Drs. Sukamol Srikwan and Markus Jakobsson developed SecurityCartoon.com in 2006 as an approach to improve security awareness and understanding among typical Internet users. The material is supported by their insights into computer security, deceit psychology and learning. The approach has been documented in a recent scientific journal ("Using Cartoons to Teach Internet Security", Cryptologia, vol. 32, no. 2, 2008) and in a book chapter (chapter 13 of Crimeware, Symantec Press, 2008).
In 2007, Srikwan and Jakobsson founded Extricatus, LLC, a Mountain View, CA company. Extricatus' charter is to improve security messaging and reduce security vulnerabilities due to social engineering and human error, two of the leading causes to security breaches. Among their clients are five Fortune-500 companies, and several European and Latin American companies concerned with the rising tides of online fraud.
Sukamol Srikwan has unusual insights into how typical computer users relate to threats. She also possesses illustration skills and a passion for public education. She has a PhD from University of California at San Diego. She is currently a visiting researcher at Palo Alto Research Center and an Adjunct Assistant Professor of Informatics at Indiana University. She has worked at the two most prominent Thai universities, Chulalongkorn University and Mahidol University, and has served in an advisory position to various Thai scientific agencies.
Markus Jakobsson has a background in applied computer security, and a life-long interest in fraud and countermeasures. He is currently Principal Scientist at Palo Alto Research Center, and CTO of RavenWhite Inc. Prior to his current position, he was Associate Professor at Indiana University, Principal Research Scientist at RSA Laboratories, Member of Technical Staff at Bell Laboratories, and Adjunct Associate Professor at New York University. He holds a PhD from University of California at San Diego.
Some people believe that security education is pointless, and that technology alone can address security problems. They point to previous failures to communicate important advice, and argue education is like nailing jelly to the wall. Others, mostly people who read source code, underestimate the difficulties normal Internet users have in making meaningful security decisions, and think that it is just a matter of paying attention. We disagree with both. Security education is important and possible. But it is not easy. To hear more about our beliefs, listen to Bill and Bob's recent Security Hype Podcast (http://www.securityhype.com/blog/archives/32).
We are grateful for the overwhelmingly positive feedback we are receiving from people who think we are addressing an important problem in a meaningful way. We hear from individuals, from representatives of educational institutions, governments, financial institutions, and companies of various sizes. People write to praise, make requests for new material, and ask how they can use our material. Some write with requests to translate our cartoons, others ask us to help them redesign their client education.