This is the first of a two part series covering Cybersecurity’s ABCs: Security Awareness, Behavior, and Culture. We touched on facets of Awareness in Episode 1 and Behavior in Episode 3. These two episodes cover the cybersecurity ABCs in a very pragmatic way, with this episode covering Awareness and Behavior and Episode 10 providing a deep dive into Culture.Guests for this episode include, Dr. Jessica Barker (co-CEO and Co-Founder, Socio-Technical Lead at Cygenta; author of Confident Cyber Security and co-author of Cybersecurity ABCs), Chrysa Freeman (Senior Program Manager for Security Awareness at Code42), Ian Murphy (Founder, CyberOff), and Lauren Zink (Senior Security Awareness Specialist at Boeing; author of LinkedIn Learning courses: Creating a Security Awareness Program and Building a Security Awareness Program: Phishing Simulations).Guests: Dr. Jessica Barker Chrysa Freeman Ian Murphy Lauren Zink References, Resources & Books: 5 Things You May Not Know About Security Awareness Training, by Perry Carpenter Confident Cyber Security: How to Get Started in Cyber Security and Futureproof Your Career, by Jessica Barker Cybersecurity ABCs: Delivering awareness, behaviours and culture change, by Jessica Barker, Adrian Davis, and Bruce Hallas The Dilemma: Should you phish test during the COVID-19 pandemic?, by Perry Carpenter Down the Rabbit Hole: Why People Question the Value of Security Awareness, by Perry Carpenter Do You Care More about What Your People Know, or What they Do? Coming to grips with the knowledge-intention-behavior gap, by Perry Carpenter The Fundamental Importance of Choice and Variety in Security Awareness Program Content, by Perry Carpenter G.I. Joe Public Service Announcements compilation Perry Carpenter's (ISC)2 Info Security Professional Journal 4 episode series on Security Awareness (Episode 1, Episode 2, Episode 3, Episode 4) People-Centric Security: Transforming Your Enterprise Security Culture, by Lance Hayden Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter Video: Simulated Phishing Campaign Notification for Your Users Video: Coronavirus Phishing Post-Click User Education Well Aware: Master the Nine Cybersecurity Habits to Protect Your Future, by George Finney What Reese’s Peanut Butter Cups can Teach Us about the Technology vs. Training Debate, by Perry Carpenter Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks.Artwork by Chris Machowski. Learn more about your ad choices. Visit megaphone.fm/adchoices

Risk is a funny thing – our minds are constantly looking for risk, scanning our environments and our available choices. And sometimes we do a great job at anticipating and avoiding risky situations. But that doesn’t mean that we are universally good at dealing with risk. In fact, we can be downright appalling at considering and avoiding risk.In this episode, we explore the concept of risk, why we're so bad at understanding it, and the steps we can take to improve. Perry speaks with four risk experts who will help us understand the ups and downs of how we evaluate risk. We’ll touch on everything from Black Swans to Grey Rhinos to risk frameworks, risk equations, inbuilt risk in the design of computing interfaces, and more. Featuring Michele Wucker (author of The Grey Rhino and You Are What You Risk), Christian Hunt (Founder of Human Risk), Dr. Arun Vishwanath (Founder and Chief Technology Officer of Avant Research Group), and Matt Stamper (Chief Information Security Officer and Executive Advisor at EVOTEK and co-author of the CISO Desk Reference Guides vol1 & vol2).Guests: Michele Wucker Christian Hunt Arun Vishwanath Matt Stamper Resources & Books: Black Swan Theory Grey Rhino Events Various Risk Equations Risk Perception Equation, Freakonomics 20 Cognitive Biases That Affect Risk Decision Making, SafetyRisk.net Factor Analysis of Information Risk (FAIR) Framework The Gray Rhino: How to Recognize and Act on the Obvious Dangers We Ignore, by Michele Wucker You Are What You Risk: The New Art and Science of Navigating an Uncertain World, by Michele Wucker Why are Humans Bad at Calculating Risk?, Cogency Why You're Probably Not So Great at Risk Assessment, NY Times Why the Human Brain is a Poor Judge of Risk, Wired Humans are Terrible at Assessing Risk, by Kimberly Forsythe Why We're Awful at Assessing Risk, USA Today CISO Desk Reference Guides vol1 & vol2, by Bill Bonney, Gary Hayslip, Matt Stamper Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks.Artwork by Chris Machowski. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, Perry Carpenter sits down with renowned mentalist and skeptic, Banachek. Banachek (Steve Shaw) grew up with a fascination in magic and a frustration with psychic frauds. As a teenager, he contacted magician and skeptic, James “The Amazing” Randi and ended up working with Randi on a special initiative known as Project Alpha, which set out to expose a general lack of objectivity in parapsychology research. Banachek served as the director for the James Randi Educational Foundation’s “One Million Dollar Paranormal Challenge” for 15 years and is now the President of the James Randi Educational Foundation. Perry and Banachek discuss Project Alpha, the ways of fake psychics and fraudulent faith healers, and issues associated with confirmation bias and framing effects. They also discuss Banachek’s new live mentalism show in Las Vegas, which incorporates theatrical mindreading and other mentalism effects along with a storyline that explores Banachek’s life, antics, and passion for critical thinking.Guest: Banachek (Website) (twitter): Mentalist (Performing in Las Vegas add 'social' for 30% off tickets), Skeptic, President of the James Randi Educational Foundation This episode also featured a quick comment from: George Finney: (LinkedIn); Chief Security Officer at Southern Methodist University; Founder of Well Aware Security Books and References: Banachek Wikipedia entry Project Alpha Wikipedia entry James Randi Wikipedia entry Article about Houdini's efforts to debunk fake mediums The Discoverie of Witchcraft Wikipedia entry The Psychology of the Ouija Barnum Effect Wikipedia entry James Randi & Project Alpha Video Project Alpha lookback -- James Randi and Michael Edwards Psychological Subtleties vol 1, by Banachek Behind the Scenes with the Mediums, by David Abbott The Discoverie of Witchcraft Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors by Perry Carpenter Music and Sound Effects by Blue Dot Sessions & Storyblocks.Artwork by Chris Machowski. Learn more about your ad choices. Visit megaphone.fm/adchoices

Have you ever taken time to view the world through the eyes of an attacker? Doing so is an interesting and useful exercise. Understanding the mind of an attacker is fundamental to securing your organization or aspects of your personal life. After all, if you aren't doing the job of viewing things from an attacker's perspective, that means that only the attackers are. The idea is to understand the mindset, motivations, and capabilities of a possible threat actor so that you aren’t simply oblivious to your vulnerabilities. This episode is a deep dive into attacker mindsets, we’ll hear from four experts who really know what it is to view the world through the eyes of an attacker. Featuring Chris Kirsch (DEF CON Social Engineering CTF Black Badge winner and co-founder of Rumble, Inc.), David Kennedy (Founder of Binary Defense and TrustedSec), Maxie Reynolds (Author of The Art of Attack: Attacker Mindset for Security Professionals, and Technical Team Leader, Social-Engineer, LLC), and Ted Harrington (Author of Hackable: How to Do Application Security Right, and Executive Partner at Independent Security Evaluators).Guests: Maxie Reynolds (https://www.linkedin.com/in/maxiereynolds/) David Kennedy (https://www.linkedin.com/in/davidkennedy4/) Chris Kirsch (https://www.linkedin.com/in/ckirsch/) Ted Harrington (https://www.linkedin.com/in/securityted/) Books and References: Bruce Schneier blog about the Security Mindset: https://www.schneier.com/blog/archives/2008/03/the_security_mi_1.html Origin of "Devil's Advocate": https://allthatsinteresting.com/devils-advocate-origin Lockheed Martin Cyber Kill-Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html What is Threat Modeling: https://securityintelligence.com/posts/what-is-threat-modeling-and-how-does-it-impact-application-security/ 12 Methods of threat Modeling: https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/ The Art of Attack: Attacker Mindset for Security Professionals by Maxie Reynolds Hackable: How to Do Application Security Right by Ted Harrington The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick Threat Modeling: Designing for Security by Adam Shostack Threat Modeling: A Practical Guide for Development Teams by Izar Tarandach and Matthew J. Coles Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors by Perry Carpenter Music and Sound Effects by Blue Dot Sessions & Storyblocks.Artwork by Chris Machowski. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, Perry Carpenter interviews cybersecurity guru Bruce Schneier. Perry and Bruce explore how cybersecurity is about so much more than technology — It’s about people, so we benefit by taking a multidisciplinary approach. In preparing for this interview, Perry solicited his LinkedIn network to see what questions people had for Bruce. This is a wide ranging conversation covering everything from Bruce’s thoughts on cybersecurity’s “first principles” to the impact that the pandemic had on society to need for regulation to help raise the overall standards for security and privacy.Guest: Bruce Schneier (https://www.schneier.com/blog/about/) (https://twitter.com/schneierblog) Bruce's personal website 'about me' page: https://www.schneier.com/blog/about/ Wikipedia article about Bruce Schneier: https://en.wikipedia.org/wiki/Bruce_Schneier Another background article about Bruce: https://www.cybersecurityeducationguides.org/bruce-schneier-legendary-cryptographer/ More Background on Bruce: http://academickids.com/encyclopedia/index.php/Bruce_Schneier Bruce's Solitaire encryption algorithm: https://www.schneier.com/academic/solitaire/ More info on the Solitaire algorithm: https://www.schneier.com/blog/archives/2019/10/more_cryptanaly.html Proximity Blindness: https://dannyozment.com/cant-see-the-forest-for-the-trees-the-dangers-of-proximity-blindness-2/ The story of the Blind Men and an Elephant: https://en.wikipedia.org/wiki/Blind_men_and_an_elephant Cryptography After the Aliens Land: https://www.schneier.com/essays/archives/2018/09/cryptography_after_t.html Secrets and Lies book preface with "If you think" quote: https://www.schneier.com/books/secrets-and-lies-pref/ "if you think cryptography" quote: https://news.ycombinator.com/item?id=19589899 Recommended Books (Amazon affiliate links): Applied Cryptography: Protocols, Algorithms and Source Code in C, by Bruce Schneier Beyond Fear: Thinking Sensibly About Security in an Uncertain World, by Bruce Schneier Click Here to Kill Everybody: Security and Survival in a Hyper-connected World, by Bruce Schneier Cryptography Apocalypse: Preparing for the Day When Quantum Computing Breaks Today's Crypto, by Roger Grimes Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, by Bruce Schneier Liars and Outliers: Enabling the Trust that Society Needs to Thrive, by Bruce Schneier Secrets and Lies: Digital Security in a Networked World, by Bruce Schneier Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors by Perry Carpenter Music and Sound Effects by Blue Dot Sessions & Storyblocks.Artwork by Chris Machowski. Learn more about your ad choices. Visit megaphone.fm/adchoices

Have you ever noticed how fundamental deception is to the human condition? Deception and forms of social engineering have been with us since the beginning of recorded history. And yet, it seems like we are just as vulnerable to it as ever. But now the stakes are higher because technology allows social engineers to deceive at scale.This episode explores the psychology of deception, provides a foundation for understanding social engineering, offers a few mental models for exploration and exploitation, and discusses how we can prepare our mental defenses.Guests: Rachael Tobac: (LinkedIn), CEO of SocialProof Security Chris Hadnagy: (LinkedIn); CEO of Social Engineer, LLC; Founder of Innocent Lives Foundation; Founder of Social-Engineer.org Lisa Forte: (LinkedIn); Partner at Red Goat Cyber Security; Co-Founder Cyber Volunteers 19 George Finney: (LinkedIn); Chief Security Officer at Southern Methodist University; Founder of Well Aware Security Notes & Resources: CSO Online article on Social Engineering OODA Loop Understanding Framing Effects More examples of Framing Effects Harvard Business Review article on the Principles of Persuasion A blog series I did on Deception (Part 1), (Part 2). PsychologyToday article on Social Engineering Recommended Books (Amazon affiliate links): The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick Ghost in the Wires: My Adventures as the World's Most Wanted Hacker by Kevin Mitnick Human Hacking: Win Friends, Influence People, and Leave Them Better Off for Having Met You by Chris Hadnagy Influence, New and Expanded: The Psychology of Persuasion by Robert Cialdini Pre-Suasion: A Revolutionary Way to Influence and Persuade by Robert Cialdini Practical Social Engineering: A Primer for the Ethical Hacker by Joe Gray Social Engineering: The Science of Human Hacking by Chris Hadnagy Thinking, Fast and Slow by Daniel Kahneman. Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors by Perry Carpenter Well Aware: Master the Nine Cybersecurity Habits to Protect Your Future by George Finney Music and Sound Effects by Blue Dot Sessions & Storyblocks.Artwork by Chris Machowski. Learn more about your ad choices. Visit megaphone.fm/adchoices

Ever wrestled with the fact that people often make horrible security decisions even though their employers have security awareness programs in place? It's often because we assume that being aware of something should naturally result in better behavior. Well... that's not the case. This episode takes a deep dive into the knowledge-intention-behavior gap where we are confronted with three realities of security awareness. And those realities lead us to the realization that we need to focus on behavior.Guests for this episode are all leaders in the fields of Behavioral Science. They are, BJ Fogg, Ph.D., author of Tiny Habits: the Small Changes that Change Everything, Matt Wallaert, author of Start at the End: How to Build Products That Create Change, and Alexandra Alhadeff, co-author of Deep Thought: A Cybersecurity Story.Guests: BJ Fogg, Ph.D.. -- Behavior Scientist & Innovator at Stanford University. (Personal website) Author of Tiny Habits: The Small Changes That Change Everything. (Amazon link) Matt Wallaert -- Head of Behavioral Science at frog (a Capgemini company). Author of Start at the End: How to Build Products That Create Change (Amazon link) Alexandra Alhadeff -- Behavioral Scientist & Product Manager at The Fabulous. (Personal website) Notes & Resources: BJ Fogg testimony to the 2006 US Federal Trade Commission about the dangers of persuasive technology. Fogg Behavior Model About Nudge Theory Multiple examples of Nudging Great catalog of Dark Patterns Ideas42 cybersecurity-related behavioral science research. Deep Thought: A Cybersecurity Story, by Ideas42. Recommended Books (Amazon affiliate links): Tiny Habits: The Small Changes That Change Everything, by BJ Fogg, Ph.D. Start at the End: How to Build Products That Create Change, by Matt Wallaert Nudge: Improving Decisions About Health, Wealth, and Happiness, by Richard Thaler and Cass Sunstein Inside the Nudge Unit: How Small Changes Can Make a Big Difference, by David Halpern Evil by Design: Interaction Design to Lead Us into Temptation by Chris Nodder Thinking, Fast and Slow by Daniel Kahneman. Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors by Perry Carpenter. Music and Sound Effects by Blue Dot Sessions & Storyblocks.Artwork by Chris Machowski. Learn more about your ad choices. Visit megaphone.fm/adchoices

This is an episode about the battle for truth. As disinformation, misinformation, malinformation, and conspiracy theories seem to be hitting epidemic levels, how can we help each other determine what is real and what is fake? How can we help people who are falling down conspiracy rabbit holes? And what roles do technology companies, governments, and ordinary citizens play?Perry Carpenter speaks with acclaimed cybersecurity expert, Bruce Schneier, disinformation experts, Samantha North and Allie Wong, and conspiracy theory researcher, Mick West. In this episode, we also hear from Peter Leyden from Reinvent and Eli Periser, author of The Filter Bubble.Learn more about our guests here: Bruce Schneier - Internationally renowned security technologist, author, and speaker. You can find Bruce's website here. Allie Wong - VP of Mis/dis/mal-information, Response and Resiliency, Limbik; Consultant, United Nations Institute for Disarmament Research. (LinkedIn) Samantha North - Disinformation researcher and consultant. (LinkedIn) Co-Founder: North Cyber Research (website) Mick West - Skeptical investigator and retired video game programmer. Creator of the websites Contrail Science (website) and Metabunk (website). Author of Escaping the Rabbit Hole: How to Debunk Conspiracy Theories Using Facts, Logic, and Respect (link). Personal website (link). Special thanks to Reinvent for allowing use of audio.References: http://reinvent.net/events/event/how-we-can-pop-the-filter-bubble-with-eli-pariser/ https://reboot-foundation.org/study-social-media-poor-judgment/ https://reboot-foundation.org/is-there-a-fake-news-generation/ Recommended Books (Amazon affiliate links): Escaping the Rabbit Hole: How to Debunk Conspiracy Theories Using Facts, Logic, and Respect by Mick West. Click Here to Kill Everybody: Security and Survival in a Hyper-connected World by Bruce Schneier. The Filter Bubble: How the New Personalized Web Is Changing What We Read and How We Think by Eli Pariser. Thinking, Fast and Slow by Daniel Kahneman. Why Are We Yelling?: The Art of Productive Disagreement by Buster Benson. The Righteous Mind: Why Good People Are Divided by Politics and Religion by Jonathan Haidt. Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors by Perry Carpenter. Music and Sound Effects by Blue Dot Sessions & Storyblocks.Artwork by Chris Machowski. Learn more about your ad choices. Visit megaphone.fm/adchoices

This episode explores the concept of “Trojan Horses for the Mind.” There are four Trojan Horses. They are: emotion, sound, visuals, and words/story. Using these Trojan Horses will help us increase the signal to noise ratio in our communications, bypass mental defenses, and embed messages within the minds of our audiences.To explore the concepts related to this, Perry speaks with voice actor, writer, and producer, Rob McCollum; author, marketer, and storytelling expert Joe Lazauskas; and executive storyteller coach and trainer, Stephanie Paul.Learn more about our guests here: Rob McCollum -- Voice actor, script writer, director, producer (LinkedIn). Rob's IMDB page. Joe Lazauskas -- Head of Marketing at Contently. Author of, The Storytelling Edge. LinkedIn. Amazon affiliate link to book. Stephanie Paul -- Executive Storyteller, Coach, Speaker, and Trainer (LinkedIn). Stephanie's website. Resources:Special offer: Stephanie Paul is offering a $5.00 discount off her book, The WhyGuide to Storytelling. Just visit here and use the coupon code HACK4U at checkout.For more about the Trojan Horses for the Mind, check out Perry’s book, Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors.Amazon affiliate links to books mentioned: The Storytelling Edge Save the Cat! Transformational Security Awareness Music and Sound Effects by Blue Dot Sessions & Storyblocks.Artwork by Chris Machowski. Learn more about your ad choices. Visit megaphone.fm/adchoices

Coming May 25, 2021. Get ready for a deep dive into what cybersecurity professionals often refer to as the "8th Layer" of security: HUMANS. This podcast is a multidisciplinary exploration into how the complexities of human nature affect security, risk, and life. Author, security researcher, and behavior science enthusiast Perry Carpenter taps experts for their insights and illumination. Topics include cybersecurity, psychology, behavior science, communication, leadership, and more. Learn more about your ad choices. Visit megaphone.fm/adchoices