Re: KnowBe4 Security & Awareness Training Feedback

[Chad Tracy <ctracy () BATES EDU>]

Jim,

Are you using their hosted solution or are you using the SANS product by
way of your LMS? Thanks!

Chad

On Fri, Mar 29, 2019 at 10:15 AM Pardonek, Jim <jpardonek () luc edu> wrote:

> We are looking at KnowBe4 and SecurityIQ to replace our current deployment
> from SANS.  The SANS training is satisfactory but we have had a myriad of
> administrative issues with their product.  I agree that the KnowBe4 content
> is a bit generic as is SecurityIQ, and SecurityIQ has more customization
> ability so we are leaning towards them.
>
>
>
> Jim
>
>
>
> *James Pardonek, MS, CISSP, CEH, GSNA*
>
> *Information Security Officer*
>
>
> * Loyola University Chicago  1032 W. Sheridan Road | Chicago, IL  60660 *
> * (**: (773) 508-6086*
>
>
>
> *Loyola University Chicago will never ask you for your username or
> password.*
>
> *For the lastest information security news at Loyola, please follow us
> online,*
>
> *Twitter: @LUCUISO*
>
> *Facebook: https://www.facebook.com/lucuiso/
> <https://www.facebook.com/lucuiso/>*
>
> *Our Blog http://blogs.luc.edu/uiso/ <http://blogs.luc.edu/uiso/>*
>
>
>
> *From:* The EDUCAUSE Security Community Group Listserv <
> SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Neal O'Farrell
> *Sent:* Friday, March 29, 2019 8:31 AM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* Re: [SECURITY] KnowBe4 Security & Awareness Training Feedback
>
>
>
> I'm not in higher education but know KnowBe4 for years and while their
> products are highly regarded, they are also highly generic. Which usually
> ends up diluting their effectiveness.
>
>
>
> I think there's a good opportunity for an immersive awareness program
> specifically tailored for the needs, challenges, and audiences of higher ed.
>
>
>
> A good start might be for people to chime in with what they feel they need
> or are missing, and that current solutions don't provide. You can't fill
> the gaps until you identify them.
>
>
>
> Neal.
>
>
>
> Neal O'Farrell
>
> Schooled In Security
>
> www.schooledinsecurity.org
>
> neal () schooledinsecurity org
>
> (925) 914 0248 (EST)
>
>
>
> When we say "next generation security," we really mean it!
>
>
>
>
> On Fri, Mar 29, 2019 at 9:15 AM Frank Barton <bartonf () husson edu> wrote:
>
> Jason, I would say that KnowBe4Suffers from the same industry problem -
> they do try to make the content industry-agnostic (and to be honest, while
> I'm not on the content side, I would like to see the ability for some
> customization to make things more "us")
>
>
>
> As to the "bending the truth", I'm not sure I would go that far. There are
> some nuances that I think are missed, or things that might be a bit
> 'over-generalized' (which leads to the industry-agnostification). Getting
> the balance right between "good - engaging content" and "technical
> precision" in a field that is very rapidly changing can be very difficult.
> on the whole, I think KnowBe4 gets the balance just about right, and tries
> to make their content accessible to everyone, no matter the technical skill
> level
>
>
>
> We just pushed out our annual Security Awareness Training, and I would say
> that the content was just about "high average" with a focus on social
> engineering.
>
>
>
> Education is somewhat of an 'odd duck' when it comes to some of the ITSEC
> problems that the industry sees. I wonder if maybe EDUCause should work on
> creating either training content, or (as in a Logical OR) a training
> platform to provide and track training that can be focused to the
> challenges that we face in Higher Ed (Lets face it... how many other
> businesses need to worry about SmartTVs, XBoxen, and the whole alphabet
> soup of compliance every day in addition to having their customers living
> on site?)
>
>
>
>
>
>
>
> On Fri, Mar 29, 2019 at 8:57 AM Jason Fried <friedj () sunysuffolk edu>
> wrote:
>
> Good morning,
>
>
>
> Common feedback – especially from faculty – for our current product is
> that this is obviously not built for higher ed, but is more
> industry-agnostic. Would those who have or will responded about KnowBe4
> provide their thoughts on that, along with that ‘bending of the truth’?
> Many thanks…
>
>
>
> Regards,
>
>
>
> Jay
>
> --
>
> Jason Fried
>
> Information Security Officer
>
> Information Technology Services
>
> Suffolk County Community College
>
> O: 631.451.4291 / M: 631.897.6064
>
> @SuffolkITS
>
>
>
> *From:* The EDUCAUSE Security Community Group Listserv <
> SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Frank Barton
> *Sent:* Friday, March 29, 2019 8:50 AM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* Re: [SECURITY] KnowBe4 Security & Awareness Training Feedback
>
>
>
> Joshua,
>
>  Another "Hello from up in Maine" We are using KnowBe4 for both their
> Phishing and user education. We have bee happy with it, both from an
> overall content perspective as well as from a management perspective.
>
>
>
> I will echo what Chad said. sometimes there are some "degrees" of truth
> that might be lost, but overall I have been happy with the content.
>
>
>
> Frank
>
>
>
> On Fri, Mar 29, 2019 at 6:30 AM Chad Tracy <ctracy () bates edu> wrote:
>
> Joshua,
>
>
>
> Hello from up in Maine. Nice to see the weather finally getting better up
> here. I PoC'd KnowBe4 a couple years back... in short, it came down to
> price. I had used Knowbe4 for our Phishing platform, which I loved... very
> easy to use and their support was very easy to work with and they were
> always immediately available. The ISAT was very well presented but I had
> issues with the content - meaning that I took a few of the training modules
> and completed the quizzes for each module and I actually got many of them
> wrong... What I know to be true with regard to security and what they know
> to be true... well, we have varying truths...lol. I felt that if I had
> heartburn over the content than I was sure to have a ton of feedback from
> the community.
>
>
>
> For what it's worth, I know of one other institution that is moving away
> from Knowbe4 and back to SANS STH.
>
>
>
> **You heading to the Educause Security Conference this year?
>
>
>
> Best,
>
>
>
> Chad
>
>
>
> On Thu, Mar 28, 2019 at 4:19 PM Gomez, Joshua <J.Gomez () snhu edu> wrote:
>
> Hey There,
>
>
>
> Are any other Universities currently a customer of KnowBe4?  We are
> currently considering them for our ISAT content provider but wanted to get
> feedback from an actual customer in Higher Ed. If you feel more comfortable
> messaging me directly, I can be reached at j.gomez () snhu edu.
>
>
>
> Thanks In advance!
>
>
>
>
>
> *Joshua Gomez* | *Consultant, Information Security*
>
> Information Technology Solutions
>
>
>
> [image: SNHU horizontal logo]
>
>
>
>
>
>
>
>
> --
>
> Chad Tracy
>
> Director of Information Security, Policy and Compliance
>
> Bates College
>
> 207 786-6491
>
>
>
>
> --
>
> Frank Barton, MBA
>
> Security+, ACMT, MCP
>
> IT Systems Administrator
>
> Husson University
>
>
>
>
> --
>
> Frank Barton, MBA
>
> Security+, ACMT, MCP
>
> IT Systems Administrator
>
> Husson University

-- 
Chad Tracy
Director of Information Security, Policy and Compliance
Bates College
207 786-6491