Security Awareness Culture Change, Part 2 – Kelley Bray, Stephanie Pratt – SCW #69

We continue the discussion about the importance of effective security awareness programs and what that would actually look like. We’ll also examine how to move beyond “bare minimum” check-box mentality about meeting security awareness training requirements and imagine building a culture of security aware employees in the organization. Visit for all the latest episodes!

Full Episode Show Notes

Security Awareness Culture Change, Part 2


Kelley Bray

Kelley Bray – Director, Client Success & Sr. Security Awareness Strategist at Living Security

For the better part of 10 years, Kelley has built training and awareness programs for the Federal Government, DoD and private sector. After delivering online and in-person training to hundreds of thousands of users worldwide, Kelley has tried all the tools and techniques, learned from valuable mistakes, and had a lot of fun celebrating security program success along the way. Her passion for this topic is fueled in equal parts by the rapidly changing risks that all users must combat, and the amount of technology that her 3 children have access to.

Kelley holds a Bachelor’s Degree from George Mason University and currently serves on the Board of Directors for the National Cybercrime Support Center. In her free time, she enjoys reading, gardening and spending time with her family.

Stephanie Pratt

Stephanie Pratt – Head of Content at Living Security


Stephanie Pratt is the Senior Security Awareness Content Manager at Living Security. She developed a passion for cybersecurity at Blackbaud where she created the company’s first-ever security awareness program. Her program included a champions program, phishing simulation, a monthly speaker series, and a robust cybersecurity awareness month. She earned her SANS Security Awareness Practitioner, SSAP, certification in July 2019. Before joining Blackbaud, Stephanie worked for more than a decade in broadcast journalism as a TV reporter in Oregon, South Carolina, New Hampshire, and New York. She holds a B.S. from Emerson College.


Jeff Man

Jeff Man – Sr. InfoSec Consultant at Online Business Systems


Cryptanalyst, infosec analyst, pioneering ex-NSA pen tester, PCI specialist and certified security curmudgeon. Currently a Sr. InfoSec Consultant for Online Business Systems.

Josh Marpet

Josh Marpet – COO at Red Lion


COO of Red Lion
IANS Faculty
Blockchain Patent Holder
MISTI Instructor
Entrepreneurship Curmudgeon
Board Member BSidesDE
Board Member BSidesDC
Ex-cop and Fireman

Priya Chaudhry

Priya Chaudhry – Jedi Warrior Princess at ChaudhryLaw PLLC


Criminal Defense Trial Lawyer

Scott Lyons

Scott Lyons – CEO at Red Lion


CEO at Red Lion


  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • Our next live webcast will be on April 29th at 11am ET where you will learn how to prepare for & prevent modern ransomware attacks! Our next technical training will be on May 6th at 11am ET. This technical training webcast will explore common misconfigurations of NGINX, the damage they could do, and how to avoid them. Visit to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at