08-29-19 - Security Pro's Guide to Hacking an Apathetic Staff

Security Pro's Guide to Hacking an Apathetic Staff

August 29, 2019

CISO | Security Vendor Relationship Series

This week's episode of Defense in Depth

Hacking Employees

Defense in Depth: Employee Hacking

 On this episode of Defense in Depth:

Co-host Allan Alford and our guest Yael Nagler, consultant, discuss:

  • Employee hacking is an effort to get employees to do what you need them to do in order to pull off your security program

  • There's a grand debate as to whether you should be hacking employees (use the tools you've got) or working with them (don't trick).

  • Many listeners likened this motivation technique to be no different than sales persuasion methods. But these methods are focused on getting individuals to take a single action, to purchase. This is not the case for a CISO who must change a wide ranging set of behaviors that are often not connected to individual desires.

  • To complicate matters even more, a CISO must sell a process and culture change, NOT a product. It's not easy to change human behavior.

  • Manipulation is a tainted word. You need to respect differences and find a common ground to motivate employees to show concern to want to stay with a security program.

  • One way to get people to care about security is to internally explain what do big security news items have to do with your business and how a similar breach could or couldn't happen to your business.

  • While you're trying to win someone over, it's not a selfish interest. It's of interest to the individual and the company. It's just the individual has to understand why they're changing behavior and see value in making that change.

Special thanks to this week's Defense in Depth podcast sponsor, Anomali.

Anomali

harnesses threat data, information, and intelligence to drive effective cyber security decisions.

A.J. Nash, director of cyber intelligence strategy, Anomali on the value of threat intelligence

CISO Series Live in NYC's Times Square 9/5/19

Short preview of the live audience recording of the CISO/Security Vendor Relationship Podcast happening at the WeWork location in NYC's Times Square on Thursday, September 5th, 2019. Watch the video, and then register for the event.

Mike Johnson on the trend of cybersecurity arrogance

SUBSCRIBE TO BOTH PODCASTS

Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.

If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.