Educause Security Discussion mailing list archives
Re: KnowBe4 Security & Awareness Training Feedback
From: "Pardonek, Jim" <jpardonek () LUC EDU>
Date: Fri, 29 Mar 2019 14:59:34 +0000
Hi Chad, We started out with using it on our LMS but unfortunately, there were some restrictions on how our LMS is implemented that made the end user experience a bit cumbersome. The following year we moved to their hosted solution. It started out promising but we began to have issues with user imports wiping out prior group assignments, reminders that were sent to staff that had already completed their curriculum, which forced us to send the reminders manually which was a ton of administrative overhead. They fixed the issue but we were then forced to use their minimum grade and were not able to use some of the “delighters” like completion certificates when training was complete. If you need more info/detail, let me know and we can take it off-list. Thanks, James Pardonek, MS, CISSP, CEH, GSNA Information Security Officer Loyola University Chicago 1032 W. Sheridan Road | Chicago, IL 60660 •: (773) 508-6086 Loyola University Chicago will never ask you for your username or password. For the lastest information security news at Loyola, please follow us online, Twitter: @LUCUISO Facebook: https://www.facebook.com/lucuiso/ Our Blog http://blogs.luc.edu/uiso/ From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Chad Tracy Sent: Friday, March 29, 2019 9:22 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] KnowBe4 Security & Awareness Training Feedback Jim, Are you using their hosted solution or are you using the SANS product by way of your LMS? Thanks! Chad On Fri, Mar 29, 2019 at 10:15 AM Pardonek, Jim <jpardonek () luc edu<mailto:jpardonek () luc edu>> wrote: We are looking at KnowBe4 and SecurityIQ to replace our current deployment from SANS. The SANS training is satisfactory but we have had a myriad of administrative issues with their product. I agree that the KnowBe4 content is a bit generic as is SecurityIQ, and SecurityIQ has more customization ability so we are leaning towards them. Jim James Pardonek, MS, CISSP, CEH, GSNA Information Security Officer Loyola University Chicago 1032 W. Sheridan Road | Chicago, IL 60660 •: (773) 508-6086 Loyola University Chicago will never ask you for your username or password. For the lastest information security news at Loyola, please follow us online, Twitter: @LUCUISO Facebook: https://www.facebook.com/lucuiso/ Our Blog http://blogs.luc.edu/uiso/ From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Neal O'Farrell Sent: Friday, March 29, 2019 8:31 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] KnowBe4 Security & Awareness Training Feedback I'm not in higher education but know KnowBe4 for years and while their products are highly regarded, they are also highly generic. Which usually ends up diluting their effectiveness. I think there's a good opportunity for an immersive awareness program specifically tailored for the needs, challenges, and audiences of higher ed. A good start might be for people to chime in with what they feel they need or are missing, and that current solutions don't provide. You can't fill the gaps until you identify them. Neal. Neal O'Farrell Schooled In Security www.schooledinsecurity.org<http://www.schooledinsecurity.org> neal () schooledinsecurity org<mailto:neal () schooledinsecurity org> (925) 914 0248 (EST) When we say "next generation security," we really mean it! On Fri, Mar 29, 2019 at 9:15 AM Frank Barton <bartonf () husson edu<mailto:bartonf () husson edu>> wrote: Jason, I would say that KnowBe4Suffers from the same industry problem - they do try to make the content industry-agnostic (and to be honest, while I'm not on the content side, I would like to see the ability for some customization to make things more "us") As to the "bending the truth", I'm not sure I would go that far. There are some nuances that I think are missed, or things that might be a bit 'over-generalized' (which leads to the industry-agnostification). Getting the balance right between "good - engaging content" and "technical precision" in a field that is very rapidly changing can be very difficult. on the whole, I think KnowBe4 gets the balance just about right, and tries to make their content accessible to everyone, no matter the technical skill level We just pushed out our annual Security Awareness Training, and I would say that the content was just about "high average" with a focus on social engineering. Education is somewhat of an 'odd duck' when it comes to some of the ITSEC problems that the industry sees. I wonder if maybe EDUCause should work on creating either training content, or (as in a Logical OR) a training platform to provide and track training that can be focused to the challenges that we face in Higher Ed (Lets face it... how many other businesses need to worry about SmartTVs, XBoxen, and the whole alphabet soup of compliance every day in addition to having their customers living on site?) On Fri, Mar 29, 2019 at 8:57 AM Jason Fried <friedj () sunysuffolk edu<mailto:friedj () sunysuffolk edu>> wrote: Good morning, Common feedback – especially from faculty – for our current product is that this is obviously not built for higher ed, but is more industry-agnostic. Would those who have or will responded about KnowBe4 provide their thoughts on that, along with that ‘bending of the truth’? Many thanks… Regards, Jay -- Jason Fried Information Security Officer Information Technology Services Suffolk County Community College O: 631.451.4291 / M: 631.897.6064 @SuffolkITS From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Frank Barton Sent: Friday, March 29, 2019 8:50 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] KnowBe4 Security & Awareness Training Feedback Joshua, Another "Hello from up in Maine" We are using KnowBe4 for both their Phishing and user education. We have bee happy with it, both from an overall content perspective as well as from a management perspective. I will echo what Chad said. sometimes there are some "degrees" of truth that might be lost, but overall I have been happy with the content. Frank On Fri, Mar 29, 2019 at 6:30 AM Chad Tracy <ctracy () bates edu<mailto:ctracy () bates edu>> wrote: Joshua, Hello from up in Maine. Nice to see the weather finally getting better up here. I PoC'd KnowBe4 a couple years back... in short, it came down to price. I had used Knowbe4 for our Phishing platform, which I loved... very easy to use and their support was very easy to work with and they were always immediately available. The ISAT was very well presented but I had issues with the content - meaning that I took a few of the training modules and completed the quizzes for each module and I actually got many of them wrong... What I know to be true with regard to security and what they know to be true... well, we have varying truths...lol. I felt that if I had heartburn over the content than I was sure to have a ton of feedback from the community. For what it's worth, I know of one other institution that is moving away from Knowbe4 and back to SANS STH. **You heading to the Educause Security Conference this year? Best, Chad On Thu, Mar 28, 2019 at 4:19 PM Gomez, Joshua <J.Gomez () snhu edu<mailto:J.Gomez () snhu edu>> wrote: Hey There, Are any other Universities currently a customer of KnowBe4? We are currently considering them for our ISAT content provider but wanted to get feedback from an actual customer in Higher Ed. If you feel more comfortable messaging me directly, I can be reached at j.gomez () snhu edu<mailto:j.gomez () snhu edu>. Thanks In advance! Joshua Gomez | Consultant, Information Security Information Technology Solutions [SNHU horizontal logo] -- Chad Tracy Director of Information Security, Policy and Compliance Bates College 207 786-6491 -- Frank Barton, MBA Security+, ACMT, MCP IT Systems Administrator Husson University -- Frank Barton, MBA Security+, ACMT, MCP IT Systems Administrator Husson University -- Chad Tracy Director of Information Security, Policy and Compliance Bates College 207 786-6491
Current thread:
- KnowBe4 Security & Awareness Training Feedback Gomez, Joshua (Mar 28)
- Re: KnowBe4 Security & Awareness Training Feedback Chad Tracy (Mar 29)
- Re: KnowBe4 Security & Awareness Training Feedback Frank Barton (Mar 29)
- Re: KnowBe4 Security & Awareness Training Feedback Jason Fried (Mar 29)
- Re: KnowBe4 Security & Awareness Training Feedback Frank Barton (Mar 29)
- Re: KnowBe4 Security & Awareness Training Feedback Neal O'Farrell (Mar 29)
- Re: KnowBe4 Security & Awareness Training Feedback Pardonek, Jim (Mar 29)
- Re: KnowBe4 Security & Awareness Training Feedback Chad Tracy (Mar 29)
- Re: KnowBe4 Security & Awareness Training Feedback Pardonek, Jim (Mar 29)
- Re: KnowBe4 Security & Awareness Training Feedback Frank Barton (Mar 29)
- Re: KnowBe4 Security & Awareness Training Feedback Austin Bollinger (Mar 29)
- Re: KnowBe4 Security & Awareness Training Feedback Radhakrishnan, Rashmi (Mar 29)
- Re: KnowBe4 Security & Awareness Training Feedback Chad Tracy (Mar 29)
- Re: KnowBe4 Security & Awareness Training Feedback Barton, Robert W. (Mar 29)
- Re: KnowBe4 Security & Awareness Training Feedback Valerie Vogel (Mar 29)
- Re: KnowBe4 Security & Awareness Training Feedback Jeff Holden (Mar 29)