<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Security-Awareness on Rishipal Yadav · not your CISO</title><link>https://rishipalyadav.github.io/tags/security-awareness/</link><description>Recent content in Security-Awareness on Rishipal Yadav · not your CISO</description><generator>Hugo -- gohugo.io</generator><language>en</language><copyright>© 2026 Rishipal Yadav</copyright><lastBuildDate>Sat, 27 Apr 2024 00:00:00 +0000</lastBuildDate><atom:link href="https://rishipalyadav.github.io/tags/security-awareness/index.xml" rel="self" type="application/rss+xml"/><item><title>Security Awareness Training: A Design Thinking Project</title><link>https://rishipalyadav.github.io/posts/security-awareness-design-thinking/</link><pubDate>Sat, 27 Apr 2024 00:00:00 +0000</pubDate><guid>https://rishipalyadav.github.io/posts/security-awareness-design-thinking/</guid><description>&lt;blockquote&gt;&lt;p&gt;&lt;em&gt;This article was originally published on &lt;a href="https://notyourciso.medium.com" target="_blank" rel="noreferrer"&gt;not your CISO&lt;/a&gt; on Medium. &lt;a href="https://notyourciso.medium.com/security-awareness-training-a-design-thinking-project-c06686163480" target="_blank" rel="noreferrer"&gt;Read the full post →&lt;/a&gt;&lt;/em&gt;&lt;/p&gt;
&lt;/blockquote&gt;&lt;p&gt;During the last semester (Spring 2024) of my Master of Engineering in Cybersecurity at the University of Maryland, College Park, I joined the Innovation Fellowship cohort at the Academy for Innovation and Entrepreneurship. The project: apply design thinking to security awareness training.&lt;/p&gt;
&lt;p&gt;Security awareness training has a reputation problem. Compliance teams love it. Employees hate it. And the data on whether it actually changes behaviour is, at best, mixed. The question I started with was: what would security awareness training look like if you designed it the way a product designer would — starting with the user, not the policy?&lt;/p&gt;</description></item><item><title>Educate Your Team — Do Not Chase When It Comes to Security</title><link>https://rishipalyadav.github.io/posts/educate-your-team-dont-chase/</link><pubDate>Mon, 05 Sep 2022 00:00:00 +0000</pubDate><guid>https://rishipalyadav.github.io/posts/educate-your-team-dont-chase/</guid><description>&lt;blockquote&gt;&lt;p&gt;&lt;em&gt;This article was originally published on &lt;a href="https://notyourciso.medium.com" target="_blank" rel="noreferrer"&gt;not your CISO&lt;/a&gt; on Medium. &lt;a href="https://notyourciso.medium.com/educate-your-team-do-not-chase-when-it-comes-to-security-b39925df078a" target="_blank" rel="noreferrer"&gt;Read the full post →&lt;/a&gt;&lt;/em&gt;&lt;/p&gt;
&lt;/blockquote&gt;&lt;p&gt;&lt;em&gt;&amp;ldquo;Hey, could you please complete the security training, it was due two days ago?&amp;rdquo;&lt;/em&gt;&lt;/p&gt;
&lt;p&gt;If that message sounds familiar — either as the person sending it or the one ignoring it — your security awareness program has a problem. And the problem isn&amp;rsquo;t that people are lazy or don&amp;rsquo;t care about security. The problem is that you&amp;rsquo;ve built a compliance exercise and called it a culture.&lt;/p&gt;</description></item><item><title>Back to Office: But What About Security?</title><link>https://rishipalyadav.github.io/posts/back-to-office-security/</link><pubDate>Thu, 28 Jul 2022 00:00:00 +0000</pubDate><guid>https://rishipalyadav.github.io/posts/back-to-office-security/</guid><description>&lt;blockquote&gt;&lt;p&gt;&lt;em&gt;This article was originally published on &lt;a href="https://notyourciso.medium.com" target="_blank" rel="noreferrer"&gt;not your CISO&lt;/a&gt; on Medium. &lt;a href="https://medium.com/@notyourciso/back-to-office-but-what-about-security-9971b00fa0ba" target="_blank" rel="noreferrer"&gt;Read the full post →&lt;/a&gt;&lt;/em&gt;&lt;/p&gt;
&lt;/blockquote&gt;&lt;p&gt;Things are back to normal, and everyone is returning to their offices. Some are ecstatic about free food, coffee, and office gossip. Others are dragging their feet. And most security teams are somewhere in between — quietly aware that two years of remote-first work has created some habits that don&amp;rsquo;t translate well to shared physical spaces.&lt;/p&gt;</description></item></channel></rss>