Focusing on Personal Security to Strengthen Security Culture During National Cyber Security Awareness Month

As the security landscape grows increasingly complex and challenging, we as security leaders must do our part to evolve our security practices and educate our teams to help maintain a strong security posture. While Adobe works to address these needs on an ongoing basis, during National Cyber Security Awareness Month (NCSAM) – celebrated in October – we have a special opportunity to shine a spotlight on these efforts and engage our engineering community and larger employee base on cybersecurity.

NCSAM was launched by industry and government groups as a broad effort to help Americans stay safer and more secure online. With this mission in mind, Adobe has historically and successfully engaged our engineering community by involving them in security awareness month. This year Adobe will continue to engage our engineering community but will also incorporate the broader base of employees in security awareness through additional focused events and activities.

Adobe is hosting events for employees throughout the month of October where speakers – internal experts from Adobe and as well as industry guests – will give presentations focused on security best practices that are relevant in many aspects of a person’s life, whether at work, home or traveling. These include:

• Passwords Best Practices: The Enterprise Security team at Adobe will be hosting a session that discusses the importance of password hygiene and provides best practices in creating strong passwords.
• Prevention, Protection and Resolution of Identity Theft: Employees will have a chance to learn more about their identity theft benefit, including tips on how to best protect themselves.
• Home Wi-Fi and How to Secure It: This event will feature Adobe’s security architect, Jason Joy, providing tips on the basics of home wi-fi, including how to set-up home routers securely.
• How does Adobe work to discover potential vulnerabilities internally at Adobe? Adobe’s Penetration Testing team will share how and why Adobe works proactively to identify potential gaps internally and how that helps improve overall security.
• FBI Special Agent – People and Cyber Attacks: An FBI agent will be talking exclusively to Adobe employees about recent cyber security threats, examples of high-profile cyber criminals and how to best protect against these types of risks.

In addition to the general events, Adobe will also invite employees to participate in additional technical security activities such as:

• Annual Internal Bug Bounty: This activity has long been a pivotal part of the Adobe security program and allows employees to demonstrate creative and diverse thinking when identifying potential bugs to help protect Adobe and our users.
• Container Basics and Security Best Practices: This training hosted by the security engineering team will provide best practices on container security.
• Exploitation Workshop: Attendees will gain an overview of compromise and lateral movement techniques through hands-on exercises where Adobe puts itself in the shoes of an attacker.
• Capture the Flag: Employees will learn about various attack methods to better understand how Adobe works to protect against them. Each week there will be new challenges with rising difficulty and increasingly higher value prizes.

The cybersecurity fun will be hosted in several of our major offices – including San Jose, San Francisco, Lehi and Seattle, Hamburg and Noida to get the larger community involved. The events and activities will also be available to view or access remotely.

As part of our overarching goal to engage employees in security awareness, Adobe will also be launching a series of security awareness videos that can help demonstrate best practices in a clear, entertaining and easy-to-understand format. Beginning in October, the videos will be released to the internal Adobe community, with another video following every other month to help build momentum around the videos. The videos are meant to naturally teach security principles.

Adobe works to provide resources that can help not only the engineers building our products, but also the employees who might be facing these threats at home or in the office. At Adobe, we believe that empowering employees to adopt and understand the value of security best practices in their personal and professional lives leads to an enhanced security culture – building a more secure environment and creating knowledgeable security advocates across our organization.