The Security Awareness Symposium is a one-day, online event that is designed to provide security awareness training to employees within all departments of retail, hospitality, and travel organizations. The event celebrates the RH-ISAC’s commitment to Cybersecurity Awareness Month and provides both members and non-members an opportunity to provide education and training to their employees.


Non-RH-ISAC Members

Non-members may attend for a minimal fee, with discounted group pricing available.

Individual: $10 per ticket

Group Pricing:

  • 25 tickets = $225 (10% discount)
  • 50 tickets = $420 (15% discount)
  • 100 tickets = $800 (20% discount)
  • 150 tickets = $1,125 (25% discount)
  • 200 tickets = $1,400 (30% discount)
  • More than 200 tickets = Contact [email protected] for pricing

RH-ISAC Members

RH-ISAC members can register an unlimited number of their staff (including non-technical staff who are not credentialed in RH-ISAC’s platforms) for free as a benefit of membership!


The following topics will be covered during the day and employees can choose to attend one or multiple sessions.

Times listed are Eastern Time. 

This introduction will provide an overview of the day, housekeeping and administrative items, and brief remarks on security awareness from our title sponsor, Security Innovation.

Speakers during each 30-minute session will illustrate how remote working has expanded the attack surface and made organizations more vulnerable to attacks. Employees will understand the roles they play as front-line defense in this evolving landscape, including how to better handle company data and minimize their digital risk exposure.

Session 1: Data Protection is Everyone’s Responsibility

10:15 AM – 10:45 AM

Working remotely in the wake of the pandemic has made it more important than ever to safeguard critical applications and data, which has become an increased risk to organizations. In this session, Protiviti will help you you understand the governance and privacy fundamentals of enterprise-wide data protection strategies, as well as the role you play in knowing what type of data is most at risk and how to minimize exposure.

Session 2: The Relationship Between Stolen Credentials & Ransomware

10:45 AM – 11:15AM

A data breach from an account takeover (ATO) or ransomware attack can expose critical data and identity information on the surface, social, deep, and dark web. In this session, SpyCloud will breakdown the digital risk employees and executives face, the lifecycle of stolen credentials, and share some tips on what organizations can do to better defend against ransomware, including the everyday actions employees can take to keep both their work and personal accounts safe.

Phishing continues to be one the easiest paths threat actors use to infiltrate an organization’s networks. During each 30-minute session, employees will step inside the mind of a hacker and learn about the common attack methods used, the motivations behind them, and what actions to take when a phish bypasses the secure email gateway and lands in their inbox.

Session 1: Risky Behaviors in a Hybrid Workplace

11:30 AM – 12 PM

Do you know which employees are targeted the most by cybercriminals? What about the differences in online behavior between men and women? In this session, SecurityAdvisor will breakdown the riskiest employee behaviors that can lead to a data breach – from passwords and phishing to adware and private VPNs – and share tips on how to strengthen the human firewall before the holiday season.

Session 2: Understanding How Hackers Work

12 PM – 12:30 PM

Phishing continues to be one of the easiest paths for threat actors to infiltrate an organization’s networks. In this session, you’ll step inside the mind of a hacker and learn about the common attack methods they use as well as the motivation behind their attacks. Employees will better understand how to identify and avoid phishing attacks, and why they play an essential role in cybersecurity defense.

Security Innovation’s CMD+CTRL Shred Skateboards eCommerce Cyber Range Exercise is a 3.5-hour live hacking event of an online retail site that has 35 vulnerabilities of varying difficulties (novice to beginner) – from SQL injection, password cracking, exposing sensitive, denial of service, parameter tampering, and more! 

This exercise is designed for developers and technical staff supporting the software development lifecycle (SDLC). This is a fun and engaging way to think like a hacker, learn what vulnerabilities may exist on your eCommerce site, and shift security left to address them earlier. Participants can also qualify for CPE credits.

Watch this video to learn more about Security Innovation’s CMD+CTRL Cyber Range.

Get your team together and put those cybersecurity principles into practice! Hosted by Living Security, this track is ideal for non-technical personnel and teams that support key business functions (e.g., marketing, legal, HR, sales). 

Based on real-world scenarios, employees can experience life as both the target and the hacker and use the latest tactics, techniques, and procedures to understand the impact of their decisions in several gamified micro-learning modules. 

Check out the video to learn more about Living Security’s CyberEscape Online.

Each CyberEscape Online session is one-hour long, and sessions will be offered at 1 PM, 2 PM, and 3 PM ET to accommodate schedules and maximize participation. Once employees register, they will receive additional information on how to select their preferred time slot. If you would like to sign up as a team (up to 10 people) to participate in a private session, please email [email protected].


After an action-packed day focused on strengthening internal security operations, we’ll close our symposium with a powerful panel discussion that widens the lens to external partnerships. You’ll hear from retail and hospitality leaders on the growing risk that third-party technology and supply chain vendors can create for organizations. While they may be essential to the business, they introduce expanding threats that require us to rethink acceptable levels of trust and how to implement effective security controls.


• Ed Adams, CEO of Security Innovation (moderator)
• Kara Gunderson, Director of Payment Card Operations at CITGO Petroleum (panelist)
• Mark Carl, Chief Security Officer of PDI Software (panelist)
• Devon Bryan, Global Chief Information Security Officer, Carnival Cruise Line (panelist)


The Security Awareness Symposium is made possible by our sponsors.