User awareness is a part of most Information Security programs either out of good sense or regulatory requirement. Researchers have surveyed the administrators of these training programs and have gotten mixed results. This presentation will challenge the status quo of web based training to the lowest common denominator with concepts of risk based user awareness and training incentives. Attendees will be challenged to transform their security program from the office of “no” to the office of “know”. What Attendees Will Learn in This Session. Review the latest research in security awareness training results. Why current security training is ineffective as a security control. Alternative solutions such as incentives and risk based security training From Blue To Red - What Matters and What (Really) Doesn't Jason Lang Attention Blue Team! Have you ever been curious about making the jump to penetration testing? Wonder if you have what it takes to do so? Come hear tales of hilarity and woe from an enterprise defender recently turned to the dark side (professionally :-). You will not only learn critical steps to take and pitfalls to avoid, but also what enterprise controls are a must, and which ones really don't matter....at all.