Send us Fan Mail You can’t just “train harder” to mitigate human risk. We sit down with Ashley Rose, CEO and co-founder of Living Security, to unpack why classic security awareness training (SAT) often produces neat dashboards with flimsy outcomes, and what it takes to build a security culture that people actually engage with. Ashley shares her non-traditional path into cybersecurity, how marketing principles map nicely to behavior change, and why the security team has to become approachable if we want employees to ask questions, report issues, and stop working around controls. We trace Living Security’s early days running security escape rooms, then zoom out to the bigger shift: human risk management (HRM) as a true risk management function. That means moving beyond completion rates and phishing simulations to quantify likelihood and impact using real signals across behavior, threat, and identity. We get specific about what that looks like in practice: endpoint compliance, MFA adoption, password hygiene, dark web credential exposure, privilege levels, and blast radius. The payoff is prioritization and focus, including the uncomfortable reality that a small percentage of users can drive a majority of measurable risk. We also dig into the hard parts that make or break programs: integrating data in messy enterprises, avoiding noisy alert floods, and operationalizing outcomes through automation and adaptive controls. One of the most practical takeaways is simple but sharp: make the secure path the easiest one to follow. When people repeat risky actions, it often signals friction and broken business processes, not “bad users.” We close by looking ahead to a hybrid workforce where humans and AI agents share access, shifting the workforce attack surface again. If you’re a CISO, security leader, or practitioner trying to prove ROI, reduce phishing and insider risk, and modernize security awareness into measurable human risk management, hit play. Subscribe, share with a teammate, and leave a review, then tell us: what’s the most broken workflow in your organization that security should fix first? 🔗 Connect with Us & Get in Touch Tune in to Simplifying Cyber wherever you get your podcasts, or watch exclusive video content right here on the channel. Subscribe for hot takes on emerging technologies, tips and tricks for everyone looking to stay secure, and in-depth conversations about complex cybersecurity topics. No gatekeeping and no BS. We’re here to simplify. Official Website: www.revealrisk.com LinkedIn: https://www.linkedin.com/company/reveal-risk 🤘 Stay Secure with Us If this content helped you understand cybersecurity better, please give it a thumbs up, subscribe to our channel for more expert insights, and hit the notification bell so you don't miss our latest updates. Reveal Risk delivers cybersecurity results, not just reports.
