Blog and publications
Cybersecurity Awareness: A Market for Lemons
Anyone who has ever felt like the hours they put in didn’t equate to the value received may understand the impact this can have on motivation to carry out the job. Ambition and determination or [...]
You can drag a horse to water but you can’t force it to drink…
Building a Cybersecurity and Privacy Learning Program: NIST Releases Draft SP 800-50 Rev. 1 I was recently asked to review and provide feedback for a new draft NIST document - Building a Cybersecurity and Privacy Learning Program: [...]
The Elephant in the Room: Security Culture Goes Beyond Compliance
Compliance—the adherence to security standards and processes—is a common sight in the cybersecurity industry. For example, organisations implement the National Institute of Standards and Technology (NIST) framework and the International Organisation for Standardisation (ISO) 270001 [...]
What is socio-technical security and why should we care?
Socio-technical security is an approach to cybersecurity and information security that recognizes the interplay between social and technical elements in safeguarding systems, networks, and data. It acknowledges that security is not solely a technological [...]
Essential Metrics for Managing Human Risk in Security: A Guide for Chief Information Security Officers
As Chief Information Security Officers (CISOs), the responsibility of protecting your organisation from security threats falls heavily on your shoulders. While technological safeguards play a crucial role, the human impact in security can have a [...]
6 Top Tips for Cybersecurity Awareness Campaigns
Here are a 6 top tips of things to keep in mind when planning your campaigns: 1. Keep it simple - simplify language and don't use jargon terms 2. Keep it relevant (that starts with [...]
Is there a demand for psychometrics in cybersecurity?
(Courtesy of ChatGPT OpenAI) Yes, there is a growing demand for psychometrics in cybersecurity. Psychometrics refers to the field of study that focuses on psychological measurement, assessment, and testing. It involves measuring psychological traits, abilities, [...]
Cybersecurity Awareness, Cyber Alchemists and Critical Human Data
It takes an army to build an army Big kudos to those responsible for designing and implementing cybersecurity awareness campaigns. They are the Cyber Alchemists of the 21st Century. Their job is to deeply understand [...]
How to catch a spy without discrimination
When liaising with those who are responsible for security vetting and background checking prior to the recruitment of personnel who have a special requirement to respect national security, one common thread stands out; much of [...]
Why security culture is reaching for the stars and recruiting for a security mindset is falling on the moon
The discourse around security culture has been inspiring. People responsible for technology and increasingly talking about people and culture and how important it is to build a security culture. No one could ever criticise this [...]