Terranova Talks With Subject Matter Expert Theo Zafirakos About Effectively Analyzing & Planning Stimulating Information Security Awareness Campaigns.

Terranova gets ready to launch its new course Raising Security Awareness Effectively within the upcoming weeks.

“The key to success is to lay the foundation by understanding the business, its strategies and risks, establishing the scope of your program, and selecting a strong team,” says Zafirakos.

He has worked in the field of cyber security for the past 20 years. Notably, he has performed the role of CISO during the last 7 years. Today, as Terranova’s CISO, Zafirakos oversees the creation and development of Information Security Awareness programs and training. He provides thorough insight as subject matter expert and helps conceptualize cyber security material for pedagogical use.

Terranova’s new course is specifically tailored for CISOs. The course content and structure is essentially based on Terranova’s 5‑Step Framework, which assists clients in mapping out an entire security awareness program. The course assists cyber security experts in analyzing, planning, deploying, measuring, and optimizing security awareness campaigns.

“The purpose is to give information security managers a toolkit and knowledge to effectively implement and manage programs that demonstrate value and success,” explains Zafirakos.

Analyzing and planning are key concepts in the course as they bring added value to information security programs and campaigns. Zafirakos emphasizes that a solid awareness program starts with careful preparation. Such stage is vital for organizations as they allow one to know their target audience and ultimately determines the way cyber security programs and awareness campaigns will be deployed.

“You must know your organization to know where to focus and start. Perceptions of current state and reality often differ. One must build a program based on needs, not based on budget or products. Not performing these steps may result in wasted resources or miss-alignment with risk areas,” he says.

Why Analyze? Why Plan?

Raising awareness for information security implies mapping out the socioeconomic and cultural contexts in which the organization is embedded. It means understanding the key players that form the cyber security program, its architecture and implementation. It also entails working with various departments – notably, marketing and communications, IT, program managers, and human resources – to create effective communication strategies and get people motivated about an upcoming campaign, according to Zafirakos.

It also signifies that existing skills and knowledge about information security are carefully analyzed. CISOs use Terranova’s Phishing Simulation Platform to test users’ detection skills and know what type of campaign would best suit target audiences. Raising awareness for information security is about your target audience at a given place and time, and getting them excited about learning best practices. That is why we need to carefully analyze and plan before we launch any awareness campaign.

CISOs orchestrate the entire program architecture for information security awareness. Within the frame of the program, they ensure the successful deployment of several campaigns, each targeting a specific group of end users. Each campaign will require its very own analysis and planning stages, as well as its own deployment strategies. Like the maestro in a symphony orchestra, CISOs are responsible for the overall sound of a security awareness program and its campaigns.

“A CISO’s role is not about technology, but about protecting and ensuring the warranty of information and business services. Confidentiality, Integrity, Availability, and Ability to Audit. Technology is just one of the means to do it. Awareness is another,” summarizes Zafirakos.

Raising awareness for information security goes beyond technology. It involves the ever-changing landscape of cyber security – with all its risks and threats – and successfully equipping users to better handle sensitive information as well as detect and report incidences of cyber threats and vulnerabilities.


Whether you’re responsible for protecting your business or your loved ones, security awareness training can reduce the risk of a cyber attack.

social engineering

You can learn more about setting up a security awareness program and educate your staff and loved ones on cyber security best practices. Download this infographic about the Security Awareness 5 Steps Framework.