Re: Lunch and learn

[Kenneth Voort <listbounce-01 () voort ca>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A few thoughts from my experiences with this...

The moment you put the words "security" or "computer" into the subject of the lunch n' learn
people's interest levels plummet. The most successful ones I've run have surreptitiously hidden
their true intentions by putting some sort of spin on it. For certain topics, you might find the
technical segment of your workforce showing up because of the cool factor, but attracting the
remainder is a bit more difficult, especially for the SMB market. Web security discussions and live
penetration demos attract the tech savvy but leave the rest utterly disinterested. Leave those for
lunches specifically intended for that audience.

Rather than a title like "Computer Security Basics", use a title like "Keeping Your Children Safe
Online", or rather than "Real-world Dangers of Identity Theft", use something like "Safe Online
Shopping for the Holiday Season". Of course, you'd need to tailor your talking and/or discussion
points to cater to the more creative subjects, but the core lessons remain the same; it's all about
spin doctoring it.

A few of the most successful lunch n' learns I've hosted include "Keeping Your Children Safe
Online"(I did a six month series on that one), "Online Shopping Tips for the Technologically
Challenged", and "Facebook Privacy Controls". Several times I've also covered current events; I did
a quite successful Melissa virus explanation back in the day. Doing current events connects the
subject to something real-world in most people's minds. The discussions and questions always allow
me to get the same point across that I would with a "Computer Security Basics" meeting, but with a
far more receptive and varied audience.

Don't count on an accurate attendance list. People rarely commit to lunch n' learns, many who don't
will show up, and many who do, won't. They're useful only as a way to guage interest. If you find a
sweet spot subject, see if you can turn it into a series of meetings. And always provide lunch.

If you're having trouble finding a way to twist the subject matter to appeal to people, see if your
HR or PR people (or even lawyers if you have them on staff) can help. Not only are they experts at
making the unappealing more appealing, they are also the target audience usually missed by these
things and can speak for a lot of people. If you can find a second person to host these with, give
that a try as well. I always find lunch n' learns more interactive with two presenters. I guess it
appears less like a soapbox lecture if you're not alone.

On 10-12-15 11:57 AM, Aaron wrote:
> I've been tossing this idea around for a while now and I want to reach out to this group for
> thoughts and suggestions. I know a lot of us work in the small/medium business arena but some are
> also in very large enterprises. Regardless of where we work or the size of the organization, I think
> as a group we continually are trying to educate users and each other about security (albeit not
> always successfully). Whether it's physical security of ones home, data security on a personal or
> work computer, or even social engineering security.
>
> My plan is this; at places I work or consult for, offer an opportunity to discuss security related
> concerns with the staff at a lunch once per month. Obviously lunch would be provided. I don't
> necessarily want this to be a "meeting" where I or someone else gets up and preaches for 30 or 45
> minutes but an actual discussion. Find out what questions and concerns people have not only about
> work-related items but in day-to-day things. Obviously this would necessitate the solicitation of
> ideas, concerns, and interests from those attending the meeting prior to the event.
>
> So to my point. Has anyone been to one of these sorts of things or put one on? If so, how did it go?
> Did it seem to be well received? Were people interested in it or did they look at it as YAM (Yet
> Another Meeting)?
>
> Thoughts, suggestions, criticisms, all welcome. If things work out the way I hope they will I'm
> considering putting together a site where a framework can be built for this sort of thing. Maybe
> have notes, how to plan, and how to run one of these Lunch & Learns.
>
> Thanks for your time!
>
> Aaron
> (subdriven)

- -- 
Kenneth Voort - kenneth {at} voort <SPAMGUARD> {dot} ca
FDF1 6265 EBAB C05C FD06 1AED 158E 14D6 37CD E87F | pgp encrypted email preferred
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAk0JDxAACgkQFY4U1jfN6H/CBQCcDkiO2t5Hg4y/eAa6wsNTsciw
OcgAoJReKsMUC7rDnAZdfWyKuTGEVw9k
=1LiL
-----END PGP SIGNATURE-----
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com