30th November 2022
18th August 2022
Special guest interviews
With Birgit Schneider
There are several providers in the market who train employees in IT security. We invited one of them to our advice studio today: Dr. Thomas Schlienger, security awareness pioneer and founder of TreeSolution Consulting GmbH.
He tells us exactly what his company does, how it differs from other providers and why he and his company are the experts when it comes to the long-term training of employees in matters of security.
Dr. Schlienger, we are delighted to have you as our guest today!
Thomas Schlienger: My name is Thomas Schlienger. I am the founder and owner of TreeSolution Consulting GmbH, the expert for holistic security awareness solutions.
I have been working with this topic since 2001, first in research and since 2005 also with my company. At the time, I was one of the first to deal with this issue.
Today I support security officers of companies in raising awareness and training their employees and in anchoring secure behavior in their corporate culture.
I had already been very enthusiastic about information security during my business informatics studies. After successfully completing my degree and briefly working in business, I was drawn back to university to write a doctoral thesis.
As I did my research, I quickly realized that the human factor would become critical for information security. As a result, I focused my research efforts on the question of how secure behavior can be successfully anchored in corporate culture and measured.
At that time, I was one of the first researchers in the world to work in this domain.
I find the interface between people and technology incredibly fascinating. Even if most companies have similar problems, every company ticks differently.
If we really want to be successful, it's not enough to do simple training. We have to deal with the peculiarities of the company, understand the culture, and adapt it where necessary.
Successful security awareness is actually a change management process. Understanding this system of security culture and shaping it together with the customer is just great.
In order to influence human behavior and make it more secure, not only must the knowledge or motivation of employees be positively changed, but we must also look at the entire “security culture system” in which people work.
This includes questions such as the internal processes and structures, how we deal with problems, how we learn, and what the management behavior is like. Very few providers understand these complex relationships.
With the Security Awareness Radar® - our solution for measuring and promoting information security culture - we are setting completely new standards in this area and are still the only company in this revolutionary field.
And we are not only very strong in analysis, but also when it comes to influencing behavior. As a specialist for security awareness, we can not only offer specific solutions, but an all-round approach with lasting success.
The press is currently full of stories about hacker attacks. Most of these attacks only succeeded because they were able to trick an employee.
However, pointing a finger at the employees here and practicing “fear mongering” is counterproductive.
Instead, we should enable employees to recognize dangers and increase their confidence that they can react correctly.
Yet many companies do not realize that this is a lengthy process. Carrying out a small campaign once every 1-2 years is not nearly enough.
Only companies that take the issue seriously, plan for the long term, and implement measures regularly will be successful.
One day we received an order from the management of a company that wanted to make their employees aware of IT risks and train them.
However, before we started implementing these measures, we first analyzed the security culture. We found that although the employees had clear knowledge gaps, they were highly motivated to change this.
Management, on the other hand, had even bigger knowledge gaps but saw no point in changing anything about themselves.
This is particularly strange when you consider that management is the preferred target of attack. But they weren't aware of that.
Therefore, we first had to sensitize and train the management.
Customers often simply lack the necessary time, but also the necessary knowledge, to properly deal with security awareness.
As a result, measures are usually only implemented selectively when the pressure is greatest.
However, these measures do not follow a long-term plan and do not contain any goals for changing behavior. I always find it's a shame when I see something like this.
We have therefore developed an all-round carefree package: the Security Awareness Club.
It's a service where you don't have to worry about what you might need for years to come - it's all included. Membership includes measurements with the Security Awareness Radar®, all our training modules, and other awareness material.
This makes it easy to plan and implement measures over several years. Through continuous activities, successes are real and information security is strengthened from the ground up and for a long time.
In the last 15 years we have worked with hundreds of projects and companies in improving security culture and security awareness.
We have already trained over half a million users with our e-learning courses. We are proud of this achievement and of course also that we receive consistently positive feedback from our customers.
But before even getting that far, a lot of persuasion may be needed.
We’re working for example in a project with a German company where, thanks to our measurements, we were able to show that things could no longer go on in the same way. The security officer thus got the necessary arguments to convince the management, finally, to implement a sensible and effective awareness strategy.
Of course, something like this is always a great success for us, the person we’re working with, and of course also for the company, which we make more secure.
On our website www.treesolution.com you’ll find the contact menu with various contact options at the top right.
You can fill out the contact form, write an e-mail, or make an appointment for a consultation.
Want to do it right away? Make an appointment for a free consultation here.