“We have taken a different approach this year to increase the level of peer discussion by theming our groups around different subject matter areas and less on vertical markets,” explains Lance Spitzner, training director at SANS Securing The Human Program, “This is based on feedback from our last event and reflects the notion that security and awareness challenges transcend industries and the experience and insights gained by a manufacturer, industry regulator or financial services organisations are valuable across the board.”

The line-up for speakers includes representatives from the Bank of England, Lockheed Martin, University College London, Diageo and ENISA amongst 7 sessions and an extended networking luncheon and additional peer-networking breaks.

“The audience has also grown significantly,” says Spitzner, “Alongside Infosec professionals, our early registrations are showing delegates from compliance and audit, human resources and communications backgrounds who are increasingly tasked with information security awareness and policy management roles – the summit will allow these attendees to gain real insights from both academic experts and peers with similar roles.”

The hands-on- nature of many of the sessions is typified by John Haren, Head of Information Security Governance, Risk & Compliance for Diageo. With 16 years within the company across a variety of roles and the last 4 spent with the information security area, John will discuss the ongoing work to create a network of “security champions” across one of the world’s largest drinks companies.

“I feel this is an important topic because budgets are continually being squeezed and central Information Security teams, particularly in global organisations, have fewer resources (both people and financial) as a result,” says Haren, “It is vital that we use extended teams to help get our critical messages out there – and we can do this because there is a pull from those teams both to help their own parts of the business and their colleagues but also from interested individuals who find Information Security fascinating.”

The one-day summit follows the two-day training course, SANS MGT433 Program taught by Spitzner, “To reduce human risk you need to change peoples’ behaviours, and to change peoples’ behaviour you need a well-planned, high-impact security awareness programme. Far too often organisations have a security awareness programme, but the programme is immature, designed only for compliance purposes to meet a certain standard. To truly change human behaviour, you need a mature security awareness programme that has the support of your management and answers the key questions of who, what and how,” Spitzner adds.