Security Briefing - OWASPDiscuss the OWASP Top 10 -> https://owasp.org/www-project-top-ten/How to remediate? Training, peer-review, Veracode
Security Briefing - Social EngineeringIntroduction to Social EngineeringWhat happensMaybe introduce the Darknet Diaries podcast
Security Briefing - Paying to be hackedPro-active stepsPenetration testing - red teamers/ blue teamersBug Bounties
Security Briefing - the evolution of the passwordThe changing face of passwordsIntroduce https://haveibeenpwned.com/Talk about different storage/ encryption types - their evolutionResponsibility of the data holder to keep upDoes Quantum change all thisMulti-factor. Password lessDiscuss the "treat you password like your underpants" idea - and why this produces poor behaviors
Security Briefing - Where to startLots of advice and guidance out there, but where to startTop x things to get started:* Patching/ latest software* No shared credentials - traceability and separation of duties* Single Sign On - user management/ basic hygiene* Periodic solutions review (gamedays - #47)Training, training, training
Security Briefing - Intro to cyber securityWhy cyber security is importantDiscuss different groups - script kiddies, disgruntled employees, professional individuals/ groups, nation states.Looks at costs (GDPR, ICO, etc). Possibly look at cyber insuranceHow much is enough (spend)? Should always be moreMaybe add about the change from Microsoft
The need for speedProbably focused on websites (although may talk about other software types); why the speed of the site is important - both for B2C & B2B.Talk about drop off rates and affects on SEOMaybe introduce the idea of CDN/ CachingAlso warn about over optimisation