Training: 8–9 November 2016
Tutorials & Conference: 9–11 November 2016
Amsterdam, NL

Expanding the blue team by building a security culture program

Masha Sedova (Salesforce)
16:45–17:25 Thursday, 10 November, 2016
Location: G104/105
Average rating: ****.
(4.67, 3 ratings)

What you'll learn

  • Explore Salesforce's multistep approach to increase the reporting of suspicious activity and the measurable impact it has had in helping keep Salesforce’s employees and customers secure


Often, attackers only need one employee to fall for an attack to gain a foothold in an organization. Defenders, on the other hand, have to continuously catch all attacks to keep an organization secure. In 2012, Masha Sedova began a new approach to Salesforce’s security awareness program aimed at increasing the difficulty of a successful attack on employees. The goal was not only to educate the company’s employees about security but also to make them invested in their part of securing the company by reporting suspicious activity.

Masha shares the steps she’s taken to increase the reporting of suspicious activity by her employees and explores the measurable impact it has had in helping keep Salesforce’s employees and customers secure. After a multistep approach using rewards and positive feedback, the company continues to see increasingly promising results on detecting simulated and real phishing emails and defending against red team exercises.

Photo of Masha Sedova

Masha Sedova


Masha Sedova is the senior director of Trust Engagement at Salesforce, where her team drives a secure mindset among all employees using user security behavior testing and data analytics paired with elements of gamification and positive psychology. The scope of Masha’s work runs the gambit from general awareness of phishing and reporting activity to secure engineering practices by developers and engineers. She and her team have built security simulations, company-wide competitions, and custom lab environments to drive effective learning of vital security behaviors. Her efforts have culminated in a security program that is altering the way Salesforce’s employees, customers, partners, and large corporations approach security. Previously, Masha was the principal founder of Dymera Strategies Consulting, where she conducted social engineering and security awareness training for international companies and government agencies based on tools, techniques, and methods of prominent cyberwarfare actors. Masha has also worked for Northrop Grumman and BAE Systems as a cyberthreat researcher.