• The disturbing trend of cutbacks leading to greater risks.
• The need to do initial organizational assessments before applying security controls
• Security inadequacies stemming from a "compliance" mentality
• How technology-oriented business drivers are leaving security and privacy considerations behind
• Why off the shelf products require increased focus on security awareness
• Economic influences on employee likelihood of becoming insider threats
• What types of cutbacks are organizations making that are potentially dangerous?
• Rationalizing security as a "foundation" investment instead of an unnecessary expense
• Compliance with regulations is not sufficient for most businesses
• How are the most regulated industries doing with security and privacy?
• How awareness affects quality and mistakes
• How management's skepticism about training becomes a self-fulfilling prophecy if they skimp on quality
• How training quality can be improved
• How much can you expect people to remember from a single class?
• How to make training content stick over time
• Why measurement of student retention is important in getting good results
• How the Honey Stick Project relates to measuring security awareness
• Rebecca's "Protecting Information" newsletter's metrics tips
• The impact of being able to show metrics
• What about the new US government's position on information security and privacy going forward?
• Should Obama be able to keep his Blackberry?
• Electronic Health Records (EHR) and Medical identity theft
• Rebecca's eye-opening experience, and the importance of "knowing your audience's motivations and objectives" when talking about security
• Why executives aren't hearing IT people's messages about security
• Innovative approaches to security training that have provided good results for Rebecca

If you listen to it, please let me know what you think! I always welcome feedback.