Defense in Depth

Security That Accounts for Human Fallibility

Mar 30, 2023

This podcast discusses the need to build security programs that account for human fallibility and why users should be educated instead of managed. It also highlights the importance of creating a culture of psychological safety, protecting employees, and understanding normal behavior for identifying security risks. Additionally, the speakers emphasize the responsibility of users to handle data securely and the significance of user experience and easy security processes.

31:55

Creator website

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Building security programs that account for human behavior is crucial to effective cybersecurity.

Creating a culture of psychological safety and empowering users leads to better compliance and increased security.

Deep dives

Building Security Programs to Account for Human Behavior

Building effective security programs that account for human behavior is crucial. Many scams and attacks are designed to trick people, so it is important to understand that users will inevitably make mistakes. Instead of blaming and managing users like children, security practitioners should focus on educating and empowering them as accountable adults. The expectations we have on our users need to be clear, and security programs should be designed to support them rather than punish them. Additionally, systems should be designed to account for human failure and manage the containment of attacks.

Introduction

4min

Human Failure in Cybersecurity

10min

Protecting Employees and Changing the Security Conversation

4min

Creating a Culture of Psychological Safety and Understanding Normal Behavior

7min

User Responsibility and Smooth User Experience

3min

Importance of User Experience and Security Processes

5min

All links and images for this episode can be found on CISO Series.

We expect our users to be perfect security responders even when the adversaries are doing everything in their power to trick them. These scams are designed to make humans respond to them. Why aren't we building our security programs to account for this exact behavior that is simply not going to go away?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Ken Athanasiou, CISO, VF Corporation.

Thanks to our podcast sponsor, Code42

In this episode:

Why do we expect our users to be perfect security responders even when the adversaries are doing everything in their power to trick them?
Aren’t these scams designed to make humans respond to them?
Why aren't we building our security programs to account for this exact behavior that is simply not going to go away?
Why do so many security practitioners treat our users as children to be managed instead of adults to be educated and assigned a level of accountability?

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Defense in Depth

Security That Accounts for Human Fallibility

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Building Security Programs to Account for Human Behavior

Balancing Accountability and Support for Users

Understanding User Behavior and Designing Effective Controls

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Defense in Depth

Security That Accounts for Human Fallibility

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Building Security Programs to Account for Human Behavior

Balancing Accountability and Support for Users

Understanding User Behavior and Designing Effective Controls

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights