Can Apply to Combat Racism

4 minute read

Can a few cybersecurity skills we likely already know be employed to fight racism and discrimination? I think so. Here’s why.

Read More

Patching: It’s Not Just for IT Anymore

4 minute read

Your IT team undoubtedly has your back, working from home or not, but patching your own machine’s software is one thing you can do to help them out.

Learn More

Privacy and a Return to Normal Part 3: We Will Trust Because We Must

7 minute read

Universal contact tracing to combat the spread of COVID-19 will likely start on an employer to employee basis. Read why trust must be part of the equation.

Read More

The Annual, Breathless ‘What the DBIR Means for You’ Blog Post

3 minute read

Verizon’s annual Data Breach Investigations Report (DBIR) truly has something for everyone. Don’t take my word for it; dive in for yourself! If you can’t, read this brief roundup.

Read More

What the COVID ‘Normal’ and Your Email Inbox Have in Common

5 minute read

What have become everyday precautions against COVID-19 might seem similar to those taken while navigating your email inbox. Or at least they should. Let me explain.

Learn More

What I Learned from My Own Unemployment Scam

6 minute read

After a scammer filed for unemployment in my name, I did some detective work to take back my account. Here’s what I learned from my own unemployment scam.

Read the Story

Privacy and a Return to Normal Part 2: Contact Tracing Apps Are Doomed

6 minute read

If returning to normal after the coronavirus pandemic means implementing contact tracing apps large-scale, trust will be a key factor. This might spell doom for them.

Read Why

Learning the Hard Way: Zoom and the Public Face of Security and Privacy

6 minute read

The Zoom platform learned the hard way the importance of data privacy and security to consumers. We can all take some lessons from this experience.

Read More

The Perfect Pandemic Project: Set Up a Password Manager

3 minute read

Tired of baking and endlessly organizing all the nooks and crannies of your home during the pandemic? Take on a new project: Setting up a password manager.

Learn More

Is a Return to Normal Worth Our Privacy? Part 1: Voluntary Health Tracking

7 minute read

Health tracking may raise tough questions on privacy as we work on returning to normal after the coronavirus pandemic.

Learn More

Phishing Paranoia Doesn’t Fall Far from the Tree: A True Story

2 minute read

The lessons promoted in the security training and awareness world can show up in surprising places in your personal life. Exhibit A: This true story.

Read the Story

6 Things the Coronavirus Can Teach About Security Training and Awareness

8 minute read

Even hard times can be learning experiences. Here are six lessons training and awareness managers can take from the coronavirus pandemic.

Read More

When 'Use a VPN' Becomes 'Stranger Danger'

2 minute read

When situations change, your advice should change too. Here’s how my advice on VPN use changed when the world started working from home.

Read More

Building a Privacy Culture for GDPR, CCPA and Beyond

6 minute read

Building an organizational privacy culture will require executive messaging, training, and ongoing communications. Here are some tips for getting there.

Learn More

The Time Is Now for Privacy Officers to Build Privacy Cultures in Our Organizations

5 minute read

The increased focus on data privacy rights means now is the time for privacy officers to focus on creating organizational privacy cultures. Here’s why.

Read More

8 Tips for Building a Security Culture

10 minute read

Achieving a security culture through security awareness training is far from easy, but here are eight tips to put you on the path.

Learn More

It’s Time to Combine Security and Privacy Awareness Training

8 minute read

Can the seemingly disparate disciplines of security and privacy awareness training find something in common? Read my take on this topic.

Read My Take