Erich Kron
Speaker, Podcast Host, Author and Social Engineering Expert
Tampa, Florida, United States
Actions
Erich Kron, Security Awareness Advocate at KnowBe4, author, podcast host, and regular contributor to cybersecurity industry publications with over 750 published news comments, is a veteran information security professional with over 30 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the US Army's 2nd Regional Cyber Center and holds CISSP, CISSP-ISSAP, SACP and many other certifications. Erich has worked with information security professionals around the world to provide the tools, training and educational opportunities to succeed in Information Security.
Links
Area of Expertise
Topics
Pay Up or Power Down: Inside the Ransomware Business Model
Still think ransomware is just some hoodie-wearing hacker in their mom’s basement? Yeah, no, think again. Today’s ransomware isn’t a lone wolf, it’s a billion-dollar industry with better customer service than most cable companies (not really hard to do TBH), slick affiliate programs, and an “employee of the month” (probably). Welcome to the dark side of capitalism, where your data is the commodity, and the house always wins—unless you learn how to play their game.
Forget the clickbait headlines and the tired “update your backups” advice. In this session, we’ll pull back the curtain on the real business of ransomware, from the economics that drive these digital stickups to the negotiation playbooks that would make a hostage negotiator sweat. You’ll learn why ransomware gangs are basically running Fortune 500 companies (with way fewer HR policies), how victim organizations are forced to weigh ethics against survival, and the subtle ways defenders can use their business model against them.
Through jaw-dropping case studies and a dash of cybercrime economics, you’ll discover how to spot their latest tactics, where their business is booming, and where defenders are finally turning the tables. Bring your curiosity, and maybe a stress ball.
In this session, you’ll learn:
• How ransomware gangs have evolved from script kiddies to boardroom sharks
• The ins and outs of ransomware “customer service,” negotiation tactics, and affiliate programs
• Why some organizations pay while others dig in their heels
From Prompts to Purpose: Navigating Cybersecurity in the Age of Agentic AI
As artificial intelligence rapidly evolves, a powerful new category has emerged and it is called agentic AI. Unlike traditional generative models such as ChatGPT, agentic AI proactively takes action, autonomously planning, executing, and adapting to achieve specific goals. This evolution represents both extraordinary opportunities and significant cybersecurity threats.
This session explores how agentic AI differs fundamentally from large language models (LLMs), examines real-world examples, and discusses the dual-sided implications for cybersecurity, including new attack surfaces and enhanced defense strategies. Attendees will gain actionable insights into navigating these transformative technologies safely, understanding the importance of robust controls, continuous monitoring, and careful delegation of autonomous tasks.
In the session you will learn:
• What is agentic AI and how does it differ from Gen AI
• Some examples of existing agentic AI
• Concerns about agentic AI within our organizations
Catfished by Chameleons: Why Phishing Isn’t Ugly Anymore
Phishing used to be as easy to spot as a cat in a dog park: misspelled names, weird email addresses, and “urgent” requests from long-lost Nigerian princes. Those were the good ol’ days. Now? The game has changed. Meet polymorphic phishing, the slick, ever-evolving cousin of traditional phishing that can shapeshift faster than your SIEM can blink.
This isn’t just phishing 2.0. This is phishing that’s gone to the gym, changed its hair, and started wearing a disguise. It’s changed more than you have since your high school yearbook picture 20 years ago, and it’s a serious threat to even well-defended networks. Let’s dig into what makes this chameleon of cybercrime so dangerous and what we can do about it.
When no two emails look the same, even within the same campaign, and payloads are cloaked better than a Romulan warbird, how does that change our defense? We will discuss the usual suspects in the social engineering world and compare their tactics to their new Botox equipped cousins.
In this session we will discuss:
• Phishing tactics and emotional triggers
• The issues polymorphic phishing adds
• Ways to counter the new and improved attacks
The Psychology of Security: Unlocking Lasting Change with Behavioral Science
The security awareness train has left the station, but people are still clicking on phishing emails. It's time to rethink our approach. Join us for a deep dive into the fascinating world of behavioral science, where we'll explore the secret sauce for lasting change. From subtle nudges to gamified security habits, we'll examine real-world examples and research-backed tactics to help you design security programs that actually work.
We'll delve into the psychology of social engineering, exploring why humans are so vulnerable to manipulation and how to design programs that actually change behavior. We'll also discuss the importance of human risk management, including how to identify and mitigate the human factors that contribute to security breaches.
Through a combination of interactive examples, case studies, and actionable takeaways, you'll learn how to:
- Design security security programs that actually change behavior
- Use behavioral science to influence human decision-making
- Implement a human risk management program to mitigate security risks
- Leverage gamification and nudges to drive security habits
- Create a culture of security that's not just awareness, but action
Take away the insights and tools you need to drive lasting change in your organization and make security a habit, not a chore. Whether you're a security leader, awareness program manager, or simply someone who wants to make a difference, this session is for you."
Click Happens: Why Human Risk is Your Biggest Cybersecurity Threat (and Opportunity)
Let’s face it: if securing your organization was as easy as slapping a “Don’t Click That” poster on the breakroom fridge, we’d all be out of a job and phishing emails would have gone extinct with dial-up modems, but here we are, watching yet another “urgent invoice” slip past the filters and straight into someone’s inbox because, shocker, humans are still humans.
The hard truth? No matter how much we talk about zero trust and AI-powered defenses, it’s the person who clicks first and asks questions later that keeps us all up at night. The good news? Those same unpredictable humans are also your best untapped asset, if we work to nudge them in the right direction.
This fast-paced, no-holds-barred session will drag human risk management out of the compliance basement and into the spotlight where it belongs. We’ll rip apart the tired “mandatory training” rituals and look at what actually works to change behaviors (hint: it’s not more PowerPoints). Armed with the latest research, some real-world examples, and a few embarrassing stories, we’ll show you how organizations are using psychology, friendly competition, and a dash of data science to finally move the needle.
Whether you’re a CISO, HR leader, or just someone who cringes every time you see “Password123!” on a sticky note, you’ll walk away ready to champion human-centric security that actually works.
In this session, you’ll learn:
• Why most security awareness training fails (and how to fix it without putting everyone to sleep)
• The real reasons your people keep clicking—and how to spot (and measure) risky behavior before it becomes a headline
• How to harness behavioral science, data, and a bit of game theory to make security stick
• Practical, actionable strategies to turn your weakest link into your strongest defense—no “motivational” posters required
Erich Kron
Speaker, Podcast Host, Author and Social Engineering Expert
Tampa, Florida, United States
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top