Advanced Persistent Training: Take Your Security Awareness Program to the Next Level 1st ed. Edition

Schroeder writes with keen insight into, among other things, the learning process and (security) culture mechanics, and provides a refreshing amount of actually useful tips on how to plan, implement and/or improve your security awareness program - not a given when it comes to the majority of existing literature on the topic. Difficult subject-matter is presented in a clear and easy to understand way (even for a non-native English speaker), and most chapters include several "question boxes" that stops you in the track to ponder how the various points apply to you in your own organizational context.I can definitively see myself returning to this book again and again when trying to mature our Security Awareness program, to deal with specific challenges or "difficult" audiences, or simply to reignite the creative spark when the program is starting to feel stale.If anything, the author should consider elaborating a bit more on specific topics and expanding the chapters somewhat - the chapter on e.g. Metrics is sadly too short and general - and maybe even throw in an extra appendix with checklists and planning tools that will help the reader apply the lessons learned. But maybe that's something for the sequel?

I work on the physical security side and bought this book among a few other security awareness books. It's quick to read but still covers all high level elements of effective security awareness programs. A great read especially for the typical subject matter expert that would like to better understand why certain efforts work and others don't.What I specifically liked was how the author half way through the book changed his writing style, from a very factual, almost scientific one to a more direct, friendly and easy to read copy. The book instantly becomes easier to read. A great lesson learned to remember when designing our own programs...

Advanced Persistent Training is a strategic, yet direct, concise and pragmatic approach to incrementally maturing your organization's security posture and reducing the attack surface at your layer 8, the users. This book starts off with exploring the common challenges IT and IS teams face with providing traditional security awareness training and why they are not effective. Jordan walks the reader through his methodology for delivering effective security awareness programs by changing typical user bad habits through easy to digest delivery, integrating feedback loops, positive reinforcement and incentivized compliance.If you are an IT security professional mandated with increasing policy compliance and reducing the risks of your user base, this is your pocket playbook for implementing a security awareness training program that actually works.

Jordan Schroeder's Advanced Persistent Training remains a breakthrough guide on how security trainers and Awareness professionals can effectively teach new behavior while helping users to `unlearn' old bad habits that prevent good security practices. Since it's people who serve as a firm's first (and often the last) line of defense, using Schroeder's easy-to-implement hints and tricks, you'll find a more practical and cogent way to affect how people learn and behave in ways that improve their self-worth while improving information security practices throughout the organization. Schroeder's guide is useful for any type of security awareness, be it a topical intervention or an entire curriculum of training, like software security. Highly recommended!- Mark Merkow, CISSP, CISM, CSSLP, Information Security Architect, Author, and Educator