People
The more that we warn people about threats that don’t manifest in their personal lives, the more likely people become desensitised to our warnings. Rather than send fewer warnings, we need to include context and consequences as integral parts of... Read more
Culture & Education
Our brains can be our own worst enemy when it comes to following security controls. It’s not that we don’t want to follow the rules; we do. The problem is that our experiences and memories influence to make decisions based... Read more
Information security / People
It’s easy to feel overwhelmed by the madcap pace of change in technology. Sometimes it might feel like all our hard-earned technical knowledge was wasted on yesterday’s “top of the line” equipment. Considering how long tech stays embedded in our... Read more
Information security / People
People like to believe they’re perfectly rational beings. It can be a shock to learn that we’re not. It’s critical for people to understand their natural cognitive biases and learn how to overcome them so that critical security controls will... Read more
CISOs
The most efficient phishing attacks are precisely crafted messages that use our known psychological attributes against us, stimulating us to act against our own training and better judgment. Security Awareness writer Keil Hubert describes a mysterious email message that could... Read more
CISOs
Oh no! The users have learned about a terrible new cyber threat and want immediate guidance! What do you do? There are several options; the most challenging option requires to you to engage your users according to their varying levels... Read more
Information security
There’s no such thing as “perfect security” just like there’s no such thing as a “real” unicorn. Most people have come to accept these truths as they’ve matured. Some haven’t for whatever reason. As security professionals, we have a duty... Read more
Information security
Security training isn’t a one-to-one analogue for technical skills instruction, especially when you’re training non-technical people. Security trainers need to adjust their course designs and teaching method to account for the probability that some students don’t share a common reference... Read more
Culture & Education
April Fools’ surprises can be a delight, making this the one day each year that security professionals don’t mind getting exposed to shocking content. The rest of the year, the sort of awfulness that arises in monitoring and investigations can... Read more
Information security
Security is the art and science of protecting people. Sometimes, the “personnel security” subdiscipline involves defending people against environmental threats like irritating repetitive noise … from a public television. I’d like to share a personal opinion on workplace happiness: if... Read more
Join our community of cyber professionals today!