CISO Tradecraft® #264 - Behavioral Insights (with Dr. Dustin Sachs)
10 snips
Dec 22, 2025 Dr. Dustin Sachs, a former deputy CISO and expert in behavioral science, dives into the complexities of human decision-making in cybersecurity. He reveals how cognitive biases and stress alter employee behavior, often undermining security efforts. Dustin advocates for designing security strategies that align with real human behavior rather than strict policies. He highlights the necessity of integrating security into developer workflows and adapting best practices for organizational contexts, showing how small behavior changes can enhance security outcomes.
AI Snips
Chapters
Transcript
Episode notes
People, Not Policies, Drive Security
- Humans make decisions under bias, fatigue, and incentives that often break security assumptions.
- Design security around actual human behavior, not idealized policy-driven behavior.
Culture, Not Tech, Sinks Projects
- Culture, not technology, usually determines digital transformation success or failure.
- Security initiatives fail when they ignore the organization's real incentives and default behaviors.
Cookie Reward Reframe Worked Wonders
- Dustin reframed a child's request: allow a cookie only after dinner to change behavior.
- The subtle semantic shift achieved both goals with less resistance and better compliance.