惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

B
Blog RSS Feed
Google DeepMind News
Google DeepMind News
罗磊的独立博客
Martin Fowler
Martin Fowler
博客园_首页
Stack Overflow Blog
Stack Overflow Blog
Last Week in AI
Last Week in AI
The GitHub Blog
The GitHub Blog
B
Blog
C
Check Point Blog
WordPress大学
WordPress大学
G
Google Developers Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
量子位
月光博客
月光博客
U
Unit 42
Engineering at Meta
Engineering at Meta
有赞技术团队
有赞技术团队
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
大猫的无限游戏
大猫的无限游戏
博客园 - 聂微东
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Y
Y Combinator Blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Vercel News
Vercel News
Application and Cybersecurity Blog
Application and Cybersecurity Blog
博客园 - 【当耐特】
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Jina AI
Jina AI
S
Secure Thoughts
aimingoo的专栏
aimingoo的专栏
D
Darknet – Hacking Tools, Hacker News & Cyber Security
I
Intezer
Latest news
Latest news
V
Vulnerabilities – Threatpost
D
Docker
Attack and Defense Labs
Attack and Defense Labs
Help Net Security
Help Net Security
S
Security @ Cisco Blogs
Forbes - Security
Forbes - Security
MongoDB | Blog
MongoDB | Blog
云风的 BLOG
云风的 BLOG
L
LINUX DO - 热门话题
P
Palo Alto Networks Blog
Cloudbric
Cloudbric
Spread Privacy
Spread Privacy

Okta Security RSS Feed

OpenSSL HollowByte: A DoS Hiding in 11 Bytes Datadog and Okta Combine for New Customer Detections Detecting OpenClaw at Sign-In Okta Hardening Guide Updated to Secure Non-Human Identities Okta Pooled Security Audits: a One-Year Retrospective Account Recovery, without Password Resets Okta’s Response to React2Shell Uncloaking VoidProxy: a Novel and Evasive Phishing-as-a-Service Framework Attackers Target Hotelier Accounts in Malvertising and Phishing Campaign Using Auth0 Logs for Proactive Threat Detection Controlling Cross-App Data Sprawl in Google Workspace How this ClickFix campaign leads to Redline Stealer Paving the Path: Pooled Audits with Okta Security Building Confidence in Support Comms with Caller Verify at Okta Enabling ISO/IEC 27001:2022 Compliance with Okta Okta’s Secure by Design Pledge - One Year On Leveraging Okta System Logs for Proactive Threat Detection Enhancing Customer Trust Through a Comprehensive Audit Program Okta's new Security Technical Implementation Guide (STIG) A Guide to DORA Compliance with Okta How AI services power the DPRK’s IT contracting scams Detect and Prevent Cross Device Authentication How Responsible Disclosures are Shaping a Safer Cyberspace Cybersecurity’s Next Gen Next.js CVE-2025-29927 CSO Conversations: Matthew Hansen, Regional CSO of Americas West Empowering Security with Customer Trust Solutions Putting Security First with Secure Development One trick finds the root of any Okta troubles CSO Conversations: Stephen McDermid, Regional CSO of EMEA Content-Security-Policy in a Complex Environment CSO Conversations: Keiko Itakura, Regional CSO of Japan How Okta Embraces Identity Verification Using Persona CSO Conversations: Matt Immler, Regional CSO of Americas East Raising the Bar for our Industry with IPSIE Cyber-Safety over the Holidays Okta Social Engineering Impersonation Report - Response and Recommendation Five Reasons to Upgrade your Org to Okta Identity Engine Okta’s Ongoing Commitment to Secure By Design Unveiling the Essence of the Security Customer Trust Function Seven Ways to Reduce Super Admins in Okta The Case for Zero Standing Privileges FastPass: The battle-hardened authenticator Detecting Cross-Origin Authentication Credential Stuffing Attacks How to Block Anonymizing Services using Okta Why Cyber-heroes need a Zero Trust CAEP! Okta Verify Vulnerability Disclosure Report - Response and Remediation Defensive Domain Registration is a Mug’s Game Protecting Administrative Sessions in Okta How to Secure the SaaS Apps of the Future Okta October 2023 Security Incident Investigation Closure October Customer Support Security Incident - Update and Recommended Actions Unauthorized Access to Okta's Support Case Management System: Root Cause and Remediation Tracking Unauthorized Access to Okta's Support System Go “Secure by Default” With Custom Admin Roles for IT support staff Cross-Tenant Impersonation: Prevention and Detection BYO Telephony and the future of SMS at Okta Saying “No Thanks” to nOAuth Telling More Okta Detection Stories with Google Chronicle An Unexpected Endorsement for WebAuthn Social Engineering is Getting More Extreme, but the Fixes Can Be Simple Study up on Okta Logs for Splunk’s Boss of the SOC! Keeping Phishing Adversaries Out of the Middle Using Workflows to Respond to Anomalous Push Requests Okta and Splunk Combine to Detect Common Attacks Setting the Right Levels of Assurance for Zero Trust Catch-All's and Canary Rules User Sign-in and Recovery Events in the Okta System Log Okta Code Repositories Detecting Real-Time Phishing Attacks Detecting Real-Time Phishing Attacks Okta’s Response to OpenSSL Security Update Monitoring for Abuse of Administrative Privileges System Log: a Window into Supporting the Okta Cloud The Human Factor in Phishing Resistance Auth0 Code Repository Archives From 2020 and Earlier Phishing Resistance and Why it Matters Detecting Scatter Swine: Insights into a Relentless Phishing Campaign Defending against Session Hijacking Unlocking the Mystery of 700+ Okta System Log Events Official Okta Statement on LAPSUS$ Claims Protection, without perimeters We (still) need to talk about RDP Just How Risky is Legacy Authentication?
Security Education Through the Art of Storytelling
Ann Wallace · 2024-09-05 · via Okta Security RSS Feed

In today's digital world, cybersecurity isn't just a technical issue, it's a human one. At Okta, we've taken a fresh approach to security education by leveraging a tool as old as humanity itself - storytelling. We aim to make security education effective, engaging, and memorable by weaving narratives into our training sessions.

What is Storytelling?

Storytelling is more than just a method of communication; it is a profound way to connect with people, share experiences, and influence thoughts and emotions. As Jimmy Neil Smith, Director of the International Storytelling Center, puts it: “We are all storytellers. We all live in a network of stories. There isn’t a stronger connection between people than storytelling.”

This connection is why storytelling is such a powerful tool in education. We aren't just relaying information when we tell a story - we create an emotional experience. This emotional investment helps people better remember the lessons long after the session is over.

The Elements of a Good Story

A compelling story has several key elements:

  1. Characters: Every story needs a hero and, often, a villain. In the context of cybersecurity, the hero could be the employee who spots a vulnerability during a code review. At the same time, the villain might be the adversary trying to breach the system.

  2. The Hero’s Journey: This is the narrative arc where the hero faces a challenge, overcomes obstacles, and emerges victorious (or learns a valuable lesson in defeat).

  3. Conflict and Resolution: At the core of any good story is conflict. It might be a breach attempt, a security flaw, or risky behavior that needs correcting. The resolution is how the characters (or the audience) learn to address and resolve these issues.

  4. Lessons Learned: What should the audience take away from the story? This could be practical advice, a change in perspective, or a call to action.

At Okta, we apply these elements to our security education by crafting relatable scenarios that resonate with our audience. We don’t just list the Open Source Foundation for Application Security (OWASP) Top 10 vulnerabilities; we tell the story of the "Okta Top 10” – the Top 10 vulnerabilities we see through code reviews and other methods. We weave in real-world examples and metaphors that bring these abstract concepts to life.

How to Tell a Story in Security Training

  1. Know Your Audience: Understanding your audience's background, expertise, and interests is crucial. At Okta, we avoid generic examples that don’t resonate with our employees. Instead, we use examples found in our codebase to make security concepts relatable.

  2. Pull Them in with Emotional Connections: Start with a relatable scenario. Use personal stories, show empathy for their challenges, and highlight how security issues impact them directly.

  3. Make Them Care: To drive the point home, it’s essential to illustrate the real-world consequences of security lapses. Show both the adverse outcomes of ignoring best practices and the positive results of adhering to them.

  4. Give Them Something to Remember: Whether it’s a humorous anecdote, a dramatic story arc, or a surprising twist, the goal is to leave the audience with a memorable takeaway. This helps reinforce the lessons learned and encourages better security practices.

Storytelling in Action at Okta

When I joined Okta, one of my first tasks was overhauling our secure code training. We decided to shift our focus from traditional lectures to storytelling, using elements from gaming, sci-fi, and fantasy to create a narrative that would resonate with our tech audience.

We created fictional characters, like "The Devs," representing our product development team members and placing them in scenarios that mimic real-world security challenges. These diverse characters and grounded-in-reality scenarios made them more relatable and effective in conveying the importance of security practices.

For instance, one of our training modules depicted a hacker attempting to infiltrate a secure area, like trying to gain unauthorized access to a club. Using this metaphor, we could visually demonstrate authentication issues and privilege escalation in an engaging and educational way.

Why Storytelling Works

Good stories surprise us, make us think and feel, and stick in our minds long after we've heard them. In cybersecurity training, this means our employees are more likely to remember the lessons we teach and apply them in their daily work.

We are continuously building on this approach, integrating storytelling deeper into our security culture, making our educational materials informative, and reflecting our unique culture at Okta.

By embracing storytelling, we transform our security training from a mundane task into a memorable experience that fosters a culture of security awareness throughout the organization.

Conclusion

Storytelling is a powerful tool in security education. It makes training more engaging, relatable, and memorable, helping employees not just learn about security best practices but also internalize them. At Okta, we have heard from our employees that they find the training relatable and enjoyable. We are also seeing a higher level of on-time completion rates than we did with previous trainings. We're committed to using storytelling to create a stronger security culture - one that empowers every team member to live our company value of Aways Secure, Always On.

Learn More

The Security Education team will present at Oktane on “Building a Robust Security Education Program” in October. 

For more on storytelling, please watch my keynote address at the CloudNative SecurityCon in July. I will also be leading two sessions on Security Education Through the Art of Storytelling at the EWF (Executive Women's Forum) Annual Conference on October 23, 2024.

Ann Wallace is the Director of Product Security Education at Okta. She shares her journey of transforming security education through the art of storytelling. Prior to Okta, Ann held security leadership roles at Google, Nike, and Shopify. She is also on the Board of Directors for WiCyS Oregon. Ann has spoken globally at conferences on Security Education, Women in Tech, and Cloud and Container Security. Ann can also be found trail running around the PNW with her dog Cedar.