Lance Spitzner: Making security simple – FISSEA NIST Conference

Featured image

Share this article

Lance Spitzner: Making Security Simple - FISSEA NIST Conference - Paubox
Lance Spitzner: “We’re nothing more than another operating system. The HumanOS.”

Day two of the 31st Annual FISSEA conference at NIST kicked off with a Keynote presentation from Lance Spitzner, Director of Security Awareness at SANS.

His Keynote was titled: Making Security Simple – It’s Really, Really Hard.

Lance was fired up on stage, which in turn got me fired up.

I was especially encouraged to hear that when it comes to enhancing security, Lance strongly recommends a focus on making the new behavior as simple as possible. In the case of Paubox and our approach to seamless encryption and HIPAA compliant email, there is no new behavior for senders to learn.

Here are my takeaways and pics from his energetic presentation:

  • Lance outlined his 3 step process for making Cybersecurity Simple.
  • Changing human behavior is key to managing risk.
  • Lance Spitzner founded the “Honeynet Project” in 1999.
  • The best security awareness officers often do not have technical backgrounds.
  • “Once people interact with technology, then the game radically shifts.”
  • In general, people are smart.
  • Defense organizations tend to have the strongest security programs. At the other end of the spectrum, manufacturing firms.
  • You can download his presentation here


Lance Spitzner’s Three Steps to Making Cybersecurity Simple:

  1. Teach as little as possible (be wary of cognitive overload).
  2. Make the new behavior as simple as possible.
  3. It has to be “Sue” proof (Can a non-technical person understand it?).

20 years ago, it was easy to hack default Windows OS installs.
Lance Spitzner: Making Security Simple - FISSEA NIST Conference


The BJ Fogg Behavior Model – Curse of Knowledge: The more of an expert you are at something, the worse you are at communicating it
Lance Spitzner: Making Security Simple - FISSEA NIST Conference


“Every behavior has a cost.” Used disabling of auto-complete within Outlook at the world’s largest bank as an example
Lance Spitzner: Making Security Simple - FISSEA NIST Conference


Lance spent a good chunk of time (rightly so) on NIST Special Publication 800-63B
Lance Spitzner: Making Security Simple - FISSEA NIST Conference


Lance reported only 10% of Google Workspace users are using 2FA (two-factor authentication)
Lance Spitzner: Making Security Simple - FISSEA NIST Conference


Infographics are great for communicating information
Lance Spitzner: Making Security Simple - FISSEA NIST Conference


Lance’s 3 Takeaways for Making Security Simple (Hint: It’s Really, Really Hard)
Lance Spitzner: Making Security Simple - FISSEA NIST Conference

Also, thanks for fielding my question Lance!

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Hoala Greevy

Founder of Paubox. Kayak fishing when I can. Native Hawaiian CEO.

Read more by Hoala Greevy

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022