Cyber Insights - Part 3 - with a Security Engagement Leader
We’re delighted to be joined by a Security Awareness and Engagement Leader who, due to their role and organisation, will remain anonymous for this interview. We are however, enormously grateful for their insights that we are thrilled to be able to share with you as part of our ‘Cyber Insights’ series.
People with your expertise and experience in Security Training and Awareness are now in high demand. What do you think has been the catalyst in recent years to the realisation that cyber security isn’t just a technical issue?
Cyber attacks aren’t just reserved for the technical elite and movies now, it’s not something buried away in a special interest section of the news. It’s happening every day, to all of us and is becoming part of the daily conversation. Which in its own strange way is a good thing that it’s being acknowledged, but this also comes along with a lot of misunderstanding and fear amongst people who aren’t necessarily plugged into the world of security. So, mixing this together along with the fact that cyber is a staple in mainstream news, it has generated a market for people like me who are able to translate the complicated security ‘jargon’ into the ‘so what’ for the regular, non-technical audience.
What was it that drew you to this career initially and inspires you to continue now?
I come from a background of people engagement, marketing and languages. So interacting with people is my professional background, but I have deep personal interest in the world of cyber security - I decided to mix them together!
What is the biggest challenge you have faced to date within security awareness and how did you overcome this?
At the moment, and I think for the foreseeable future across the whole industry, is getting people to care. Security is still seen sometimes as a blocker, so my big challenge, and I’m sure a lot of my peers’ too, is facilitating peoples’ jobs, whilst getting them to act more securely of their own accord. It’s an ongoing process and I’ll let you know when I overcome it, but at the moment my main strategy is bringing people on the ‘journey’ with me rather than doing things ‘to’ them. People like to know why you’re asking them to change their habits, and I guess it’s a fair question!
If we think of effective security awareness training as essentially, a cultural change program, what kind of personality suits someone working in your role?
I personally don’t see there being a certain ‘kind’ of personality. You have to love what you do, and this passion will show through to your audience. Being empathetic and able to channel frustration to your advantage is a key skill; sometimes the people most passionately against you are the ones who are the best ones (with the most energy) to support you - it’s just a matter of getting them on your side!
Who have you found are the early adopters and who are typically the laggards in engaging with corporate security awareness training? How do you effectively engage the laggards?
I haven’t found any real rhyme or reason to it - I think it’s down to the individual’s personality and how well you communicate to them. What works for some demographics doesn’t work for others. ‘Horses for courses’ is my approach, rather than one size fits all.
A huge thank you to our expert for sharing their knowledge and insights in our third Cyber Insights feature.
If you’d like to feature in our Cyber Insights series you can contact the team at firstname.lastname@example.org.
Next week we will be speaking to another cyber and information security professional who will be sharing their insights!