SATF – Security Awareness Training Framework

At the AIDE conference last week I had the chance to catch Bill “@oncee” Gardner’s talk on new Security Awareness Training Framework (SATF). Well … at least new to me. Started in late 2011 by K.C. “@k0nsp1racy” Yerrid, it’s goal is to create a free and open source framework that security practitioners can use and evolve. The SATF is still very much in it’s early phases of development and looks to become a very promising project in the near future.

As with any framework it’s goal seems to be to represent the universe of possibilities of anything and everything security awareness training related. With this space defined, the SATF has many uses such as allowing security pros to more easily identify gaps in current training programs or assist customers in defining training programs specific to their needs.

From the SATF website, it’s three main objectives are:

  • Define the Components: Define the components necessary to deliver an effective security awareness program, including scenarios for specialized functions such as developer training and home user education
  • Understand How People Learn Information Security Awareness: Study and leverage the delivery mechanisms and various learning styles of individuals to maximize effectiveness of information security awareness
  • Develop Feedback Mechanisms & Standardized Reporting Metrics: Develop feedback mechanisms and establish candidate metrics to measure the effectiveness of security awareness programs at various levels of granularity

The SATF is also looking for help in taking it to the next level. You can participate by joining their Google Group, following them on Twitter, friending them on Facebook, and/or contacting them directly.

Here is the video by @oncee from AIDE with more information for anyone that’s interested.


Today’s post pic is from See ya!

8 comments for “SATF – Security Awareness Training Framework

  1. April 29, 2013 at 8:50 am

    SATF – Security Awareness Training Framework

  2. April 29, 2013 at 8:56 am

    Hi Grecs,

    To be clear my work is separate and apart from the broader work being done by SATF. As I’ve said before my talks are more like a TV mini series while SATF is more like a major motion picture. SATF seeks to address many more issues and audiences that just building a Security Awareness and Training program for you business. While SATF might at some point adopt some of my work into SATF, that has yet to be seen.


  3. April 29, 2013 at 9:06 am

    #NoVABloggers SATF – Security Awareness Training Framework

  4. April 29, 2013 at 10:05 am

    BLOGGED: SATF – Security Awareness Training Framework

  5. April 29, 2013 at 11:24 am

    #NOVABLOGGER: SATF – Security Awareness Training Framework

  6. April 29, 2013 at 2:29 pm

    Cool, thanks for the clarification.

  7. April 29, 2013 at 8:00 pm

    SATF – Security Awareness Training Framework – check out our post for more info

  8. April 30, 2013 at 10:01 am

    SATF – Security Awareness Training Framework – check out our post for more info

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.