Sascha Giese, Technical Evangelist at SolarWinds, explains their Cybersecurity Awareness Month initiatives, which include gamified training, real-world simulations, and ongoing advisories, creating a proactive security culture for employees and customers.
Why is Cybersecurity Awareness Month important for SolarWinds, and how do you view its impact on the cybersecurity landscape?
Cybersecurity Awareness Month is an excellent reminder for all organizations that effective cybersecurity requires a holistic approach. At SolarWinds, we focus on educating our teams on cybersecurity best practices. We try to make our training and education sessions fun and relevant to our employees’ workflows.
What initiatives or programs does SolarWinds launch to celebrate and promote Cybersecurity Awareness Month?
We take a layered approach to our cybersecurity training and culture. First, we gamify the training so it’s less mundane and more fun for our employees. We also send out regular email advisories to keep best practices at the forefront of each team member’s mind. In both instances, we leverage real-world examples. Our ultimate goal is for team members to use what they learn personally and professionally.
How does SolarWinds engage with its customers and partners during Cybersecurity Awareness Month to enhance their understanding of cybersecurity threats?
Social media is a powerful touchpoint for us and our customers. During Cybersecurity Awareness Month, we leverage social media to share photos and quick summaries so our customers can see what we’re doing during the month and how seriously we take cybersecurity as we develop our products and services.
Are there any specific campaigns or training modules introduced by SolarWinds to educate users on emerging cyber threats during this month?
We use Microsoft’s attack simulator to generate different scenarios that mirror what we see in the real world. For example, we’ll create mock emails that simulate a business email compromise attack. To make it as real as possible, we don’t give prior notice outside of a small group of people. This allows our security team to gauge who’s been paying attention in training and using best practices.
What are some key themes or focus areas SolarWinds emphasizes during Cybersecurity Awareness Month, and how do they align with the company’s overall cybersecurity strategy?
We try to focus on the most common threats our employees will face, including business email compromise and phishing attacks. Through our email advisories, attack simulations, and other training, we’re able to prepare our employees. This aligns with our company’s strategy that cybersecurity is a team sport, requiring everyone, at all parts of the organization, to participate.
Can you share any examples of successful awareness programs SolarWinds has implemented during past Cybersecurity Awareness Months?
We believe each of our initiatives — our regular email advisories, attack simulations, quarterly newsletters, in-person/virtual meetings with staff — have been successful. We’ve seen real growth in our cybersecurity culture, and we’ve been impressed in how our teams are adapting to new threats across the cybersecurity landscape.
How does SolarWinds measure the effectiveness of its initiatives during Cybersecurity Awareness Month?
We gauge who’s been paying attention during training through the attack simulations. With the attack simulation software, we’re able to generate reports outlining who clicked on the faux phishing emails, who opened links, and who shared emails. This allows us to generate new points of focus as we develop our training materials.
Does SolarWinds collaborate with any industry partners or cybersecurity organizations to amplify its message during this month?
Yes, we partner with Cisco, Palo Alto Networks, and Rapid7 to acquire analysts’ research about the latest threat intelligence landscape. This allows us to make our attack simulations as realistic as possible.
What are SolarWinds’ plans to continue promoting cybersecurity awareness beyond just the designated month?
Even after our attack simulations are done, we send out quarterly cyber security newsletters and regular email advisories and keep our virtual doors open to teams if they have any questions. We’re also constantly, in real time, monitoring the cybersecurity landscape to ensure new attack trends don’t catch us by surprise.