The Accidental Security Specialist, with David Shipley.
Living up to our promise to bring you fantastic guests, David Shipley joins us for Series 3, Episode 6 of the Re-Thinking the Human Factor Podcast. Time to go phishing so grab your rod.
David is a self professed accidental cyber security professional, but has spent time as a soldier, newspaper reporter and marketer. After a cyber hack within his company occurred, David grew increasingly interested in cyber security and was asked to take on this role within his company.
Currently based in Canada, David is an award-winning entrepreneur and head of Beauceron Security. Beauceron's holistic approach to measuring and reducing cyber risk brings together threat intelligence, user education and awareness, simulated attacks and real incident data into an easy-to-use and deploy cloud platform that transforms cybersecurity from an IT-centric issue into a pan-organization management opportunity.
AS YOU LISTEN TO THE EPISODE, IF YOU FIND YOURSELF WANTING TO IMPLEMENT SOME OF THE INSIGHTS YOU’RE GAINING BUT YOU FEEL YOU NEED A LITTLE HELP, PLEASE DO GET IN TOUCH WITH ME AT:
[email protected]
IN THIS EPISODE, DAVID SHIPLEY AND BRUCE HALLAS DISCUSS:
- The sheepdog effect.
- Turning the cyber victims into defenders.
- Empowering the person.
- The importance of driving behavioural reinforcement within a culture to keep positive cyber security behaviour thriving.
- Getting the metrics correct- Repeat clickers and what we can learn.
- Taking the time to make sure people really retain new cyber security-related information and behaviours.
- Phishing fallibility:
- Is someone’s emotional state a factor to be considered?
- The 8 emotional scale.
- Fear response, social hi-jacking and engineering.
- How time affects people’s behaviour during a 24 hour period.
- The power of keeping calm. Speed can often be your enemy.
- The Power Model - what it is and how it can be used to boost cyber-security awareness:
- People, environment, actions and resources.
- Creating an easy to use protocol to gauge involvement.
- Learning from each other. Building a solid support structure.
- Black box culture - going deeper into more effective cyber security training:
- Talking about issues without laying blame.
- The story of the mayor that got phished.
- Learning from mistakes in proactive ways. Rewarding right behaviour.
- Scoring people and then helping them improve their performance within the security culture.
- Compliance:
- Exceeding compliance via relative, contextual, timely informative videos.
- Treat your audience like adults.
- Using Surveying as a tool to generate better metrics around risk and awareness:
- The importance of your baseline and the importance of a good survey.
- How does bias affect survey answers and are there ways around it?
- Using video responses to surveying to offer training in weak spots and offer guidance and support to colleagues.
- Start a positive feedback loop.
- Phishing attacks and data strategy.
- Data gathering from ‘time to click’ data proves to be very fruitful at limiting risk.
- Huge amounts of data are available to be mined to design cyber security awareness and education pieces that change behaviour.
- Having a strategy for data gathering is crucial. Learning when people click leads to a defined process towards a positive security culture.
- Cyber Security Marketing.
- The same tools that marketing applies can be used when trying to form a new culture of awareness within a business.
- What is a KPI clash?
- Where is the cyber security industry failing?
- Not enough focus on the human factor.
- Not enough funding for training.
- Real meaningful change comes with data and planning correctly
- Data driven decision making around security awareness.
- The need for sharing resources exists to help strengthen the entire security industry.
RESOURCES AND TOPICS FOR FURTHER STUDY
MORE ABOUT DAVID SHIPLEY:
Please subscribe to the podcast in iTunes, and if you enjoyed this interview, please share with your friends and colleagues and leave a 5 star rating and review.
Thanks for listening and sharing.
Bruce & The Re-thinking the Human Factor Podcast Team