Friday, January 16, 2026 — Meeting Recap

Technical Troubleshooting and Light Banter

The meeting began with casual greetings and small talk, including references to music and Friday greetings. Shawn and Stryker discussed technical issues related to screen-sharing and a LinkedIn thread, with Alex Cohen suggesting they wait for more participants. Stryker mentioned needing to grab a "hacker cloak" to stay warm, which led to a lighthearted discussion about hacker attire and the use of stock images. The conversation included some humorous remarks about mushrooms and basements, and the conversation ended with Shawn encouraging Alex Cohen to join a call.

RSA Conference 2024 Planning Discussion

The group discussed their upcoming attendance at RSA Conference 2024, with Stryker expressing excitement about vending and meeting colleagues. They agreed to organize a Cloud Security Office Hours (CSOH) breakfast meeting at 8 AM, with Jay noting it would be an hour and a half drive for him. The conversation shifted to conference experiences, with Neil and Shawn sharing insights about vendor booths and networking opportunities. Two new members introduced themselves: Tomiwa, a cybersecurity engineer from the UK focusing on cloud security, and Nithin, a recent graduate interested in cloud security who found the group through Reddit. Stryker then presented an idea for a slide deck about cybersecurity awareness training content, seeking advice on when to stop creating new materials and when to refresh existing content.

Cybersecurity Training Coverage Strategy

Stryker presented a project to organize cybersecurity awareness training content by mapping it to MITRE TTPs (tactics, techniques, and procedures) for internal use. The discussion revealed that while the original goal was to define "complete" training coverage, the team agreed this approach might be backwards, suggesting instead to first establish business value metrics and acceptable coverage levels before attempting to achieve 100% completion. Jay and James emphasized the importance of understanding the target audience's needs rather than focusing solely on technical cybersecurity concepts. The project's scope evolved from serving production staff to supporting both internal stakeholders and GRC professionals, with the ultimate goal of demonstrating training completeness to prospects while maintaining practical value for different user groups.

Security Video Briefings Initiative

Stryker discussed a project focused on creating targeted, short-form video briefings to address security gaps and improve employee awareness. The team explored how these briefings could be used to nudge employees into adopting better security practices, such as updating operating systems or enabling multi-factor authentication. They emphasized the importance of making security training relevant and contextual, rather than relying on one-off, lengthy sessions. The discussion also touched on the need for automation in managing sensitive information and the potential for these briefings to prompt employees to review and clean up their security practices.

Security Training and Human Behavior

The meeting began with a discussion about security awareness training, where Don expressed interest in gamification and psychology-based approaches to make training more engaging. Stryker shared that their startup, founded by cybersecurity experts, applies behavioral psychology to security training. The conversation then shifted to Tyler's story about accidentally discovering a trove of passwords through IRC at a young age, highlighting the importance of human laziness in security vulnerabilities. The conversation ended with discussions about phishing attacks and the need to educate users about cybersecurity practices, as well as plans for the group's upcoming 3-year anniversary celebration.