Truman’s Take: A Product Researcher’s Insights on Managed Learning

Welcome to “Truman’s Take,” where Product Marketing Manager James O’Leary sits down with Senior Product Researcher Truman Kain. As one of the leading minds behind our security training, Truman truly brings the brains and bold ideas to Huntress Managed Security Awareness Training (SAT). In this chat, the two discussed managed learning, the process of choosing each episode’s topic in relation to the threat landscape, and the upcoming episode for December.

But before we dive into the interview, let’s take a step back and examine what Managed SAT is and why we do it in the first place. Since our inception in 2015, Huntress has strived to create quality cybersecurity products that empower resource-strapped IT and security teams that other vendors often overlook. 

When it came to SAT, we quickly realized that an area that our partners and customers really struggled with was managing their programs. This usually resulted in high overhead, wasted resources, or neglect of their programs altogether. They simply didn’t have the time or security expertise to keep an SAT program running, let alone one that would go beyond merely satisfying their compliance requirements and improving their security posture. 

We repeatedly heard this challenge from our partners and customers, and so we decided to do something about it. After all, we have an entire team of cybersecurity researchers and practitioners whose expertise we can leverage to build an SAT program that reflects current threats. So with that, we developed Managed SAT, where the Huntress team takes over the creation, curation, and scheduling of your training programs (including episodes, phishing simulations, and Phishing Defense Coaching recovery training). All this means you can spend more time on other priorities, all while being confident your SAT program is taken care of. 

With that in mind, let's get into the interview with Truman, the man behind the management.

‍

James O’Leary: What does your role as a product researcher here at Huntress look like?

Truman Kain: As a product researcher at Huntress, my job is to take the expertise of our team and our knowledge of hacker tradecraft and make it accessible to our partners and users. As the lead researcher for our Security Awareness Training product, I keep a close eye on what's being seen in the wild from attackers, what's impacting our customers, and how we can train our learners to be vigilant against today’s threats. This training comes in the form of educational content, phishing simulations, and Phishing Defense Coaching.

‍

What’s your background as a threat/product researcher?

Prior to joining Huntress, I worked for several years as a social engineer conducting phishing, vishing, and physical penetration tests against the Fortune 500. I’ve developed and presented novel security tooling at DEFCON, GrrCON, SaintCon, and Devoxx. I’ve also led the development of a Phishing Simulation platform and conducted more traditional forms of penetration testing. I hold OSCP and CESE (formerly known as SEPP) certifications.

‍

When it comes to choosing episodes of Huntress SAT, what are the biggest considerations?

We like to think about what’s topical while also taking into account the episodes that a learner has recently watched as part of our Managed SAT offering. We want to ensure that all of the various cybersecurity themes are being hit on a regular basis, we aren’t fatiguing learners on a particular subject, and we’re providing a wide range of foundational security awareness training over time. 

‍

What makes those considerations so important?

If learners don’t complete their assignments, their security awareness suffers. It’s our job not only to make world-class educational content but also to schedule and assign it in a way that keeps people engaged and wanting to learn more, all without overwhelming the learner or diluting the security awareness information we provide.

‍

What sources of information do you rely on to help with your decision?

We follow the threat landscape and cutting-edge techniques seen in the wild, work with our Security Operations Center to find common denominators in attacks against Huntress endpoints, and analyze phishing emails reported to us by our learners. We then use these data points to decide which topic will be most beneficial for our learner base.

‍

What's the benefit of this approach?

By looking at all of these data points and finding commonalities between prevalent threats and the ones that our SOC is seeing affect our user base the most, we’re able to prescribe training content that’s not only relevant to what a learner is most likely to encounter but also what’s most likely to produce the desired security awareness outcomes that our partners and customers rely on to improve their security postures.  

‍

This month’s episode is about privacy. Why did you choose this topic?

Sometimes, we get into the weeds on a very specific attack vector, like Adversary-in-the-Middle. On the other hand, it’s also important to take a step back every once in a while and look at the bigger picture. Privacy is one of the core concerns that carry over into the lives of our learners outside of work, but it can be difficult to understand the implications of “giving away your data” when you’re at work. This episode helps break it all down.

‍

What are the learning objectives and desired outcomes/behaviors for this episode?

This episode goes into:

• Describing your rights for data privacy and security
• Summarizing the purpose of a privacy policy
• Demonstrating your role in protecting sensitive data
• Examining the various regulations relating to privacy

‍

How will this benefit the learners and their organizations?

Learners will gain a better understanding of the importance of protecting sensitive or personal data, whether it be that of external customers, coworkers, or their own.

‍

Want to see how an SAT program that’s tailored to today’s threats can benefit your organization? Start your free trial of Huntress SAT today!