When Risk Management and Information Security Resonate with Hearts and Minds | A Conversation with Nadine Michaelides and Julie Haney | Redefining CyberSecurity with Sean Martin

Guests: 

Nadine Michaelides, CEO / VD, Anima People

On LinkedIn | https://www.linkedin.com/in/nadinemichaelides/

Julie Haney, Computer scientist and Human-Centered Cybersecurity Program Lead, National Institute of Standards and Technology [@NISTcyber]

On LinkedIn | https://www.linkedin.com/in/julie-haney-037449119/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

View This Show's Sponsors

___________________________

Episode Notes

Imagine a world where employees aren't just potential risks, but the vanguard of cyber defense. A world where the human element, long considered the weakest link in security, becomes the cornerstone of an impenetrable digital fortress.

The latest episode of the Human Centered sub-series on the Redefining CyberSecurity podcast features a compelling discussion with Nadine Michaelides, a security and crime psychologist, researcher at University College London, speaker, and entrepreneur. Julie Haney co-hosts the episode with Sean Martin, discussing the critical role employees play in strengthening cybersecurity defenses.

Nadine Michaelides shares her insights on the shift from viewing employees as potential risks to recognizing them as essential components of a robust cybersecurity strategy. This approach emphasizes the importance of understanding the human element in security and integrating psychological principles to improve employee engagement and motivation. Unlike purely technical measures, human-centered cybersecurity focuses on fostering intrinsic motivation and creating a culture where security is an integral part of daily operations.

The conversation highlights the importance of moving beyond mere awareness campaigns. According to Michaelides, simply making employees aware of security risks is insufficient. Organizations must focus on creating intrinsic motivation, ensuring that employees understand and internalize the significance of their actions. This can be achieved through effective training, clear communication, and involving employees in security initiatives.

Michaelides also introduces the concept of human risk management, which involves assessing and addressing the psychological and behavioral factors that influence cybersecurity. She stresses the need for a multidisciplinary approach, incorporating insights from psychology, sociology, and organizational behavior to create comprehensive security strategies. This holistic approach helps organizations identify and mitigate risks more effectively, as it considers the diverse motivations and behaviors of employees.

Sean Martin raises an interesting point about how personal risk assessments can parallel organizational security measures. He suggests that just as individuals assess the risks associated with their actions and make informed decisions, organizations should empower employees to understand and manage their own cybersecurity risks. This empowerment can lead to more proactive and responsible security behaviors.

The discussion also touches on the significance of cultural factors in cybersecurity. Michaelides explains that security initiatives must resonate with the cultural values and norms of the workforce to be truly effective. This involves crea