October 30–31, 2016: Training
October 31–November 2, 2016: Tutorials & Conference
New York, NY

Users cannot change on phish alone: Building simulations for your targeted behaviors

11:20am–12:00pm Tuesday, 11/01/2016
The human element
Location: Grand Ballroom West Level: Intermediate
Average rating: ***..
(3.33, 3 ratings)

Prerequisite knowledge

  • A basic understanding of security awareness and education programs, including components, goals, and common structure

What you'll learn

  • Learn a framework for conducting human security simulations for your own organizations


The ideal security awareness and education program is comprised of training, education, and content in the pursuit of behavior modification. As this behavior change is paramount, why do so many programs rely only on phishing simulations to test and train users? Samantha Davison explores how to identify key behaviors and apply simulations in a structured way to continuously test and train your users beyond the phish.

Topics include:

  • Learning theory: How humans learn and the power of the simulation
  • Security behaviors: How to identify your key behaviors and case study
  • Security simulations: Phishing, authentication, cloud storage, physical security, vulnerable code, crisis, and role-based (customer support, executives)
  • Testing: Baselining, frequency, and what you should do with this data
  • Application: Examining your org for tools and simulation open source toolbox
Photo of Samantha Manke

Samantha Manke


Samantha Davison was recently the security awareness and education program manager at Uber, where she lead the development of security awareness for employees in over 350 cities globally. Before Uber, Samantha codesigned and implemented highly acclaimed security awareness programs at Fortune 500 companies. She presents at conferences around the world, as well as leading roundtable discussions for security professionals on security awareness, and has been featured in several major security industry publications. Samantha holds a master’s degree in security technologies, where, as part of her academic research, she conducted an extensive comparison of security awareness programs, determining critical success factors in the effectiveness of the programs.