Finding the right cybersecurity webinars can feel like a full-time job. You need actionable advice, but so many sessions are too broad. The best cyber security webinar topics focus on people, not just tech. That's why finding a truly great cybersecurity culture webinar is so difficult. We've done the searching for you. This list features top-tier information security webinars packed with strategies for Security Awareness Program Owners. You'll get actionable steps for building a strong security culture and proving its value across your entire organization.
That’s why we want to feature a few program owner-specific conversations with advice from real program owners like you, aimed at improving your cybersecurity awareness initiatives.
Here are five must-watch webinars every Security Awareness Program Owner should check out:
Many organizations adopt a security awareness initiative to fulfill compliance requirements, but when employees feel forced to complete training merely to check a box, their minds and hearts aren’t in it. In order to get your teams truly interested in better protecting your company, you must change your organization’s entire culture around security. Sound like an undertaking? With the right help, it doesn’t have to be!
In this cybersecurity webinar, Living Security’s Kelley Bray and Stephanie Pratt talk about why the “mandatory” awareness training approach often doesn’t work. They’ll also discuss how to take the ambiguous compliance requirements and make sure you’re meeting all regulatory checkmarks in your security initiative.
Building a security culture that sticks requires more than just good intentions; it needs a blueprint. Strategic frameworks provide a structured approach, helping you move from abstract goals to a concrete action plan. Instead of guessing what might work, these models offer proven methods for understanding your organization's unique dynamics and managing the change process effectively. Using a framework helps ensure your efforts are targeted, aligned with your company’s values, and built on a solid foundation. This is a core tenet of Human Risk Management (HRM), as defined by Living Security, which starts with making risk visible and measurable before you can act on it.
Before you can change your culture, you have to understand it. The Competing Values Framework is an excellent tool for this, helping you diagnose your organization's dominant cultural style. It categorizes workplaces into four types: Clan (collaborative and people-oriented), Adhocracy (innovative and risk-taking), Market (results-driven and competitive), or Hierarchy (structured and process-focused). Knowing where your organization lands helps you tailor your security messaging and initiatives. For example, a Clan culture might respond best to team-based security challenges, while a Market culture may be motivated by metrics and leaderboards showing risk reduction.
Introducing new security behaviors is a significant change, and employees will react in different ways. The SATIR change model helps you anticipate and guide your teams through the emotional stages of this transition. The model outlines a path from initial resistance and chaos to a new status quo where secure practices become second nature. By understanding this emotional journey, you can provide the right support and communication at each stage, facilitating a smoother adoption of your security program and turning potential friction into positive momentum for lasting behavioral change.
To build an effective security culture, your teams need to understand the "why" behind the rules. Defining a set of clear, concise guiding principles for security establishes that purpose. These principles should act as a compass, reflecting your organization's core values and helping employees make smart security decisions independently. For instance, a principle like "We protect our customer's data as if it were our own" is more inspiring and memorable than a long list of policies. When everyone from the C-suite to the newest hire understands and embraces these principles, security becomes a shared responsibility and an integrated part of your company's identity.
You can’t fix everything at once, and you don’t have to. The Pareto Principle, or the 80/20 rule, suggests that roughly 80% of security incidents stem from 20% of the risks. Your goal is to identify and focus your resources on that critical 20%. The challenge, however, is accurately identifying where the greatest risks lie. This is where a data-driven approach becomes essential. Living Security, a leader in Human Risk Management (HRM), provides the leading Human Risk Management Platform that helps you apply this principle with precision. By analyzing signals across employee behavior, identity and access systems, and real-time threat intelligence, our platform pinpoints the specific individuals and access points that pose the highest risk, allowing you to direct your interventions where they will have the greatest impact.
For cybersecurity professionals, the rise in phishing attacks during the COVID-19 pandemic has not gone unnoticed. Social engineers have been preying on fear and panic, crafting clever stories to trick employees into granting them access to important private information. The good news is that awareness programs have been quickly pivoting to focus heavily on phishing, vishing, and all the “ishing” to let employees know what to expect.
The team at Living Security talks about some security problems that customer support teams face in particular, with an emphasis on different forms of phishing. We love this webinar; it’s so aligned with our brand messaging of making everything “human.” Listen as our best program owners tell stories of how to protect your grandma from credit card fraud and more.
In this webinar, experts from Living Security and Axonius discuss a fundamental question: Who truly owns security culture? The short answer is that everyone does. A strong security culture is not the sole responsibility of the security team; it is a collective effort that requires buy-in from every department and individual. However, achieving this collective ownership can feel like an uphill battle. To make it happen, you need a framework that makes risk visible, measurable, and understandable to the entire organization, moving security from an abstract concept to a tangible, shared responsibility.
Human Risk Management (HRM), as defined by Living Security, provides this holistic view. To effectively predict and prevent incidents, security leaders must analyze risk signals across the organization. This means moving beyond simple awareness training and looking at the complete picture of human activity. An effective HRM program is built on a data-driven foundation that correlates information across employee behavior, identity and access systems, and real-time threat intelligence. This approach allows you to identify your most at-risk individuals and roles, providing the actionable visibility needed to build a resilient security culture from the ground up.
While everyone plays a part, leadership engagement is the critical catalyst for a successful security culture. CISOs, Business Information Security Officers (BISOs), and other risk professionals are responsible for setting the strategy and securing the resources needed to manage human risk effectively. They need a clear, unified view of risk that cuts through the noise to make informed, strategic decisions. The Living Security Platform, the leading Human Risk Management Platform, is designed for these leaders, providing actionable visibility by correlating data across behavior, identity, and threat intelligence. This allows them to move from a reactive posture to a proactive one, identifying risk trajectories before they lead to an incident and guiding teams with targeted, evidence-based interventions.
Webinars are an excellent tool for professional development, but they also introduce a unique set of security challenges that many organizations overlook. The very features that make webinars interactive and engaging, such as live chat, Q&A sessions, and file sharing, can also serve as entry points for malicious actors. Cybercriminals specifically target webinars because they gather a specific group of people, often from the same industry or with similar roles, making them a prime audience for targeted social engineering and phishing attacks. This discussion, featuring experts from the SANS Institute and Living Security, breaks down these common pitfalls.
Understanding these risks is the first step toward mitigating them. It is not about eliminating webinars from your strategy but about hosting them securely. This involves careful planning, from the registration process to post-event communications. By treating your webinars with the same security diligence you apply to other digital assets, you can continue to leverage them as a powerful educational tool while protecting your organization and your attendees from potential threats. This proactive mindset is a core component of a mature security program and reflects a deep understanding of how human interaction can be exploited in any environment.
Cybercriminals are drawn to webinars for a simple reason: efficiency. These events bring together a captive audience with shared interests, creating a perfect environment for targeted attacks. According to research, the ease of access and information sharing makes webinars attractive targets for those looking to exploit data. A threat actor might join a webinar and use the public chat to share a malicious link disguised as a helpful resource, or they could pose as a fellow attendee to phish for credentials. The information shared by presenters and attendees can also be valuable for reconnaissance, helping attackers build a more detailed profile of an organization for a future, more sophisticated attack.
When you host a webinar, you become a custodian of your attendees' data, and protecting it is paramount. Start by scrutinizing your registration process. Only collect the information you absolutely need, and be transparent about how you will use it. During the event, establish clear rules of engagement for interactive features like chat and Q&A. Assign a moderator whose sole responsibility is to monitor these channels for inappropriate content or suspicious links. Disabling the ability for attendees to private message each other can also reduce the risk of targeted phishing attempts within the platform, ensuring a safer experience for everyone involved.
Many webinar platforms offer automated tools to help manage and secure events, but these systems have their limits. An automated filter might block a message containing a known malicious URL, but it will likely miss the nuance of a sophisticated social engineering attempt. For example, an attacker could ask a seemingly innocent question designed to trick a presenter into revealing sensitive information about the company’s internal processes or technology stack. Automated systems are not equipped to understand context or intent, which is why they often fail to detect these more subtle, human-centric threats that unfold in real time.
This is where human oversight becomes indispensable. As one study notes, it is important to have human experts watching webinars to detect suspicious activities that automated systems might miss, especially in live, synchronous events. A trained moderator can identify and intervene when a conversation veers into a risky area or when an attendee's behavior seems suspicious. This approach, which combines technology with human expertise, reflects the principle of "AI with human oversight." It ensures that you have a defense that is both scalable and intelligent, capable of catching the threats that algorithms alone cannot.
Many organizations are shocked to find they’ve been measuring their phishing campaign all wrong! This cybersecurity webinar poses the question, “Why is ‘did they click’ the only metric we care about tracking?” When you only concern yourself with clicks, it becomes easy to inaccurately measure your program’s success. Three-quarters of breaches are caused by something other than phishing, and not only does Living Security’s CSO Drew Rose reveal what they are, but he also talks about ways to integrate them into your program and track them.
As an added bonus, the end of the webinar digs into the importance of follow-up after a phishing campaign comes to a close, as well as some tips for shifting the culture of your phishing tests to one of trust and empowerment instead of fear.
Many organizations begin their security awareness journey simply to fulfill compliance requirements. This "check-the-box" approach often fails because when employees feel forced to complete training, the lessons don't stick. To effectively reduce risk, you need to move beyond compliance and build a genuine security culture. This means transforming security from a periodic, mandatory task into a set of ingrained, daily habits. It’s about making security a shared value that is seamlessly integrated into everyone's workflow, not just another rule to follow.
This cultural shift is the core of an effective security program. Human Risk Management (HRM) provides the framework to make it happen. Instead of generic training, an HRM program uses a data-driven foundation to make risk visible and actionable. Living Security, a leader in Human Risk Management, helps organizations achieve this by analyzing risk signals across employee behavior, identity and access systems, and real-time threat intelligence. This comprehensive view allows you to predict where incidents are most likely to occur and guide individuals with personalized interventions, helping them build secure habits that protect the entire organization.
As a program owner, you know how hard it can be to communicate your message. For starters, your security awareness topic often changes on a monthly basis. How do you cover a subject over 30 days and help the user gain real skills, without being repetitive or annoying? It’s also important to consider the channel, or where you’re relaying your message. Where are your employees most receptive to learning about security—via Slack or messaging platform, email, etc.?
In this webinar, the Living Security team welcomes two program owners from different organizations to discuss their preferred communication channels, tactics for delivery, and—of course—how they measure the success of their awareness campaigns.
In this webinar, Kushboo Kashyap, Senior Manager of Security Governance and Risk Management at Ribrick, Inc., joined Jennifer Kinney, Community Engagement Manager at Living Security to discuss effective strategies to plan and execute the best Cybersecurity Awareness Month possible. Kushboo has demonstrated success in creating dynamic and effective October programs. Topics will include:
To build a successful security awareness program, you first need to understand the landscape. The stakes are incredibly high, and the methods for educating your workforce are constantly evolving. Webinars remain a popular choice for disseminating information, but their effectiveness hinges on a clear understanding of the risks they are meant to address. By grounding your strategy in data, you can move from simply hosting events to driving real, measurable changes in behavior and reducing organizational risk.
The financial impact of security incidents is a powerful motivator for any security initiative. According to one review, cybercrime cost organizations an estimated $600 billion worldwide, a figure that underscores the urgent need for proactive defense. This isn't just a technical problem; it's a human one. Most breaches involve a human element, which is why a reactive, "detect and respond" approach is no longer sufficient. The most effective strategy is to predict and prevent incidents before they happen. By focusing on the human layer of security, organizations can get ahead of threats and avoid becoming another costly statistic. A data-driven approach to Human Risk Management (HRM) makes this possible.
Webinars have become a cornerstone of corporate education and marketing, with the market expected to generate around $800 million. Research shows that 75% of marketers believe webinars help generate quality leads, proving their power to capture attention and drive action. For security leaders, this presents a significant opportunity. A well-executed webinar can be an effective tool for training employees and shifting the security culture. However, effectiveness isn't guaranteed. The key is to deliver content that is not only engaging but also part of a larger, strategic program designed to produce tangible outcomes, rather than just checking a box for training completion.
Building a strong security culture is less about enforcing rules and more about inspiring change. It requires a strategic vision and a clear plan, a sentiment echoed by leaders across the industry. Experts have long advocated for moving beyond compliance-driven training to create an environment where secure behaviors become second nature. This involves understanding your organization's unique values, communication styles, and risk appetite. By learning from the pioneers who first championed the idea of a security culture, you can adopt proven frameworks to guide your own program and create a roadmap for lasting change.
Industry experts like Lance Spitzner from the SANS Institute emphasize the need for a formal strategy and roadmap. A webcast on the topic explains how to create a custom plan that fits your organization's specific needs and maturity level. This approach aligns perfectly with the principles of Human Risk Management (HRM), as defined by Living Security, which moves beyond generic, one-size-fits-all training. A truly effective program requires a deep understanding of your organization's unique risk profile. With a clear strategy, you can prioritize your efforts, measure what matters, and build a culture that is resilient by design, not by chance.
A modern security culture is an inclusive one. As organizations become more diverse, security programs must evolve to reflect the workforce they protect. This means looking beyond technical controls and considering the different ways people interact with technology and perceive risk. Broadening the scope of your program to include topics like diversity and gender-specific challenges isn't just a progressive idea; it's a strategic imperative. An inclusive approach strengthens your security posture by ensuring that your awareness and training efforts resonate with every single employee, making your human firewall that much stronger.
Building a strong security culture requires input from a wide range of perspectives. As noted by resource hubs like the Cybil Portal, there is a strong focus on making cybersecurity more inclusive to ensure diverse groups are both involved and protected. A homogenous team may share the same blind spots, but a diverse team brings different experiences and viewpoints that can help identify a wider array of potential threats and social engineering tactics. This diversity of thought is critical for developing a comprehensive security strategy that accounts for the many ways human risk can manifest across an enterprise. It ensures your program is not just compliant, but truly effective at protecting everyone.
Effective Human Risk Management requires a nuanced understanding of how different groups experience threats. For example, several webinars from organizations like UN Women and UNIDIR focus specifically on how cybersecurity affects women, including online harassment and gendered disinformation campaigns. Recognizing that threat actors often tailor their attacks to specific demographics is crucial for building a resilient defense. A security awareness program that acknowledges and addresses these gender-specific challenges is better equipped to provide targeted, relevant training that empowers all employees to recognize and report threats, strengthening the organization’s overall security posture.
To effectively manage a security awareness program, you need a single source of truth. Portals that offer a centralized collection of resources, including projects, tools, publications, and webinars, provide immense value. This organized approach prevents information from becoming scattered and ensures that employees always know where to turn for guidance. Living Security, a leader in Human Risk Management (HRM), applies a similar principle by unifying risk signals across behavior, identity, and threat data into a single platform. Just as a centralized data platform provides clarity on risk, a centralized resource hub like our Human Risk Management Toolkit provides clarity for your awareness efforts, making your program more efficient and impactful.
It’s wonderful to listen to other program owners and cybersecurity professionals share their awareness campaign secrets of success, but when time and resources become the problem, it’s hard to apply what you’ve learned.
That’s why our team at Living Security developed Campaign in a Box.
Receive new, helpful content to promote your awareness campaigns every month, without the legwork. Request more information about our resources for program owners today.
My organization treats security training as a compliance task. What's the first practical step to start changing the culture? A great first step is to diagnose your current culture before trying to change it. Use a model like the Competing Values Framework, mentioned in the post, to determine if your company is more collaborative, competitive, or process-focused. Understanding this helps you tailor your security messaging to what already motivates your teams, making it feel less like a mandate and more like a shared objective.
The post mentions focusing on the 20% of risks that cause 80% of incidents. How can I identify that critical 20% without just guessing? Identifying your top risks requires moving beyond guesswork and using data. A true Human Risk Management (HRM) approach involves looking at multiple sources of information. By correlating data from employee behavior, identity and access systems, and real-time threat intelligence, you can get a clear picture of which individuals or roles pose the most significant risk and focus your interventions there.
You recommend watching webinars, but also say they can be risky. How can I use webinars for training without exposing my team to new threats? The key is to be a secure host, not to avoid webinars altogether. Treat your own webinars with the same diligence you apply to other digital assets. This means carefully managing registration, assigning a moderator to monitor the chat for suspicious links or questions, and disabling features that are not essential for the session. It is about combining the platform's tools with active human oversight to create a safe environment.
If tracking clicks isn't the right metric for phishing training, what should I be measuring instead? Instead of only tracking clicks, focus on more meaningful outcomes that demonstrate learning. For example, you can measure the rate at which employees report suspicious emails. A high reporting rate, even if some employees also clicked, shows they are engaged and trying to do the right thing. This shifts the goal from "don't click" to "be a good partner to security," which is a much more powerful and positive metric.
I struggle to get employees to pay attention to security messages. What's a key strategy for making communication more effective? The most effective communication meets people where they are. Instead of relying on a single channel like email, consider where your teams are most active and receptive, such as a company messaging platform. Also, try framing your messages around shared goals, like protecting customer data or ensuring business continuity, rather than just listing rules. This helps employees understand the "why" behind your requests.