Re-thinking The Human Factor with Bruce Hallas

Marmalade Box
undefined
Feb 25, 2020 • 1h 6min

Applying Marginal Gains One Small Step At A Time, with Chris Fleming

Applying Marginal Gains One Small Step At A Time, with Chris Fleming. Chris Fleming steps in to join us for Series 3, Episode 3 of the Re-Thinking the Human Factor Podcast.  If you have been with us here for sometime you will know we strive to bring you the highest caliber guests for your listening delight.  After hearing Chris do an incredible presentation at the SANS conference on marginal gains (you all know how much we here at the podcast love those marginal gains) we knew he would be the perfect guest to bring on the show. Chris studied accounting and finance, but made a career change and is currently acting as Senior Manager of Global Security Culture & Awareness at an international insurance company. His approach to internal security is firmly rooted in understanding human behaviour to bolster security from within with both compassion and empathy.  To put it in Chris’s own words he is: ‘responsible for strengthening the human firewall...one nudge at a time.’    “Big gains can become apparent when small, incremental improvements are made across the board. In today’s interview we’ll be discussing how the various parts of the whole can be upgraded one small step at a time.”   JOIN CHRIS FLEMING AND BRUCE HALLAS AS THEY DISCUSS: Factoring human behaviour in to security procedure can allow a more empathetic reaction to security issues. Malicious insider risk, the human angle. Is a thief always just a bad egg?  Human behaviour can be affected by changes in external influences. Understanding these can create a better security culture. Creating a stronger network within internal security via education and the building of awareness, can open up the possibility of preventing internal risk. Internal support systems can be set up to help employees deal with difficulties. Small changes in the way issues are dealt with can have a huge impact. The importance of being well read to expand your knowledge.  How the aggregation of marginal gains can help you achieve your larger goal - When the British Cycling Team hired Dave Brailsford as its new performance director he changed tiny details within the teams cycling regime to change performance. Marginal gains is the concept of breaking down every single part of a whole to work on improving them individually, by as little as 1%. How simply changing a pillow had a knock on affect. The main hurdles we face when trying to apply change across a large company - When you as a team are tasked to change the security culture across an organisation it is a huge job and usually comes with little budget. A lack of manpower can be overcome by using the concept of aggregated marginal gains. Takeru Kobayashi, a professional speed eater, made incremental changes to improve his performance, breaking world records against all odds. Finding opportunities to apply material gains within security and awareness. Communications need little manpower or budget to be tackled. Simply changing the way an email is sent can reap measurable gains. Choosing your words wisely, language impacts response. Randomised controlled trials, otherwise known as AB testing, and how these help you fine tune your process.   Low risk and low investment — maximum rewards. A great compliment to larger initiatives.   RESOURCES AND TOPICS FOR FURTHER STUDY Dave Brailsford  Atomic Habits by James Clear The Kaizen Method   MORE ABOUT CHRIS FLEMING: Chris Fleming   Please subscribe to the podcast in iTunes, and if you enjoyed this interview, please share with your friends and colleagues and leave a 5 star rating and review.   Thanks for listening and sharing.   Bruce & The Re-thinking the Human Factor Podcast Team
undefined
Feb 18, 2020 • 1h 11min

What Security Awareness Professionals Can Learn From Marketers and Understanding the Customer Journey, with Kenda MacDonald

What Security Awareness Professionals Can Learn From Marketers and Understanding the Customer Journey, with Kenda MacDonald.   Kenda MacDonald joins us in the hot seat for Series 3, Episode 2 of the Re-Thinking the Human Factor Podcast. We are absolutely thrilled to have Kenda MacDonald on the show today. As I’m sure you’ll agree, she has the knack for pulling things together in a way that is easy for you, the listener, to understand and digest. We could have talked all day but we managed to stop ourselves….. just.   Formerly a forensic psychology major, Kenda MacDonald is now an award winning business owner, and the award winning author of ‘Hack The Buyer Brain’. Kenda is the founder and CEO of Automation Ninjas, and she sees her mission as helping forward thinking businesses get better quality leads that convert better, for happier customers that come back and spend more. The key to this is combining buyer psychology and marketing automation.   In our show today, we're going to dive into what we in the security awareness profession can glean from insights provided by marketers such as Kenda and their understanding of human behaviour and decision-making.   "It is incredibly important to know your target market and make sure they keep on coming back for more, and with so much data available to businesses these days, there really has never been a better time to do so."   JOIN KENDA MACDONALD AND BRUCE HALLAS AS THEY DISCUSS: The importance of making the time to tailor your customer journeys via understanding why and how your customers stay the long haul with you as a business provider — whilst remaining ethically tethered.  And how this can be applied to marketing and implementing your security awareness. How does knowing human behaviour and conscious consumerism aid your business? Prevent choice paralysis. Being able to cater directly to an individual and know whether to offer them ‘A’ or ‘B’ saves time and money for both you and your users. How giving people conscious choices they will want to make, for the benefit of all, can help get things done. A happy, fulfilled customer is bringing you, the service provider, customer lifetime value via loyalty and advocacy. Building your ambassador network by learning from how it is done in marketing loyalty schemes. Customer Lifetime Value: The benefits of a lifetime customer versus a one off purchaser, and what we can learn from this. Time viewed as a lifetime value. Gaining value via full attention and usage of apps.  It’s far more cost effective to spend time getting to truly know your audience, rather then thrashing about in the dark. Give people a positive experience with little friction and they will help to generate corporation and seed new awareness within the culture around them. The importance of data gathering when trying to shape human behaviour. Humans have developed to be social animals. They have group identities and labels whether they like to admit it or not. Like attracts like and stereotypes do exist. The Customer’s Journey can be applied when implementing security awareness-  The customer’s journey is everything a consumer has to do along a path to buy and utilise a product. Avoid making the mistake of forgetting about the fact that purchasing something is only one part of a long journey as a consumer. By utilising customers’ ‘moments of truth’ you gain more lifetime value from them.  Understanding mental biases -  The brain creates a great deal of rule sets to help it make sense of the reality around it.   A cognitive bias is a systematic error in thinking that affects the decisions and judgments that people make. Some of these biases are related to memory. The individual can develop a bias towards a product or service due to recent repetition of exposure to it. The brain likes availability and ease of use. Marketing security more effectively and driving behaviour using the Heroes Journey -  Craft content to make your user feel like a hero in their own story,  Validate with data to see if your users are looking for the content you are providing. How gathering data helps you understand the wants and desires of your customers to aid you in bringing them their happily ever after.   RESOURCES AND TOPICS FOR FURTHER STUDY Hack The Buyer Brain A Prescription For Cutting Costs The Availability Bias The Sunk Cost Fallacy   MORE ABOUT KENDA MACDONALD: LinkedIn https://www.automationninjas.com/   Please subscribe to the podcast in iTunes, and if you enjoyed this interview, please share with your friends and colleagues and leave a 5 star rating and review.   Thanks for listening and sharing.   Bruce & The Re-thinking the Human Factor Podcast Team
undefined
Feb 11, 2020 • 1h 7min

Reducing Cyber Risk By Reducing Friction, with Jason Hoenich

Reducing Cyber Risk By Reducing Friction, with Jason Hoenich Jason Hoenich joins us as we return for Series 3, Episode 1 of the Re-Thinking the Human Factor Podcast. We are glad to be back after our hiatus having made a few changes to the podcast that we hope will add value and increase our reach so we can continue making security and behaviour awareness an engaging topic for all. Both a security vendor and a sponsor of this podcast, Jason is a leader in the security awareness arena and a well-known speaker and blogger on the subject of awareness. He is the creator of the popular Hashtag Awareness video series and he brings over a decade of experience developing world-class awareness programs for companies including The Walt Disney Company, Activision Blizzard, and Sony Pictures Entertainment. Currently the President of Habitu8.   ‘We live in the age of ‘Peak TV’ — people expect and demand high quality, binge-worthy content. If your training can grab their attention in the first 10 seconds and keep them engaged, that’s your chance to influence them and make them actually want to learn.’ - Jason Hoenich.   JOIN JASON HOENICH AND BRUCE HALLAS AS THEY DISCUSS: What challenges does one come across when applying security awareness across a behemoth such as Disney? The importance of flexibility when addressing different types of professionals coming from different mind sets. Left brain versus right brain professionals need different methods of communication. How flexibility enabled a safe space to explore new ideas and growth within user engagement. The challenges of influencing behaviour within specific environments.  Looking for friction within different departments and accepting the reality that one cap does not fit all. Understanding each department within an environment personally by spending time to observe the way they prefer communications to be presented. The issue of time when taking a more nuanced approach to security across departments: Dealing with company preconceptions about how security and behaviour awareness looks. There is a need to market security correctly to get people to change their behaviour. Making decisions easy for user engagement.  Setting expectations that are realistic is vital to the success of the mission to update security protocols across a company.  Identifying stake holders and how it aids success: The foundational action is to engage key stake holders early on for optimum results.  Corporate communications need to be brought into alignment quickly and painlessly. Selling the broader strategy and strengthening the internal ambassador network. The importance of change and how to tackle bias. Looking for ways to make communications more engaging. Crafting media to suit the audience and appeal to their attention span. How does staying fresh and relevant effect engagement?  The famous ‘jam experiment’ and what can be gleaned from it. Choice architecture and applying it to security and human behaviour. A small amount of high quality choice equals a greater reaction. Understanding whether or not the process makes sense to the users to remove any friction. Role of regulators -  Just because the law says it must be done, does this mean it gets done?  Are regulations aiding the job of security awareness and education managers and is there any room for creativity? We cannot treat humans the same way we treat computers and the digital realm. Human behaviour needs to be accounted for. Reducing the risk of noncompliance via applied understanding of human behaviour.   RESOURCES AND TOPICS FOR FURTHER STUDY https://scottfenstermaker.com/too-much-choice-the-jam-experiment/ bruce.hallas@marmaladebox.com https://www.marmaladebox.com/training/   MORE ABOUT JASON HOENICH LinkedIn https://www.habitu8.io/   Please subscribe to the podcast in iTunes, and if you enjoyed this interview, please share with your friends and colleagues and leave a 5 star rating and review.   Thanks for listening and sharing.   Bruce & The Re-thinking the Human Factor Podcast Team
undefined
Jun 6, 2019 • 1h 19min

Effective Leadership and Successful Organisational Change, with John P. Kotter

The Road to Effective Leadership and Successful Organizational Change, with John P. Kotter   John P. Kotter joins us on the show for episode 25 of the Re-Thinking the Human Factor Podcast.   We know that while some of our listeners will see his name and ask themselves, “Who?”,  those who are familiar with John P. Kotter’s work will be asking, “How?”. As in, ‘How did they get him on the podcast?’. Wherever you find yourself on the spectrum, we are very excited to bring you this interview with someone whom we consider to be a living legend.   John P. Kotter is regarded by many as the authority on leadership and change. He is a New York Times best-selling author, award winning business and management thought leader, business entrepreneur, inspirational speaker and Harvard Professor. Kotter’s ideas, books, speeches, and company, Kotter International, have helped mobilise people around the world to better lead organisations, and their own lives, in an era of increasingly rapid change.   Change management is an area in cyber security that requires consistent learning, creativity, re-tooling, and re-thinking. We know that. So we are excited to share this pertinent interview with you today. JOIN JOHN KOTTER AND BRUCE HALLAS AS THEY DISCUSS: The importance of having time for reflection in order to bring about clarity of thought. Clarity is the door to creativity, curiosity, innovation, and ultimately, change. We have two systems operating at a subconscious level - Survival Mode, a system developed over time to help us identify and respond to threats quickly in order to to ensure survival. Thrive mode, which is the brain’s system for recognising opportunity and is most likely responsible for our species emerging from the Savannah and from caves. Understanding these two modes is important. An organisation whose leaders and workers operating most often in Survival Mode will have a far more difficult time accessing the clarity and creativity that Thrive Mode affords us. This ultimately means that change and innovation will be more difficult to accomplish in those organisations. What factors are present in organisations that have successfully implemented organisational changes vs. those that fail to meet their objectives. Understanding various barriers to change, such as - How our dominant survival trait when married with desire for consistent output creates an environment where change is difficult Complacency, a huge barrier to change False urgency, which is driven by the Survival system The power of a Guiding Coalition to help achieve organisational change and the difference between that style of leadership vs. traditional management styles Best practice around communication - Emotional communication is more sticky than dry, non-emotional messaging. Interestingly enough, a person with buy-in for an idea is more likely to naturally convey emotion when speaking about the idea than the one who is going along because he/she has to do so. Frequency is also key to making messages stick Communicating ideas in various ways helps ensure the message is picked up by lots of different people Enabling situations where quick wins are possible for an organisation is a necessary practice for a few reasons - Establishing credibility for a change initiative is a huge issue at the beginning of the change process, and quick wins establish the necessary trust in an idea so that buy-in is possible. Quick wins then enact the Thrive System in the brain when the brain receives feedback that progress is being made. A series of wins keeps the Thrive System running and helps people to hang in for the long haul of proposed change.   RESOURCES AND TOPICS FOR FURTHER STUDY Guiding Coalitions The availability heuristic bias Survival Mode vs. Thrive Mode   MORE ABOUT JOHN P. KOTTER: LinkedIn   Please subscribe to the podcast in iTunes, and if you enjoyed this interview, please share with your friends and colleagues and leave a 5 star rating and review.   Thanks for listening and sharing.   Bruce & The Re-thinking the Human Factor Podcast Team
undefined
May 23, 2019 • 59min

What children's books can teach us about changing behaviour, with Todd Courtney

What children's books can teach us about changing behaviour, with Todd Courtney   Welcome to episode 24 of the Re-Thinking the Human Factor Podcast. Joining us on the show today is Todd Courtney, an author who has created a series of children’s books in partnership with his wife that are scientifically based and geared towards instilling children with healthy mindsets and positive behavioural circuitry. The catch is that behavioural patterns are almost completely solidified in the brain by the age of 7. Todd and his wife have created several children’s books with the goal of helping create balance in the minds of children. The aim is create balance between the messaging their young readers receive from their environment and personal relationships, with an inner neural network and idea landscape composed of positive affirmations and behaviours.   JOIN TODD COURTNEY AND BRUCE HALLAS AS THEY DISCUSS THE FOLLOWING: How the Max Rhymes books help instill positive behavioural patterns in young children. Cultural differences in how one’s “truth” is understood and how that truth effects behaviour. The influence of one’s close circle of friends or family on one’s truth, and how that might relate to groups in a work environment. Studies around behavioural influence initiatives and their effectiveness necessitate long-sightedness and patience to achieve accurate metrics and positive results. Only 1 / 10 adults ever change their behavioural patterns. Change must come from within, and change imposed from without will be met with resistance. How governments and other stakeholders in the industry are trying to educate children about internet usage safety and other topics around educating children.   RESOURCES MENTIONED How to be Idle by Tom Hodgkinson Culture and Security with Gert Jan Hofstede (Re-Thinking the Human Factor, Episode 6) Heather, Chase, and the Cynja Comic Series (Re-Thinking the Human Factor, Episode 2)   MORE ABOUT TODD COURTNEY: Max Rhymes Website LinkedIn   Please subscribe to the podcast in iTunes, and if you enjoyed this interview, please share with your friends and colleagues and leave a 5 star rating and review.   Thanks for listening and sharing.   Bruce & The Re-thinking the Human Factor Podcast Team
undefined
May 9, 2019 • 1h 4min

How to develop a security culture, interview with Gert Jan Hofstede

How to develop a security culture, interview with Gert Jan Hofstede Understanding the role of culture is crucial if we want to develop a security culture. Especially if we want to have a realistic chance of influencing behaviour, which is probably why we're wanting to develop a security culture in the first place. This is because culture is like a body of water. If you come at the water from high above at too high a velocity with a massive, weighty body of change, the body of water will act like a slab of concrete.  You'll get a very different response, however, if you approach the water from a closer range, at a slower speed and with something more streamlined. You’ll glide through to the underside of the water and be able to explore the intricate inner-workings of the ecosystem contained within. It’s that understanding which will guide your cyber security awareness, behaviour, and culture initiatives towards a greater chance of success.     Gert Jan Hofstede joins us for a second time on the show for Episode 23 of the Re-Thinking the Human Factor Podcast. Gert Jan is a population biologist and social scientist hailing from the Netherlands. His research and publications have provided many with deeper understanding in the areas of cultural evolution, societal change, cultural stability, and how those forces interact with and have influence upon one another. Gert Jan is also known for his work in social simulation as well as for a number of books he has co-written with his father, Geert Hofstede.     “This is where culture is really at its most useful. To know that similar social results… to take a group where it should go, have to be reached by different ways by different routes in different cultures.”     JOIN GERT JAN HOFSTEDE AND BRUCE HALLAS AS THEY DISCUSS: Brexit, and drawing a comparison between the importance of understanding the cultural dimensions at play in Britain, and likewise, the cultural forces at play in one’s organisation.   The importance of recognising and acknowledging that we don’t even recognise our own cultural biases and the errors that lack of understanding of ourselves can cause.   Increased usage of the word 'culture', especially in job titles, as companies strive to develop a security culture.   How the meaning of the word 'culture' can easily differ from organisation to organisation depending on the broader cultural context of the society in which the organisation is situated. This is because the social and technical systems of an organisation are dovetailed in everyday behavioural dynamics   Along with being cognisant of cultural differences, we also needs to learn how to properly interpret those differences. We have to remember that our brains naturally make quick decisions about people and groups, who’s in and who’s out.   Has culture evolved to help us address our deep seated anxiety about the unknown?   The status quo bias - that people stay rooted in doing what they normally do until it gets to the point where it’s a disaster.   You can’t change the culture of a society, but you can change the culture of an organisation, but it’s very hard and takes time.   Influencing an existing culture vs. creating a new security culture, and whether or not one can or should develop a security culture that's separate.   Values dimensions and using a whistleblower. This is an example of how values can influence societal responses to these kinds of people in differing ways depending on the values of the culture within which the whistleblower is situated.   Using a cultural framework to look at incidence reporting in which people report on themselves for their mistakes.   A helpful tip for those working in multicultural environments for working through the behavioural differences they experience.     “I think there’s nothing better than international experience with reflection.”     RESOURCES AND LINKS FOR FURTHER RESEARCH: Gert Jan Hofstede’s first appearance on the Re-Thinking the Human Factor Podcast   MORE ABOUT GERT JAN HOFSTEDE: LinkedIn Website   Please subscribe to the podcast in iTunes, and if you enjoyed this interview, please share with your friends and colleagues and leave a 5 star rating and review.   Thanks for listening and sharing.   Bruce & The Re-thinking the Human Factor Podcast Team
undefined
Apr 25, 2019 • 1h 7min

Eliciting Intrinsic Motivation and Reframing Problems, with Rachel Lawes

Eliciting Intrinsic Motivation and Reframing Problems, with Rachel Lawes   Rachel Lawes joins us for Episode 22 of the Re-Thinking the Human Factor Podcast. Rachel gave a fantastic interview back in Series one of the podcast, and if you haven’t had a chance to listen yet, please check it out here when you’re able. We’ve received feedback from a few people recently about how they were really blown away by what Rachel had to say about semiotics as well as how she spoke more broadly about branding, behaviour, and the role of semiotics in behaviour and culture.    Rachel is the author of some of the earliest published papers in semiotics and she’s proud to have been involved at a time when it was first emerging in the UK. She uses it, and her academic background in social science, to rejuvenate brands, innovate products and services and steer comms. She conducts research projects using semiotics, ethnography and discourse analysis. She delivers training for client side and agency users, and she supplies consultancy to ad agencies and large branding agencies. She also works with universities because she loves to teach.   “People are shocked at what they fall for when they think they’re actually defending themselves…”   JOIN RACHEL LAWES AND BRUCE HALLAS AS THEY DISCUSS: Some clever and engaging videos created by airlines as well as one created by Burger King that featured Snoop Dog, the difference between having an engaging comms piece vs. one that actually elicits behavioural change, and budget issues many cyber security awareness professionals are up against when it comes to the creation of engaging awareness materials. Thinking of Security as a product, almost from a branding or marketing sense. The fact that humans get used to information they see over and over, so it is important to consistently apply innovation to crafting awareness and training materials. Film, audio, visual approach to creating awareness and training campaigns and whether or not there’s a better way to accomplish the same goal. The use of incentives within awareness and training campaigns - do they work? If not, what’s a better way to elicit engagement and behaviour change from campaigns? Extrinsic vs. intrinsic motivation, and which is more effective in catalyzing behaviour change. How science has shown that intrinsic motivation is more long-lasting than extrinsic motivation, but for many organizations, a good portion of their awareness budget is spent on incentives, which are extrinsic in nature. With budgets being an issue, would it not be better to spend the money on something that would have an intrinsically motivating effect? It’s possible that incentives have their place to accomplish short-term, tactical awareness measures. However, heads of organizations must be communicated with regarding the short-term nature of the incentives program for which they they are approving money, and they also need to know to be prepared for the need for longer-term, intrinsic measures to be funded. The fact that some operate on the model that use of fear, uncertainty, and doubt as scare tactics are going to get people’s attention (a practice based on a study of Maslow’s “Hierarchy of Needs” concept). Rachel has a different take on this, though, and health campaigns geared towards getting folks to stop smoking stand as a shining example of what she has to say. Bruce also posits that instead of fear, cyber security professionals should create policies that are easier to accomplish than those that were enacted previously. Alleviating friction, alleviating the heaviness (fear / uncertainty) of a policy actually increases the likeliness of compliance. The environment in which people are making decisions about whether or not to comply with a policy will have triggers. Those triggers, when they are triggered, are going to increase the likelihood that people aren’t going to choose to comply.  So, understanding the environment first, and understanding that we make choices in that environment, are core parts of what cyber security professionals must do. The difference between telling people what they need to do vs. telling people what they need to do and explaining why. That awareness and training managers should use the word “DON’T” as little as possible when explaining policies and procedures, while a more successful approach will be to  explain what people should “DO”.     RESOURCES AND LINKS FOR FURTHER RESEARCH: Semiotics ISC2 Maslow’s hierarchy of needs pyramid Allen Carr Re-Thinking the Human Factor episode with Dan Ariely in which ‘choice architecture’ is discussed David Halpern - Inside the Nudge unit MORE ABOUT RACHEL LAWES: LinkedIn   Please subscribe to the podcast in iTunes, and if you enjoyed this interview, please share with your friends and colleagues and leave a 5 star rating and review.   Thanks for listening and sharing.   Bruce & The Re-thinking the Human Factor Podcast Team
undefined
Apr 4, 2019 • 55min

Episodes Review with Nathan Mielke, Director of Information Technology & Cyber Security Manager

While Nathan Mielke was teaching a cyber security lesson in homeroom at the Hartford Union High School in Wisconsin, the school experienced a distributed denial-of-service (DDoS) attack that took them down for about a class period. While the identity of the attacker was never discovered, Nathan is fairly certain the attacks were coming from a student’s phone, or as it goes in classic American Horror films, the call was coming from inside the house…   Episodes Review with Nathan Mielke, Director of Information Technology & Cyber Security Manager   Nathan Mielke joins us for this episode of the Re-Thinking the Human Factor Podcast. Nathan is from Milwaukee, Wisconsin, and he’s a Director of Information Technology & Cyber Security Manager combining high-level security and systems domain administration experience with a background in leading infrastructure development, data solutions, and information risk programs. His job is to manage training, data intelligence, risk, cyber defence, and investigation activities to safeguard users, secure assets, and ensure high-level security and systems domain administration. He and his team stay updated on the latest trends in security equipment/technology to not only keep the organisation safe but also on the cutting edge.   Interestingly, Nathan began his career as a Librarian, took a turn into the IT realm, and through a series of DDos attacks and other events has brought him to where he is now.   In this episode, Nathan Mielke joins Bruce Hallas to discuss insights they’ve both picked up while listening to the previous 3 episodes of the Re-Thinking the Human Factor Podcast: Char Sample Jonathan Armstrong Bennett Arron   “But ultimately, when something goes wrong, you will be judged on the thinking process that you had behind the choice that you made…”   SOME OF THE TOPICS NATHAN AND BRUCE DISCUSS IN THIS EPISODE ARE: What is it that drew Nathan to the Human Factor, the people piece? Bennett Arron’s routine involving asking if any people in the crowd had been arrested and the lesson of timing and easing one’s audience into heavier, more difficult topics. Char Sample, culture as a vector for attack, and how Nathan incorporates that insight into his goals for increasing security awareness for the educators he works with. As was pointed out in Jonathan Armstrong’s episode, people must rehearse for what happens in the case of a security breach, and each of the involved organisational teams (i.e. Cyber, Lawyer, PR, etc) need to know how to work together in those situations to solve issues quickly and effectively. Regarding the human factor piece, do we think of awareness as being internal-facing only, or should we be considering that awareness is also about external stakeholders that may have an interest in what we’re doing? How medium to small size businesses are the ones often flying by the seat of their pants when it comes to security awareness, behaviour, and culture. The probability that people who work in a positive cultural environment are more likely not only to retain training, but also to stop, think, ask questions, and behave in a safer more thoughtful manner than those who work in negative, stressful cultural environments. Stress those who are CISOs or Security Managers experience based on tight budgets and expectations born from the false belief many organisational leaders hold that if IT and security managers are doing their jobs, nothing bad is going to happen, ever; and how that stress effects the performance of those in charge of security awareness, behaviour, and culture for an organisation. How security and awareness managers and leaders need to be sure to build and maintain trust and a positive relationship with others in their organisations in order to bolster security efforts organisation-wide.     “Your data breach is coming. Are you prepared for it?”     MORE ABOUT NATHAN MIELKE: LinkedIn   Please subscribe to the podcast in iTunes, and if you enjoyed this interview, please share with your friends and colleagues and leave a 5 star rating and review.   Thanks for listening and sharing.   Bruce & The Re-thinking the Human Factor Podcast Team
undefined
Mar 21, 2019 • 52min

Using Humour to Raise Cyber Awareness, with Bennett Arron

How a Victim of Identity Theft Uses Humour to Generate Cyber Awareness, with Bennett Arron   Welcome to Episode 20 of the Re-Thinking the Human Factor Podcast. Joining us on the show today is Bennett Arron, Bennett was one of the first major victims of Identity Theft in the UK. According to the Police and credit reference agencies, he owed thousands of pounds to phone companies, banks and department stores. The only thing was, it wasn’t him. This theft resulted in Bennett becoming penniless and homeless.   A comedy about identity theft Years later, Bennett wrote a comedy show about his experience. The show was critically acclaimed at the Edinburgh Festival and led to Bennett being asked to direct and present the documentary 'How To Steal An Identity' for Channel 4. How to steal an identity In the documentary, Bennett proved, through a series of stunts, how easy the crime of ID theft is to carry out by first stealing the identities of the general public and then, rather foolishly, stealing the identity of the Home Secretary. The documentary was 'Pick of The Week' in The Guardian and The Telegraph and was called ‘Fascinating and Disturbing’ by the TV Times. Bennett was shortlisted for a BAFTA. As a result of Bennett’s programme, the UK Driving Licence Application Form had to be changed… The programme can be viewed below (and you don’t even have to put in your bank details to watch!). https://www.youtube.com/watch?v=-URDjwb0fS4   Bennett now tours the world, telling his disturbingly true yet funny account of what it’s like to have your identity stolen and revealing the devastating consequences of making a documentary ‘in the public interest’. He was the Guest Speaker at the International Fraud Convention in Italy, the International Congress on Anti-Fraud and Anti-Corruption in Poland (twice), the Security Forum in South Africa and the opening keynote speaker at AUScert, Brisbane in front of 2000 delegates. In addition to this, Bennett also speaks to Management and Customer Service Staff on the subject of Data Protection and GDPR showing how the repercussions from clerical, computerised or face-to-face errors can be devastating. “People are shocked at what they fall for when they think they’re actually defending themselves…” JOIN BENNETT ARRON AND BRUCE HALLAS AS THEY DISCUSS THE FOLLOWING: Trying to stir emotion in an audience is one thing, but being emotional yourself helps that. However you’re going to communicate to your audience, it’s going to be much more powerful if the person creating the content has emotional investment in the topic. Whether or not humour is as powerful an ingredient in effective communications as it is thought to be. The importance of having good timing when using humour in communications. Are there underlying processes one can learn to become funny or get better at being funny? Finding your voice. Knowing the right time for the right voice. The importance of tone of voice as well as tone of subject matter in effective communication. Humour as a softer means of communicating awareness initiatives or policy so that people’s responses and engagement with the information is more open. How laughter effects humans physiological and psychologically. That humour works across cultures as long as references are dropped that would be culturally irrelevant to the audience at hand.   MORE ABOUT BENNETT ARRON: Shopping Centre Scam Website LinkedIn   Please subscribe to the podcast in iTunes, and if you enjoyed this interview, please share with your friends and colleagues and leave a 5 star rating and review. Thanks for listening and sharing Bruce & The Re-thinking the Human Factor Podcast Team
undefined
Mar 7, 2019 • 1h 10min

Awareness, Behaviour, Legal and Regulatory Requirements, with Jonathan Armstrong

Join Jonathan Armstrong, a lawyer who helps multinational clients with risk and compliance across Europe, as he discusses training/practice for reducing cyber attacks and addressing problems. The importance of education and awareness training, collaboration between legal and compliance professionals, and selecting quality online training for European responsibilities are highlighted. Methods for data transfer and data protection standards, regulators' perspective on training and compliance, and the significance of education and awareness in security standards and regulations are also explored.

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
App store bannerPlay store banner
Get the app