56 episodes

Welcome to the Re-Thinking the Human Factor podcast. It’s a podcast for information security professionals, where we will be asking our guests to share thoughts and insights on security awareness, behaviour and culture.

Our guests come, predominately, from outside of the security industry. They all specialise in elements of awareness, behaviour and culture, or they have effectively tackled similar challenges, in their own industry or careers. The one thing that unites them all is their willingness to share their experience in the hope it might give our audience food for thought.

Re-thinking The Human Factor with Bruce Hallas Marmalade Box

    • Technology
    • 4.9 • 16 Ratings

Welcome to the Re-Thinking the Human Factor podcast. It’s a podcast for information security professionals, where we will be asking our guests to share thoughts and insights on security awareness, behaviour and culture.

Our guests come, predominately, from outside of the security industry. They all specialise in elements of awareness, behaviour and culture, or they have effectively tackled similar challenges, in their own industry or careers. The one thing that unites them all is their willingness to share their experience in the hope it might give our audience food for thought.

    The security function's culture.

    The security function's culture.

    In this episode we take a peek at the role of the security teams’ own culture and its impact on the broader organisational culture.
    This, is an important perspective, because whilst many commentators focus on influencing organisational culture they haven’t considered the role that the value and behaviours of the security team has in influencing positive security outcomes across the business.
    To help us explore this perspective, on cultural forces at play, we have a guest who knows a thing or two about how cultures are formed and influenced. Lianne Potter studied in social anthropology, then geeked out on technology before combining the two to shape an industry career which has achieved numerous accolades for her thought leadership in not just the human factor but also information security generally. Lianne, for me, illustrates a small, but growing force within the industry that recognises that the human factor needs to be repositioned not as an after thought once all the work of designing security controls has been done, but as a critical and key part of the process of understanding and managing information security risk.
    ©Copyright Marmalade Box Limited
    The content of this podcast is the property of Marmalade Box Limited. Any use of the content of the podcast, either in full or partially, will be considered an infringement of Marmalade Box Limited rights as sole owners of this content. Any enquiries about the use of this content should be directed to Marmalade Box Limited. Contact information can be found at www.marmaladebox.com .

    • 45 min
    An appointment with the Doctor to discuss culture, behaviour and decision making.

    An appointment with the Doctor to discuss culture, behaviour and decision making.

    If you’re a regular listener then you will have already met today’s guest Dr. Char Sample. Char is a force at work deep within the information security community. Char is a rarity, combining a deep knowledge of both the technical and human aspects of the challenges security professionals face when managing cyber security risks.
    Char and I go back a long way, to a horrible conference lunch in London, where her riveting conversation meant I didn’t have to eat what was on the plate in front of me. I have been forever grateful. That riveting conversation was all about our shared understanding of how culture influences everyone’s day to day behaviours and how everyday behaviours make up culture. That shared interest has led to many conversations and shared ideas about how the information security industry could step up a level by seeing the potential for improving how we assess and manage human factor risks.
    In this episode we capture one of those conversations. We talk about heuristics and biases, what they are and what role they might have in artificial intelligence. Why what makes us human often makes us behave in seemingly irrational ways even when presented with all the data we need  and assumptions we frequently make when developing and designing systems and processes and how this is undermining the management of business risks.
    Be warned, there's a lot of laughter in this episode.

    • 44 min
    Insights from advertising for security awareness professionals.

    Insights from advertising for security awareness professionals.

    In this episode we are joined by a guest who has committed their career to the world of advertising agency work. Influencing target audiences awareness of products and stacking the odds in their clients favour, that the target audience will choose their product over their competitors. The challanges our guest has faced, over the years, are in many ways similar to those that education and awareness managers, for information security and data protection, now face.

    • 57 min
    A Human Resource view on Information Security Awareness and Education

    A Human Resource view on Information Security Awareness and Education

    The role of the human resources function, in the the overall process of employee awareness, behavioru and culture can't be under stated.
    In the early days of my research, at Re-thinking the Human Factor, it was very apparent that HR was a major stakeholder. From what I like to call KPI's clash, where stakeholders KPI's sometimes clash against each other, through to employee performance and development, and from HR processes such as starters, movers and leavers, through to organisational change. The HR department can add a lot of value to the process of delivering change in employee security awareness, behaviour and culture if you work on fostering a beneficial releationship. 
    With that in mind I wanted to invite a guest who excels in the area of organisational development, epople management and HR. Our guest, Anne Benedict, stepped right up and agreed to share some insights into the challange of employee awareness and education, from a HR perspective.

    • 46 min
    Embracing Diverse Skills When Building an Effective Education and Awareness Team.

    Embracing Diverse Skills When Building an Effective Education and Awareness Team.

    When I first got involved in “information security” 20+ years ago, I found myself almost entirely surrounded by industry peers whose training and experience was in technology or technology disciplines. My training in law, marketing and finance, and my experience in business development, marketing, recruitment and even a stint in purchasing and supplies all seemed out of line with the world of IT security as it was called back then.
    As I came to understand, during my own research in human behaviour and culture, my lack of an education in technology meant I was culturally and even physically wired differently. This meant I looked at things through a different set of lenses. The result, was an approach that we would now call governance, risk and compliance. However, it was these very human disciplines, which led me to fundamentally think differently when it came to kicking off the Re-thinking the Human Factor research programme.
    Our guest Lana McGill, to me, enshrines the change in direction of an increasing number of forward thinking security professionals looking for a more mature approach to employee awareness, behaviour and culture. Lana believes that by diversifying their search for skills and experience, outside of the traditional industry expectations, you can bring new insights and energy to the challenge of influencing  employee behaviour and culture. Her role as a senior information security leader, in the finance sector, and her willingness to embrace other skills and experiences in the search for more effective interventions, gives hope that the industry inertia, when it comes to the human factor, may finally be shifting.
     
    ©Copyright Marmalade Box Limited
    The content of this podcast is the property of Marmalade Box Limited. Any use of the content of the podcast, either in full or partially, will be considered an infringement of Marmalade Box Limited rights as sole owners of this content. Any enquiries about the use of this content should be directed to Marmalade Box Limited. Contact information can be found at www.marmaladebox.com .

    • 52 min
    The Science Behind Metrics

    The Science Behind Metrics

    Finding relevent metrics, for security awareness, behaviour and culture has been a long standing  challenge which the information security industry has struggled hard to address.
    Now, when I reflect on how I personally tackled metrics, around the human factor, before I kicked off my research programme here at Re-thinking the Human Factor, I recognise I had an in-mature approach. That approach focused on what data I knew I could get rather than what was useful. Some industry folks called this "vanity metrics." That's all changed now, and that change started off, with getting back to basics by looking at what the science of measurement had to say.
    In this episode our guest and I talk about the sceince of measurement, how it is has evolved to enable human kind to progress at every stage of human evolution and how this knowledge might shine a light on the challenge of finding effective metrics when it comes to employee awareness, behaviour and culture.
    If you want to know more about how we have used this and other insights into metrics to support information security professionals measure the effectiveness of their programmes to influence security awareness, behaviour and culture then visit www.re-thinkingthehumanfactor.com and register for the monthly webinar. 
     

    • 50 min

Customer Reviews

4.9 out of 5
16 Ratings

16 Ratings

parentology ,

Amazing insight o on Re-thinking the Human Factor

Stumbled upon this podcast and it’s brilliant. Detailed, practical and innovative; these insightful interviews with experts give a fresh and engaging perspective on behavioural factors within information security. Excellent ideas and views that are pertinent to anyone working within the field of information security. Resources like these are akin to gold dust!

Lou_loves_to_pole ,

So many insightful, thought-provoking takeaways!

Recently rediscovered this podcast on iTunes and so have been listening and re-listening and there’s so much to take away from these conversations for us security awareness professionals! I have shared with my colleagues in security, policy and change already! Great content - thank you, Bruce and team.

David R Stranack ,

1 word := AWESOME

If you are looking for perceptive, practical and forward thinking insights into the world of information security management and 'ALL' it encompasses, then look no further than these Marmalade Box podcasts. I have been using them to obtain valuable insights whilst reading for my Information Security Masters project and they consistently prove to be invaluable. The guys at Marmalade Box go way beyond the normal realms of simple cybersecurity in organisations, as they weave together what would normally be very disparate elements of the human aspects of security and privacy to consistently deliver salient and thought provoking facts. These can be used, not only as the basis for additional research but also to obtain a better understanding of the holistic nature of culture within organisations as the human factors of information security awareness interact with each other on a daily basis. I believe its broad-minded logic like this that will allow us to design, implement and maintain successful information security programmes well into the 21st century.

Ever found yourself thinking about using comics to deliver effective security awareness campaigns or what it would be like describing what living in the air is like to a fish? I hadn’t either until I listened to these podcasts and if you want to better understand the relevance of this progressive thinking, you really need to download and listen to these podcasts ASAP, I promise you will not be disappointed.

Top Podcasts In Technology

Acquired
Ben Gilbert and David Rosenthal
Lex Fridman Podcast
Lex Fridman
All-In with Chamath, Jason, Sacks & Friedberg
All-In Podcast, LLC
Darknet Diaries
Jack Rhysider
Search Engine
PJ Vogt, Audacy, Jigsaw
The Gatekeepers
BBC Radio 4