2 minutes reading
About Ashok Kakani
Ashok Kakani is an experienced CISO and Information Security leader with over 28 years of expertise across the Technology, Insurance, and Banking sectors. He brings extensive experience in security architecture, strategy, and large-scale program execution. Throughout his career, Ashok has successfully led and delivered complex security initiatives, driving transformation and strengthening enterprise security posture. Recognized as a strategic leader, he is known for building robust security frameworks, enabling organizational growth, and developing high-performing teams aligned with business objectives.
Making Security Habits Stick through Accessibility
Ashok Kakani focuses on the logistical and structural changes needed to make security training effective in high-pressure corporate environments. The primary issue he identifies is the traditional 30-minute or one-hour training module, which is often irrelevant and burdensome to specific business units. The core of his address is the advocacy for “micro-learning”—brief, one-to-two-minute videos tailored for different teams and delivered through platforms they already use daily, such as Slack. By moving security closer to the user’s workflow, organizations can build habits that stick without causing training fatigue.
Key Lines from the Speaker:
- “We don’t want to have like a 30 minutes or a one hour training program… it has to be a quick one or two minutes”.
- “Identify an ambassador in a team and work with them to build that right training program”.
- “You cannot just rely on training and awareness alone to solve any problem”.
Content: Contextual Incentives and Defense-in-Depth
Ashok Kakani (CISO Compunnel Inc) emphasizes that personalization is key to engagement. He recommends that training platforms integrate with HR data sources to deliver role-based or tag-based content, ensuring that employees only see what is relevant to their specific risks. He also suggests giving users a “choose-your-own-adventure” style option where they can pick from different training personas to increase interaction. To ensure employees concentrate on even short videos, Ashok proposes creative incentives, such as hiding “coupon codes” within training videos that users can submit for rewards.
However, Ashok is quick to point out that training is not a silver bullet. He advocates for a “layered defense” strategy where technical controls catch the human errors. This includes robust email security to prevent malicious links from reaching the inbox, sandboxing platforms to safely open links, and strict endpoint security. He also stresses the importance of controlling “exit gates” like proxies and firewalls, and ensuring that critical infrastructure is only accessed through privileged accounts with multi-factor authentication. This holistic approach ensures that awareness is a strong component of defense, but not the only one.
Discuss Your Organization’s Human Risk Challenges – Book a Meeting
