How governments and cyber-militias attack civil society groups, and what they can do about it

Originally published at:


A growing cottage industry is “security training” that focuses on increasing civil society’s awareness of surveillance and malware and on shifting security behavior.

What does this mean? Training grannies to not open email attachments? Who pays for that? The grannies themselves? Or are there entrepreneurs coming in to corporate offices and doing this training? I can’t imagine any medium-sized company would allow that. What’s going on?


At an infosec conference a few years ago, I met an industrial psychologist employed by a security firm. Her specialty was security education and training, and she gave a talk about conditioning, reinforcement, and behavior modification in the context of getting employees to follow security rules and not fall for social engineering. At the same conference, there was a consultant who gave a talk about social engineering and why your employees fall for it.

There are more of these folks, and employees getting training and re-training courses from those folks, so that’s the cottage industry.

That sounds like a really fun job - if you can convince the corporate overlords you’re legit.

1 Like

This topic was automatically closed after 5 days. New replies are no longer allowed.