Created with Sketch.
Re-thinking The Human Factor with Bruce Hallas
54 minutes | Nov 29, 2021
Understand the forces at play.
Our guest, is Dr. Ben Evans. Ben is an aeronautical engineer, and he’s applying his understanding of the forces at play, to the seemingly insurmountable challenge of conquering the breaking a world record at the Bloodhound Land Speed Project. Ben talks about the laws of science and engineering which help him to find the marginal opportunities for improvement which are helping the team towards breaking the world record. But, in this interview, it’s also clear to me, that success is a matter of teamwork often with colleagues with different and sometimes conflicting priorities. Understanding the forces at play includes understanding science and nature, even when it comes to human awareness, behaviour and culture, but it’s also about understanding the forces at play across stakeholders, where often conflicting priorities and interests can arise. Getting the “Team” aspect right, you could argue is as important as the science which drives decision its self.
49 minutes | Nov 3, 2021
The human factor. A view from Brazil.
In this episode we look through the eyes and experiences of an education and awareness manager from Brazil. We explore the consistent challenges, no matter where you are or what your culture is, when it comes to employee awareness, behaviour and culture.
48 minutes | Oct 18, 2021
Versace, Burberry and Lacoste. Thoughts from branding.
In this episode we delve into the world of branding with the out standing Geraldine Michel and explore possibilities for security professionals responsible for the human factor. We draw on lessons from the world of fashion, by skirting through branding and how Brand Directors and Managers utilise this mammoth of the modern day commercial world to shape and influence behaviour and culture.
65 minutes | Oct 5, 2021
An internal communications perspective.
Internal communications is a major stakeholder in employee awareness, behaviour and culture. We often defer to their skills and experience as the specialists in communication strategy for reaching out to internal staff. However, there's something a foot in the industry. Traditional ideas of what makes "good internal communications" are being challenged and our good friend "behavioural science" has been a great influence on the thought leaders in the field of communications. In this episode I talk with one such thought leader.
51 minutes | Sep 6, 2021
The human factor in the middle of a major security breach.
In previous episodes of the podcast we have explored why human judgement and decision making, which drives our behaviour, is heavily influenced by the environment within which we make our decisions. In this episode we take this one step further and ask how employee awareness, behaviour and culture pans out, after all of the theorising and planning, when the tranquil environment of corporate learning is replaced by the rawness of a major security crisis.
61 minutes | Aug 9, 2021
In this episode I am joined by my co-authors, Adrian, Ciaran and Jess, of the CyberSecurity ABC’s book for a long overdue catch up. We hadn’t been able to spend anytime chatting for a while and so it was fabulous to get us all together again to enjoy having a talk about security awareness, behaviour and culture. We touch on not just the challenge of employee awareness, behaviour and culture but also about industry stakeholder’s roles in recognising the long overdue need for change. We explore the role of the environment in people’s decision making through the way Covid 19 has shaped not just the world but highlighted the need for continually re-assessing employee education and awareness. We tread the well-trodden path and saying that education and awareness doesn’t always deliver changes in behaviour and culture, and we ponder whether there needs to be a change in the language that industry uses to really break through the glass ceiling that’s been imposed on everyone responsible for employee education and awareness. It’s a great episode, touching on so much, with some laughter rolled in and a dodgy rendition of the Thompson Twin’s Doctor, Doctor track as well.
63 minutes | Jul 19, 2021
An ex-regulators view on awareness, behaviour and culture.
Episode Outline: We love a different angle here at Re-thinking the human factor and we think this interview is a great new angle with which to tickle your re-thinkology senses. Pay attention closely and it’s littered with insights which can make a difference to your efforts. In this episode I have the privilege to chat with the ex Information Commissioner to the United Kingdom, Richard Thomas. Richard was appointed by Her Majesty the Queen to spearhead the data protection office in its delivery of embedding privacy cultural values into day to day life in the United Kingdom. Richard explains the challenges that he and his team faced around awareness, behaviour and culture and also his thoughts around what good awareness, behaviour and culture might look like from a regulators perspective when assessing an organisation who has been reported to the regulator for a breach in security around personal data.
51 minutes | Jul 5, 2021
What does it mean to have a people-centric approach to cybersecurity? And, why you should have one?)
The vast majority of cyber attacks target people, not technology. That's why an approach to cybersecurity that centres around people can be a game changer. Research shows that ensuring employees know what to do when faced with a real threat can reduce successful phishing attacks and malware infections by up to 90%. But how do you go about it? Do you just go for it? In this episode, we’ll dive deeper into what it means to have a people-centric approach to cybersecurity, and how putting the human at the heart of your strategy can be a change gamer.
65 minutes | Jun 27, 2021
Content is king or so they say! Discover some caveats around the saying as we explore the role of a security influencer.
In this episode we talk with a guest who is on the front line when it comes to employee education and awareness. We talk about video content, tailoring your content to your audience and what it takes to succeed when it comes to creating videos for education and awareness purposes. We will also explore why we should not neglect, or make assumptions about, the cyber security teams brand and how our customers perceive us. And, if we get this right, how it contributes to our roles as influencers of employee awareness, behaviour and culture.
53 minutes | Jun 21, 2021
What role training materials must play in building security aware-rich organisations?
Knowing when to deliver the right education, to the right people, at the right time is critical in building security aware teams that succeed. However, when failing to maintain users engaged the organisation’s exposure to threats might be an even bigger challenge to solve. In this episode, we’ll diver deeper into how ‘limited attention’ can result into a security awareness-poor organisation and explore the different ways in which people learn, the importance of ‘Learning Science Principles’ in maximising the learning curve.
56 minutes | Jun 14, 2021
What does it take for security teams to win in the cybersecurity fight?
Cybersecurity awareness can be one of the most challenging items in any CISO, IT/Security team’s agenda as building a program that effectively drives awareness and cultural change can be daunting. After all what makes us human, makes us a risk! So, what does it take to win when it comes to driving user behaviour? In this episode, we’ll look at where do you start with a company-wide training program that aims to change behaviour and impact organisational culture. What barriers might you come across to get buy-in and how to overcome them.
49 minutes | Jun 7, 2021
How technology can be a CISO's best friend in changing behaviour.
Culture is an intrinsic part of what makes us human – it encompasses the social behaviour and norms found in human societies and their individuals. And, in a ‘always on’ digital society, that can only mean one thing – We Click! We click to open potentially malicious emails, infected files. We click to share information and then we click to share a bit more – all in a simple click of a button. In this episode, we explore how cultures are formed and influenced by digital, social media, and we touch on the role of technology in allowing organisations to drive security awareness and cultural change in today’s ‘NEW HQ’.
40 minutes | May 31, 2021
Re-thinking the Human Factor: Cyber Security Mini Series
Humans have achieved great things, from survival through to prosperity, and all because of how our brains have evolved. However, our physical and cognitive evolution lags behind Moores law and our brains just cannot cope with the amounts of information and huge number of decisions we need to make both consciously and unconsciously every day How do our brains cope and why does this coping mechanism make us vulnerable and keep CISO’s awake at night? In this episode Bruce and ProofPoint's in resident CISO Andrew Rose tackle this thorny question amongst a range of other interesting points
63 minutes | Apr 28, 2020
A conversation with award-winning CISO, Andrew Rose
A conversation with award-winning CISO, Andrew Rose ANDREW ROSE joins us for Series 3, Episode 12 of the Re-Thinking the Human Factor Podcast. Join us for this straight forward discussion with an award winning CISO who transformed security management for three major organisations. With his extensive background, Andrew is a strong relationship manager who is able to develop and lead teams, driving initiatives forward with a style that is facilitative, tenacious and positive. Able to communicate, co-ordinate and influence effectively at all levels and respond to challenges with dedication, enthusiasm and pragmatism. Andrew Rose is strongly focussed on sensible, cost effective security solutions being used to enable a business to innovate and develop. AS YOU LISTEN TO THE EPISODE, IF YOU FIND YOURSELF WANTING TO IMPLEMENT SOME OF THE INSIGHTS YOU’RE GAINING BUT YOU FEEL YOU NEED A LITTLE HELP, PLEASE DO GET IN TOUCH WITH ME AT: firstname.lastname@example.org JOIN ANDREW ROSE AND BRUCE HALLAS AS THEY DISCUSS: The early days of cyber security and how people almost gave up on the human factor. How the idea of applying the knowledge of human awareness came into play. Challenges today’s cyber security managers face. How can you be safe if you are not secure? The key indicators to a healthy security culture. The influences that help to drive our decision-making and behaviour. Designing cyber security awareness and training with the human in mind. How to win over people to try something new. How hackers think. RESOURCES AND TOPICS FOR FURTHER STUDY B.J. Fogg and his new book, "Tiny Habits" The Analogies Project MORE ABOUT ANDREW ROSE: LinkedIn Twitter Please subscribe to the podcast in iTunes, and if you enjoyed this interview, please share with your friends and colleagues and leave a 5 star rating and review. Thanks for listening and sharing. Bruce & The Re-thinking the Human Factor Podcast Team
47 minutes | Apr 21, 2020
Know your cyber security risks, with Prudence Smith
Know your cyber security risks with Prudence Smith PRUDENCE SMITH joins us for Series 3, Episode 11 of the Re-Thinking the Human Factor Podcast. Join us as we discuss risk assessment within a changing cyber landscape. We know our listeners are going to glean a great deal from this discussion this week and enjoy the fruits of Prudence’s years of experience. PRUDENCE SMITH is a trusted cyber and security risk professional who has been working in security, technology and compliance in a career spanning over 20 years, working in large multinational financial institutions, senior management, client and government liaison, high-risk targets, intelligence and SMB infrastructures. So put the kettle on, sit back and enjoy this riveting discussion as Prudence explains the importance of understanding the ever changing landscape of cyber security risk. AS YOU LISTEN TO THE EPISODE, IF YOU FIND YOURSELF WANTING TO IMPLEMENT SOME OF THE INSIGHTS YOU’RE GAINING BUT YOU FEEL YOU NEED A LITTLE HELP, PLEASE DO GET IN TOUCH WITH ME AT: email@example.com TOPICS DISCUSSED: When/why human behaviour become a focus in the cyber security industry. How an audit lead to the investigation into the human factor. Cyber security awareness. Risk-based profiling. Cyber Security Education, Awareness and Culture. What impact events such as the Coronavirus have on culture and awareness. RESOURCES AND TOPICS FOR FURTHER STUDY RSA Conference The Analogies Project Consumer Data Research Report MORE ABOUT TERRY O’REILLY: LinkedIn Twitter Please subscribe to the podcast in iTunes, and if you enjoyed this interview, please share with your friends and colleagues and leave a 5 star rating and review. Thanks for listening and sharing. Bruce & The Re-thinking the Human Factor Podcast Team
62 minutes | Apr 14, 2020
Marketing Strategy Applied To Cyber Security with TERRY O’REILLY.
Marketing Strategy Applied To Cyber Security with TERRY O’REILLY TERRY O’REILLY joins us for Series 3, Episode 10 of the Re-Thinking the Human Factor Podcast. Join us as we delve into the brilliant marketing mind of our guest so we can apply this understanding to our industry of cyber security and awareness. Terry O’Reilly is the host of CBC Radio's Under the Influence. Co-Founder of The Apostrophe Podcast Company. He is also an engaging speaker and author to boot, with over 35 years of experience as an adman. He discusses the bigger issues of marketing and how it affects the public. But most of all, Terry connects the dots when it comes to pop culture, human nature and the numerous gales and undertows that effect communication. Sprinkled, of course, with the humour required to deal with it all. AS YOU LISTEN TO THE EPISODE, IF YOU FIND YOURSELF WANTING TO IMPLEMENT SOME OF THE INSIGHTS YOU’RE GAINING BUT YOU FEEL YOU NEED A LITTLE HELP, PLEASE DO GET IN TOUCH WITH ME AT: firstname.lastname@example.org JOIN TERRY O’REILLY AND BRUCE HALLAS AS THEY DISCUSS: Marketing, and its application to cyber security and awareness. Shish Kebab Theory. The long game of cyber security awareness and training. Strategies for effectively marketing cyber security campaigns. How to gain an understanding of your target audience. Are people gathering data frequently enough? Understanding and aligning your company’s values with your cyber security goals RESOURCES AND TOPICS FOR FURTHER STUDY This I Know - By Terry O'Reilly The Analogies Project MORE ABOUT TERRY O’REILLY: LinkedIn Company LinkedIn Page Under The Influence Podcast Please subscribe to the podcast in iTunes, and if you enjoyed this interview, please share with your friends and colleagues and leave a 5 star rating and review. Thanks for listening and sharing. Bruce & The Re-thinking the Human Factor Podcast Team
70 minutes | Apr 7, 2020
Why we need to re-think the human factor in security, with Bruce Hallas
Why we need to re-think the human factor in security, with Bruce Hallas Bruce Hallas sits in the hot seat for a change as Alexia of Marmalade Box grills him, for this: Series 3, Episode 4 of the Re-Thinking the Human Factor Podcast. Having received a lot of emails asking us for more information about Bruce Hallas, the host of this podcast, Alexia agreed to put Bruce through some viewer lead questioning in the hopes of delving deeper into his background and expertise. Having trained in accounting and law, Bruce started his work life in business development, outside the realms of tech, and found himself passionate about security awareness and human behaviour. Via a series of questioning, 7 years ago Bruce was lead to his groundbreaking research that lead to his book ‘Rethinking The Human Factor’. Apart from his work as a researcher and author, he also runs Marmalade Box, a company dedicated to helping organisations cultivate and design a positive security awareness by raising awareness and influencing behaviours. Bruce is an expert in reducing risk and helping companies design security processes that reduce the guesswork from the human factor. We know you will enjoy listening to how and why Bruce is so passionate about his chosen occupation and how you can benefit from his vast understanding. AS YOU LISTEN TO THE EPISODE, IF YOU FIND YOURSELF WANTING TO IMPLEMENT SOME OF THE INSIGHTS YOU’RE GAINING BUT YOU FEEL YOU NEED A LITTLE HELP, PLEASE DO GET IN TOUCH WITH ME AT: email@example.com JOIN BRUCE HALLAS AND ALEXIA AS THEY DISCUSS: The questions Bruce asked himself when he started his research journey. How understanding the human factor allows for better engagement. Breaking down the entire system within information security to better the process. The Analogies Project and how analogies help in shaping culture and behaviour. Who benefits the most from the Rethinking The Human Factor research? Designing with the human in mind. Does evidence point to the validity of the frame work created from the research done in Rethinking The Human Factor? The importance of establishing a cohesive vision as an anchor. How personal values influence culture. What can my organisation do to benefit from this? RESOURCES AND TOPICS FOR FURTHER STUDY Rethinking The Human Factor by Bruce Hallas Nudge by Richard H. Thaler The Power Of Analogy by Dieter Wanner MORE ABOUT BRUCE HALLAS: LinkedIn Marmalade Box The Analogies Project Please subscribe to the podcast in iTunes, and if you enjoyed this interview, please share with your friends and colleagues and leave a 5 star rating and review. Thanks for listening and sharing. Bruce & The Re-thinking the Human Factor Podcast Team
65 minutes | Mar 31, 2020
Taking risks to reduce risk, with Eric Ravello
Taking risks to reduce risk, with Eric Ravello If criminals are doing research into human behaviour then they are designing phishing attacks with the human in mind. As attackers change their attacks, so must cyber security providers change their methods of dealing with them. Eric Ravello joins us for Episode 33 of the Re-Thinking the Human Factor Podcast. We are holding strong to our promise to bring you top notch guests this week, we cannot wait to delve into this podcast topic. Eric has more than 15 years of experience within cybersecurity, acquired with multiple programs in international environments. Eric loves to inspire confidence and create cooperation for people in long term strategy. He believes we can achieve a better environment by designing and managing positive security culture programs that respect all individuals. To transform his environment, he delivers attractive and engaging campaigns for all or tailored to specific business functions. He is not afraid to go against the grain and take risks. AS YOU LISTEN TO THE EPISODE, IF YOU FIND YOURSELF WANTING TO IMPLEMENT SOME OF THE INSIGHTS YOU’RE GAINING BUT YOU FEEL YOU NEED A LITTLE HELP, PLEASE DO GET IN TOUCH WITH ME AT: firstname.lastname@example.org RESOURCES AND TOPICS FOR FURTHER STUDY Re-Thinking The Human Factor E-Book The Analogies Project MORE ABOUT ERIC RAVELLO: LinkedIn Please subscribe to the podcast in iTunes, and if you enjoyed this interview, please share with your friends and colleagues and leave a 5 star rating and review. Thanks for listening and sharing. Bruce & The Re-thinking the Human Factor Podcast Team
53 minutes | Mar 24, 2020
Simplifying Cyber Security, with Neil Frost
NEIL FROST joins us for Series 3, Episode 7 of the Re-Thinking the Human Factor Podcast. Join us for this straight forward discussion on how to cultivate easy to digest security campaigns that have the lasting effect of benefiting culture. Neil Frost was part of the team responsible for Security Awareness and Culture at the HMRC (the UK Tax Office). Before that he worked at the UK Police Force on Training and Awareness. AS YOU LISTEN TO THE EPISODE, IF YOU FIND YOURSELF WANTING TO IMPLEMENT SOME OF THE INSIGHTS YOU’RE GAINING BUT YOU FEEL YOU NEED A LITTLE HELP, PLEASE DO GET IN TOUCH WITH ME AT: email@example.com JOIN NEIL FROST AND BRUCE HALLAS AS THEY DISCUSS: Defense against cyber attacks. Tips to make your cyber security training efforts more effective. How budgeting effects training outcomes. How perceptions can block the flow of information. Using data to create security training around the needs of your organization rather than throwing something against the wall and hoping it sticks. How to get the real data rather then answers given "just to please". Implementing lasting behavioural change through messaging and stories. Story telling as a means of communication is hard wired into human behaviour. Finding the right tools such as software platforms and technology to create your solutions. RESOURCES AND TOPICS FOR FURTHER STUDY Wired For Story The Analogies Project MORE ABOUT NEIL FROST: LinkedIn Bobs Business Bobs Business (Twitter) Please subscribe to the podcast in iTunes, and if you enjoyed this interview, please share with your friends and colleagues and leave a 5 star rating and review. Thanks for listening and sharing. Bruce & The Re-thinking the Human Factor Podcast Team
55 minutes | Mar 17, 2020
The Accidental Security Specialist, with David Shipley
The Accidental Security Specialist, with David Shipley. Living up to our promise to bring you fantastic guests, David Shipley joins us for Series 3, Episode 6 of the Re-Thinking the Human Factor Podcast. Time to go phishing so grab your rod. David is a self professed accidental cyber security professional, but has spent time as a soldier, newspaper reporter and marketer. After a cyber hack within his company occurred, David grew increasingly interested in cyber security and was asked to take on this role within his company. Currently based in Canada, David is an award-winning entrepreneur and head of Beauceron Security. Beauceron's holistic approach to measuring and reducing cyber risk brings together threat intelligence, user education and awareness, simulated attacks and real incident data into an easy-to-use and deploy cloud platform that transforms cybersecurity from an IT-centric issue into a pan-organization management opportunity. AS YOU LISTEN TO THE EPISODE, IF YOU FIND YOURSELF WANTING TO IMPLEMENT SOME OF THE INSIGHTS YOU’RE GAINING BUT YOU FEEL YOU NEED A LITTLE HELP, PLEASE DO GET IN TOUCH WITH ME AT: firstname.lastname@example.org IN THIS EPISODE, DAVID SHIPLEY AND BRUCE HALLAS DISCUSS: The sheepdog effect. Turning the cyber victims into defenders. Empowering the person. The importance of driving behavioural reinforcement within a culture to keep positive cyber security behaviour thriving. Getting the metrics correct- Repeat clickers and what we can learn. Taking the time to make sure people really retain new cyber security-related information and behaviours. Phishing fallibility: Is someone’s emotional state a factor to be considered? The 8 emotional scale. Fear response, social hi-jacking and engineering. How time affects people’s behaviour during a 24 hour period. The power of keeping calm. Speed can often be your enemy. The Power Model - what it is and how it can be used to boost cyber-security awareness: People, environment, actions and resources. Creating an easy to use protocol to gauge involvement. Learning from each other. Building a solid support structure. Black box culture - going deeper into more effective cyber security training: Talking about issues without laying blame. The story of the mayor that got phished. Learning from mistakes in proactive ways. Rewarding right behaviour. Scoring people and then helping them improve their performance within the security culture. Compliance: Exceeding compliance via relative, contextual, timely informative videos. Treat your audience like adults. Using Surveying as a tool to generate better metrics around risk and awareness: The importance of your baseline and the importance of a good survey. How does bias affect survey answers and are there ways around it? Using video responses to surveying to offer training in weak spots and offer guidance and support to colleagues. Start a positive feedback loop. Phishing attacks and data strategy. Data gathering from ‘time to click’ data proves to be very fruitful at limiting risk. Huge amounts of data are available to be mined to design cyber security awareness and education pieces that change behaviour. Having a strategy for data gathering is crucial. Learning when people click leads to a defined process towards a positive security culture. Cyber Security Marketing. The same tools that marketing applies can be used when trying to form a new culture of awareness within a business. What is a KPI clash? Where is the cyber security industry failing? Not enough focus on the human factor. Not enough funding for training. Real meaningful change comes with data and planning correctly Data driven decision making around security awareness. The need for sharing resources exists to help strengthen the entire security industry. RESOURCES AND TOPICS FOR FURTHER STUDY More about heuristics The Analogies Project Black Box Thinking MORE ABOUT DAVID SHIPLEY: LinkedIn Beauceron Security Twitter Please subscribe to the podcast in iTunes, and if you enjoyed this interview, please share with your friends and colleagues and leave a 5 star rating and review. Thanks for listening and sharing. Bruce & The Re-thinking the Human Factor Podcast Team
Terms of Service
Do Not Sell My Personal Information
© Stitcher 2022