Compromising Positions - A Cyber Security Podcast

This Episode we are joined by Michael Walford-Williams, a consultant specialising in operational resilience and third-party risk management. His consultancy Westbourne Consultancy Limited sees him working for various clients providing risk management services for the financial service industry.In this episode, we look at how risk appetite evolves over time, the power of red teaming, how to empower everyone to care about risk and ask the question: ‘Is your risk management toast?’Key Takeaways:Risk Appetite is a Moving Target: Just because a threat hasn't hit you yet, doesn't mean it won't. Learn how to adapt your risk management strategy to evolving threats.Testing Makes Perfect (or at Least More Prepared): Don't wait for a real attack to expose your weaknesses. Simulated attacks like phishing campaigns and red teaming can expose vulnerabilities before they're exploited.From Paper to Reality: Testing cybersecurity resilience shouldn't just be best endeavours on a piece of paper (business continuity documentation).Better Red than Bread! Red Teaming Unleashed: Testing, from phishing simulations to physical assessments, to full-blown-red-teaming activities all play a pivotal role in empowering employees and increasing organisational vigilance. And remember, it’s not about pointing fingers—it’s about empowerment.Risk Ownership: Risk isn’t just IT’s problem. It’s everybody’s job. From the boardroom to the frontlines, we’re all in this together. We will show you how to redefine risk ownership.Links to everything we discussed in this episode can be found in the show notes and if you liked the show, please do leave us a review.Follow us on all good podcasting platforms and via our YouTube channel, and don't forget to share on LinkedIn and in your teams.It really helps us spread the word and get high-quality guests, on future episodes. We hope you enjoyed this episode - See you next time, keep secure, and don’t forget to ask yourself, ‘Am I the compromising position here?’ Keywords: cybersecurity, risk, resilience, red teaming, risk appetite, RACI, AISHOW NOTES‘Biggest cyber risk is complacency, not hackers’ - UK Information Commissioner issues warning as construction company fined £4.4 million. ICOThe Tipping Point: How Little Things Can Make a Big Difference by Malcolm GladwellABOUT MICHAEL WALFORD-WILLIAMSMichael Walford-Williams is a consultant specialising in operational resilience and third-party risk management. His consultancy Westbourne Consultancy Limited sees him working for various clients providing risk management services for the financial service industry.LINKS FOR MICHAEL WALFORD-WILLIAMSMichael’s LinkedInMichael’s Website

This Episode we are joined by John Sills, managing partner at customer-led growth company, The Foundation and author of the book ‘The Human Experience’ John joined us last week and shared with us fantastic tales of his time working for a major bank and how the IT team decided to rollout a new cybersecurity control without talking to the customers insights team - spoiler alert, didn’t end well - do go back and listen if you haven’t already! This week we continue the conversation from last week as John guides us on how to design for positive intent to build trust, how to lean into inconvenient truths around the data you source from feedback, and why you should treat people how you’d like to be treated, but instead, treat every customer like they are your gran.  SHOW NOTESChristian Hunt’s episode on Compromising PositionsRory Sutherland on ‘Minority Rule’ as featured on The Human Risk PodcastThe real dangers of being left handedJohn talked about crash test dummies being based on men, likely taken from the brilliant book Invisible Woman: Exposing Data Bias in a World Designed For Men by Caroline Criado PerezNational Customer Rage SurveyABOUT JOHN SILLSJohn Sills is Managing Partner at the customer-led growth company, The Foundation.He started his career 25 years ago, on a market stall in Essex, and since then has worked in and with companies around the world to make things better for customers.He’s been in front-line teams delivering the experience, innovation teams designing the propositions, and global HQ teams creating the strategy. He's been a bank manager during the financial crisis (not fun), launched a mobile app to millions of people (very fun), and regularly visits strangers’ houses to ask very personal questions (incredible fun).He now works with companies across industries and around the world, and before joining The Foundation spent twelve years at HSBC, latterly as Head of Customer Innovation.His first book on the topic - The Human Experience - was published by Bloomsbury in February 2023, and he's pretty much everywhere you look online.LINKS FOR JOHN SILLSJohn’s Book The Human ExperienceJohn’s NewsletterJohn’s InstagramJohn’s TwitterJohn’s LinkedInThe Foundation

Welcome to Compromising Positions!The award-winning tech podcast that asks non-cybersecurity professionals what we in the industry can do to make their lives easier and help make our organisations more prepared to face ever-changing human-centric cyber threats! This Episode we are joined by John Sills, managing partner at customer-led growth company, The Foundation and author of the book ‘The Human Experience’ In cybersecurity we have many customers, our external customers who engage with the products of services our organisations provide and our internal customers, our colleagues. But how many of us can truly claim to know how to be customer-led? Well in this episode, John shares his decades of knowledge to help us really understand what people care about - especially when it comes to cybersecurity.We do a deep dive into the human cost of bad customer service, what customers really think about cybersecurity threats, how cumbersome security controls at a bank led to a chart-topping and innovative app, and if you’re a cybersecurity consultant you won’t want to skip this one because we talk about the good, the bad, and the ugly of consultancy. Key Takeaways:The Customer Disconnect: We delve into John's experience of working for a major bank who build a security product that customers hated and he demonstrates how understanding customer needs and frustrations when designing security solution is so important.The Curse of Knowledge: Security professionals often fail to consider the user's perspective. John emphasises the need to bridge this gap by starting with customer understanding.Perception of Threats: Customers often overlook potential threats, rendering multiple layers of security meaningless if they don’t resonate with the user’s sense of relevance.The Doorman Fallacy: Echoing Rory Sutherland’s insights, Sills talks about the value of the human touch in technology and services, which often gets lost in the pursuit of automation and efficiency gains.The Myth of Customer Feedback: A cautionary tale on the pitfalls of relying solely on customer feedback surveys, which can lead to a narrow understanding of customer needs and desires.SHOW NOTESJohn’s episode on Melina Palmer’s The Brainy Business PodcastPaul Bloom’s Psychology episode on Melina Palmer’s The Brainy Business PodcastA nice video on The Doorman Fallacy featuring the legendary Rory SutherlandBook recommendation - The Customer CopernicusABOUT JOHN SILLSJohn Sills is Managing Partner at the customer-led growth company, The Foundation.He started his career 25 years ago, on a market stall in Essex, and since then has worked in and with companies around the world to make things better for customers.He’s been in front-line teams delivering the experience, innovation teams designing the propositions, and global HQ teams creating the strategy. He's been a bank manager during the financial crisis (not fun), launched a mobile app to millions of people (very fun), and regularly visits strangers’ houses to ask very personal questions (incredible fun).He now works with companies across industries and around the world, and before joining The Foundation spent twelve years at HSBC, latterly as Head of Customer Innovation.His first book on the topic - The Human Experience - was published by Bloomsbury in February 2023, and he's pretty much everywhere you look online.LINKS FOR JOHN SILLSJohn’s Book The Human ExperienceJohn’s NewsletterJohn’s InstagramJohn’s TwitterJohn’s LinkedInThe Foundation

Welcome to Compromising Positions!The tech podcast that asks non-cybersecurity professionals what we in the industry can do to make their lives easier and help make our organisations more prepared to face ever-changing human-centric cyber threats! For the longest time podcast host, Lianne Potter has been saying: “Cybersecurity has a PR problem!” So what better way of tackling this problem than to get on the show an actual PR and marketing expert?This week we are joined by Sarah Evans, the head of digital PR at Energy PR. Sarah has over 12 years of experience in SEO, digital PR, digital marketing, content and social media.In this episode ‘Can Cybersecurity Overcome its PR Problem? Building Your Brand and Social Capital’ - we’re going to learn how to target our cybersecurity message for maximum effect, how to rebuild your team's image, learn what marketing and PR really think about cybersecurity, and learn how to be prepared during a public cybersecurity incident with a 101 on crisis comms.We will also shed off our desire to the the hero in the story and transition in a more useful role, that of cybersecurity sage as we deep dive into brand personas! SHOW NOTESABOUT SARAH EVANSSarah Evans has over 12 years of experience in SEO, digital PR, digital marketing, content, social. Currently working as a digital PR specialist, she’s worked on audience profiling, insights, comms and campaigns for a broad mix of B2B and B2C brands including Gousto, Rowse, AXA and Goodyear. She puts her curiosity for data and creativity at the heart of her team and has spoken at events for PR Moment and Google on SEO, content and attribution. She loves data, tea and punsLINKS FOR SARAH EVANSEnergy PR’s websiteSarah’s LinkedIn

Welcome to Compromising Positions!The tech podcast that asks non-cybersecurity professionals what we in the industry can do to make their lives easier and help make our organisations more prepared to face ever-changing human-centric cyber threats! This week we are joined by James Charlesworth, a seasoned Director of Engineering at Pendo with 15 years of experience in software engineering. James is also the creator of the Train to Code YouTube channel, where he shares a wealth of excellent training videos on software development.In this episode, Say Goodbye to ‘Git Blame’: Building Collaborative and Secure Software Development Lifecycles, we dive into some great topics aimed at saying goodbye to the blame game and hello to good app and product sec!James talks us through his process of building up cross-functional empathy between his engineering function and the security team; why the engineering team might not be the best team to speak to if you’ve got a lot of vulnerable code and a step-by-step guide on how he excels in delivering product security in his organisation.Key Takeaways:Empathy-Driven Collaboration: James emphasises the importance of empathy when aligning priorities across inter-departmental teams. Whether it’s engineering or cybersecurity, understanding why people request specific tasks is crucial.Shared Ownership of the Codebase: Forget the notion of “that engineer’s code.” James advocates for a hyper-collaborative approach where everyone takes responsibility for the codebase. Avoid the blame game (say goodbye to ‘Git Blame!’) and recognise that collective ownership leads to better outcomes.Coding Literacy for All: Should security professionals learn to code? Absolutely! While not everyone needs to be an expert, having a basic understanding of coding helps bridge communication gaps. It enables security teams to comprehend technical issues and collaborate effectively with developers.What is Product Security?: Product security isn’t an afterthought; it’s embedded throughout the development process. Prioritising security ensures a robust and reliable end product.Learning from Errors: James encourages learning from coding errors early in the software development lifecycle.Cowboy Coders and Robust Processes: James shares his thoughts on “cowboy coders”—those who cut corners.SHOW NOTESTrain to Code YouTube ChannelABOUT JAMES CHARLESWORTHJames is a Director of Engineering at Pendo, where he also serves as the site lead for the Sheffield office.  With 15 years of experience in software engineering, he is committed to Pendo's mission to elevate the world's experience with software. An author and public speaker, James is passionate about diversifying the tech industry and actively works to help individuals from various backgrounds enter the field of software engineering. In addition to his role at Pendo, he also organizes the Sheffield AI Meetup, further fostering a community around artificial intelligence. James is not just a lifelong computer nerd; he's a leader committed to making an impact in technology and community.LINKS FOR JAMES CHARLESWORTHJames’ websiteJames’ LinkedIn

Welcome to Compromising Positions! The tech podcast that asks non-cybersecurity professionals what we in the industry can do to make their lives easier and help make our organisations more prepared to face ever-changing human-centric cyber threats! We are joined again by Dr Bettina Palazzo a business ethics expert! She works with compliance managers to create a culture of integrity that focuses on the leadership and behavioural dimensions of compliance. In this episode, “The Dilemma Game”: Unleashing The Power of Ethics and Good Cybersecurity Through Play”, we delve into the complexities of power dynamics within organisations, exploring the efficacy of policies and the role of ethical standards in both corporate and personal settings. We question the effectiveness of merely adding regulations in response to ethical crises and stresses the importance of cultural context in shaping responsibilities towards cybersecurity. Then our discussion extends to the necessity of embracing local nuances while maintaining universal ethical standards, and the limits of systemic solutions in a diverse, evolving landscape. And finally, this episode also introduces the "dilemma game," an innovative approach to enhance understanding and application of policy texts through real-world scenarios, fostering a culture of integrity and psychological safety where open communication and trust are paramount. This thought-provoking episode is a must-listen for anyone interested in the intersection of culture, ethics, and organisational behaviour.Show NotesCyber-attacks and stock market activity By Onur Kemal Tosun‘Biggest cyber risk is complacency, not hackers’ - UK Information Commissioner issues warning as construction company fined £4.4 million. ICOHow to fuck up an airport (Podcast)On the Importance of Trial and Error with Stefan Gaillard By Christian HuntAbout dr Bettina PalazzoBettina stumbled on the topic of business ethics in the early 90s and soon found out that it is such a rich and exciting topic that she never stopped doing anything else – at least professionally. She suffered through the cumbersome but rewarding effort of getting her head around the philosophical and economical foundations of business ethics, won a prize for her PhD. thesis and rode off into the sunset to join KPMG. There she helped to build their business ethics consulting services. Tough pioneer work at that time! After a short detour into strategic management consulting, she returned to her true passion and started her own business ethics advisory in 2000. Over the years Bettina has learned that you cannot press ethics into checklists and processes and that unethical companies make unhappy people. The desire to create corporate cultures that make work fun and meaningful instead of dreadful and depressing drives everything she does.Fun facts: Bettina also has a blog about her city of the heart Rome and dances salsa. She met her husband, Guido Palazzo, on a business ethics conference and they have two almost grown sons.LINKS FOR DR Bettina PalazzoDr Palazzo’s websiteDr Palazzo’s LinkedIn

Welcome to Compromising Positions! The tech podcast that asks non-cybersecurity professionals what we in the industry can do to make their lives easier and help make our organisations more prepared to face ever-changing human-centric cyber threats! Welcome back to season 3! To kick things off we are joined by Dr Bettina Palazzo a business ethics expert! She works with compliance managers to create a culture of integrity that focuses on the leadership and behavioural dimensions of compliance. She states that unethical organisations make people unhappy - and we couldn’t agree more. So she has dedicated her life work to helping organisations create cultures that make work fun and meaningful. Ethics is such an important subject when it comes to business because poor ethical decisions can mean poor compliance, and ultimately, can lead to poor security decisions. So how do you build a culture that is comfortable with having honest conversations about ethics?Well that’s what we will explore in this episode, Rules Without Relationships Create Rebellion: Why Ethics Matter in Cybersecurity. By the end of this episode you will Learn how to create a ‘speak up’ culture so that people can raise cybersecurity concerns with you.How to build a compliance influencer programme (and no, that does not mean trips abroad at beautiful locations surrounded by policy documentation for the gram)And how the cybersecurity team can not only be ethical role models but also give people a reason to care for the big question: why we do the things we do to protect them!Key Takeaways:Speak Up Culture: Learn how to create a safe space for open communication about ethics and compliance. No more fear of reprisal!Ethical Leadership: Great leaders inspire ethical behaviour. Dr. Palazzo explains how to be that leader.Communication is Key: Don't just tell people what to do, explain the "why" behind the rules.Ditch the Shame: Falling for phishing attacks? It happens! We need to build psychological safety to discuss cybersecurity issues openly.Goodbye Curse of Knowledge: Cybersecurity isn't just for the techies. Learn how to communicate cyber dangers effectively to everyone.Links to everything we discussed in this episode can be found in the show notes and if you liked the show, please do leave us a review. Follow us on all good podcasting platforms and via our YouTube channel, and don't forget to share on LinkedIn and in your teams.It really helps us spread the word and get high-quality guests, on future episodes.  We hope you enjoyed this episode - See you next time, keep secure, and don’t forget to ask yourself, ‘Am I the compromising position here?’ Keywords: cybersecurity, compliance, leadership, psychological safetySHOW NOTESDr Palazzo’s Compliance Influencer ProgrammeOh Behave by CybsafeVote for us in the European Cybersecurity Blogger Awards!ABOUT DR BETTINA PALAZZOBettina stumbled on the topic of business ethics in the early 90s and soon found out that it is such a rich and exciting topic that she never stopped doing anything else – at least professionally. She suffered through the cumbersome but rewarding effort of getting her head around the philosophical and economical foundations of business ethics, won a prize for her PhD. thesis and rode off into the sunset to join KPMG. There she helped to build their business ethics consulting services. Tough pioneer work at that time! After a short detour into strategic management consulting, she returned to her true passion and started her own business ethics advisory in 2000. Over the years Bettina has learned that you cannot press ethics into checklists and processes and that unethical companies make unhappy people. The desire to create corporate cultures that make work fun and meaningful instead of dreadful and depressing drives everything she does.Fun facts: Bettina also has a blog about her city of the heart Rome and dances salsa. She met her husband, Guido Palazzo, on a business ethics conference and they have two almost grown sons.LINKS FOR DR BETTINA PALAZZODr Palazzo’s websiteDr Palazzo’s LinkedIn

Welcome to Compromising Positions! The tech podcast that asks non-cybersecurity professionals what we in the industry can do to make their lives easier and help make our organisations more prepared to face ever-changing human-centric cyber threats! Welcome to the grand finale of season two of ‘Compromising Positions’, where we delve into the fascinating world of AI security. In this special episode, your hosts will guide you through the labyrinth of securing AI models, one step at a time.For those who prefer a quick overview, we offer an abridged version on Apple Podcasts and Spotify. This version deep dives into two key topics: Jeff’s unique mnemonic C-PTSD for threat modeling AI systems, and an intriguing discussion on the correlation between boredom, worm-killing, and AI efficiency gains.For those who crave a deeper dive, scroll down or visit our Youtube channel for the extended cut. This version includes everything from the regular version, plus:Jeff’s academic journey in AI at the University of HullLianne’s preparation for a 100 days of Code in Python for her MSc in Data Science and AI at Leeds Trinity UniversityA critical discussion on OpenAI’s transparency and the latest AI wearable technology, along with the complexities of consent and privacy in an ‘always recorded’ lifestyleWhether you choose the regular or extended version, we appreciate your support throughout season two. Stay tuned for more enlightening discussions in season three! Thank you for being a fantastic audience.We hope you enjoyed this episode - See you next time, keep secure, and don’t forget to ask yourself, ‘Am I the compromising position here?’ Keywords: Cybersecurity, AI, Threat Modelling, MSC, Data Science, IOT, Wearables, Data SecuritySHOW NOTESJeff’s article on C-PTSDLianne’s Article The (AI) Revolution will be BORING...And that's Okay!Wearables, Shareables, Unbearable? The IOT and AI Tech Nobody Asked for But Cybersecurity Criminals Love. Future of CybersecurityMSc in Artificial Intelligence - University of HullMSc in Data Science and Artificial Intelligence - Leeds Trinity UniversityPython Crash Course by Eric MatthesCodewarsIn Praise of Boring AI by Ethan MollickSeason Two Playlist - YoutubeVote for us! European Cybersecurity Blogger Awards and The Real Cyber AwardsABOUT LIANNE POTTERAs the Head of SecOps for the largest greenfield technology transformation project in Europe, Lianne is building a leading edge security team from scratch to meet the needs of a modern retail organisation while empowering her team to think innovatively to create new standards in best practices. Lianne has delivered talks across the globe to share her vision for a new type of security function. Drawing upon her expertise as a cyber-anthropologist (through her consultancy, The Anthrosecurist), her practical experience as a security-focused software developer and as a security practitioner; Lianne combines the human and the technical aspects of security to evangelise a cultural security transformation. She is on the advisory board for a community enterprise aimed at encouraging diversity in tech, is a published author, podcast regular and Host of Cybersecurity Podcast Compromising Positions, and won Computing.com’s Security Specialist of the Year for her work on human-centric approaches to security. In 2021 she won two awards for Security Leader of the Year 2021 and Woman of the Year in the Enterprise category and in 2023 she won Cyber Personality of the Year in The Real Cyber Awards. She is doing a Masters in AI and Data Science in 2024.LINKS FOR LIANNELinkedInCompromising Positions PodcastABOUT JEFF WATKINSJeff is Chief Product and Technology Officer for xDesign. He is a lifelong technologist with nearly 25 years’ experience in the industry, first having started coding at age 6. Having worked in the Financial Services, Healthcare and Retail industries, on enterprise and national scale programmes. Over the years he has become increasingly interested in Cybersecurity and AI and how both will shape our future, both technologically and the human impact. Jeff has founded multiple CyberSecurity teams and is currently working on several new pieces around the secure development and deployment of Generative AI based solutions. He is a tech blogger, writer, podcaster and host of Compromising Positions and public speaker, having recently keynote at the Webinale international web conference in Berlin.Jeff has a Masters in Cybersecurity and will be starting his Masters in AI and Data Science in 2024.LINKS FOR JEFFLinkedinCompromising Positions Podcast

Welcome to Compromising Positions! The tech podcast that asks non-cybersecurity professionals what we in the industry can do to make their lives easier and help make our organisations more prepared to face ever-changing human-centric cyber threats! This week we are joined by Dr David Burkus, one of the world’s leading business thinkers and best-selling author of five books on the topic of business and leadership. Dr Burkus has worked with the leadership teams of some internationally known names such as PepsiCo, Adobe and NASA.In this episode, “It’s a Wonderful Hack! Building a high-performance cybersecurity team“, we discuss the three elements of the “Team Culture Triad”: common understanding, psychological safety and prosocial purpose, and how these elements are the backbone of every successful team.We delve into how interpersonal trust is a reciprocal process, that trust needs to be met with respect and an open mind, and how we can build a culture that learns from mistakes and people feel safe to challenge at all levels in the business.We also discuss how being part of a team is more like chess than checkers. We can’t treat all people like they have the same skills or ways of working, we’re a team yes, but it’s a team of individuals.And the “It’s a Wonderful Life” test. A brilliant thought experiment to show the impact of your team’s contributions, which may not always be tied to revenue.Key Takeaways:Try a Little Tenderness: Empathy is important, but it's not just about feeling someone else's pain. To truly collaborate effectively, you need to understand your teammates on a deeper level, including their unique strengths, weaknesses, and working styles. By achieving this common understanding, you can anticipate their responses and adjust your approach to optimize teamwork.Hey Boss, your Idea Sucks: When was the last time someone in your team challenged your decision? If it was a while ago, you might want to take a look if you’re building a team that fosters psychological safety. Developing Pro-Social Purpose: A team that prioritizes collective success over individual gain fosters a collaborative environment.  When team members are driven by a common purpose, they're more likely to support each other and work towards shared goals. This sense of purpose strengthens the team and empowers individuals to contribute their best work.It’s a Wonderful Life: Imagine if your cybersecurity team didn't exist.  What would the consequences be?  While this exercise helps you identify potential negative impacts, it's equally important to consider the positive contributions your team makes.Links to everything we discussed in this episode can be found in the show notes and if you liked the show, please do leave us a review. Follow us on all good podcasting platforms and via our YouTube channel, and don't forget to share on LinkedIn and in your teams.It really helps us spread the word and get high-quality guests, on future episodes.  We hope you enjoyed this episode - See you next time, keep secure, and don’t forget to ask yourself, ‘Am I the compromising position here?’ Keywords: cybersecurity, storytelling, psychology, networking, silos, purpose, psychological safety, leadershipShow NotesDr Burkus has an awe-inspiring career as an author. You can check out his books on AmazonThe importance of psychological safety by Amy EdmondsonMelina Palmer’s episodeThe Five Dysfunctions of a Team: A Leadership Fable by Patrick M. LencioniThe beautiful Hyde Park Picture House Cinema in Leeds - GO NOWGet your Die Hard Christmas Advent Calendar at ETSYVote for us! European Cybersecurity Blogger Awards About dr David BurkusOne of the world’s leading business thinkers, Dr. David Burkus’ forward-thinking ideas and bestselling books are helping leaders build their best team ever.He is the bestselling author of five books about business and leadership. His books have won multiple awards and have been translated into dozens of languages. Since 2017, Burkus has been ranked multiple times as one of the world’s top business thought leaders. His insights on leadership and teamwork have been featured in the Wall Street Journal, Harvard Business Review, USAToday, Fast Company, the Financial Times, Bloomberg BusinessWeek, CNN, the BBC, NPR, and CBS This Morning. A former business school professor, Burkus now works with leaders from organizations across all industries, including PepsiCo, Fidelity, Adobe, and NASA.LINKS FOR dr David BurkusDr Burkus’ LinkedinDr Burkus’ WebsiteDr Burkus’ TikTok (No dancing unfortunately)

Welcome to Compromising Positions! This week we are joined by Dr David Burkus, one of the world’s leading business thinkers and best-selling author of five books on the topic of business and leadership. Dr Burkus has worked with the leadership teams of some internationally known names such as PepsiCo, Adobe and NASA.In this episode, “Storytelling Superconnectors: Unleashing Purpose Beyond Metrics in Your Cybersecurity Function”, Dr Burkus challenges the concept of Dunbar’s Number as we discuss the power of human networks, and how finding the superconnectors in your organisation will help you get your cybersecurity agenda in front of the right people.Indulging in a bit of schadenfreude, Dr Burkus shows us how we can use the hacks and breaches of our competitors to demonstrate our value and purpose offering to the c-suite and he also shares his unique insights on breaking down siloes, and harnessing the power of positive engagement in the workplace.And as if that wasn’t enough (!) how to move away from just metrics to make your security function shine! If you want to change the way your organisation sees your security team, this is the episode for you! This is a two part episode (this is part one!) so don’t forget to check back in next week to hear the whole interview! Key Takeaways:Find your Superconnectors: Superconnectors are individuals who have lots of powerful connections and can help you expand your network quickly. By networking with superconnectors, you can find new opportunities and build purpose-driven teams in the cybersecurity function.Embrace the Power of Storytelling: Facts and figures are important, but stories resonate on a deeper level. Security teams can leverage storytelling to educate employees about cybersecurity threats, celebrate successes, and foster a sense of shared purpose.Break Down Silos: Challenge the stereotype of security as the "office police."  Focus on collaboration and highlight the positive contributions your team makes in protecting the organization. Aim for a 3:1 ratio of positive interactions to negative ones to build trust and rapport.Learn from Your Competitors' Misfortunes: While celebrating wins is important, so is learning from failures. Use competitor breaches as a springboard for threat intelligence exercises, demonstrating the value your team brings in proactively preventing such attacks.Links to everything we discussed in this episode can be found in the show notes and if you liked the show, please do leave us a review. Follow us on all good podcasting platforms and via our YouTube channel, and don't forget to share on LinkedIn and in your teams.It really helps us spread the word and get high-quality guests, on future episodes.  We hope you enjoyed this episode - See you next time, keep secure, and don’t forget to ask yourself, ‘Am I the compromising position here?’ Keywords: cybersecurity, storytelling, psychology, networking, silos, purposeSHOW NOTESDr Burkus has an awe-inspiring career as an author. You can check out his books on AmazonDunbar's number: Why we can only maintain 150 relationships. BBCWham, Bam, That’s a Scam Series by Atomic ShrimpsFreakonomics: A Rogue Economist Explores the Hidden Side of Everything by Steven D. Levitt and Stephen J. DubnerMGM Ransomware Attack. A write up by Bleeping ComputerNominate us in the European Cybersecurity Blogger Awards (we’re going for ‘Best Newcomer’ Google Form Here (it’s safe, promise)ABOUT DR DAVID BURKUSOne of the world’s leading business thinkers, Dr. David Burkus’ forward-thinking ideas and bestselling books are helping leaders build their best team ever.LINKS FOR DR DAVID BURKUSDr Burkus’ LinkedinDr Burkus’ WebsiteDr Burkus’ TikTok (No dancing unfortunately)

Welcome to Compromising Positions! The tech podcast that asks non-cybersecurity professionals what we in the industry can do to make their lives easier and help make our organisations more prepared to face ever-changing human-centric cyber threats! This week we are joined by Jenn Calland, a seasoned Data Analyst, Analytics Engineer, former Platform Engineer and Full Stack Developer with expertise spanning Google Cloud, Looker, BigQuery, and many other technologies.In this episode, Data, Data Everywhere, But How Do We Make It Safe to Share? We are going explore the relationship between data, cybersecurity and our personal and organisational desire for convenience which can sometimes lead to insecure and risky behaviour. Jenn warns data analysts about working under the assumption that by the time they get their hands on the data, that it’s all ‘safe and secure.’ She cautions the data team that they shouldn’t think they don’t need to be ‘secure’ because it has been taken care of either by the cloud providers, compliance or the security team themselves - but in fact, we all need to be accountable in our data/security journey. We also discussed the challenges around anonymising data and the handling of medical data, how AI is changing things and what security teams can do to make sure we collaborate with the data team in a way that works for all parties involved. Key Takeaways:Data Security is a Journey, Not a Destination: Just like data travels through a lifecycle, so too should your security measures before any data hits the databases.In Cloud we Trust?: Can we ever be certain our data is secure in the cloud? It’s crucial to scrutinize who is looking at the data and how it got there.Data Security is a Team Sport: From GDPR compliance to the psychological impact of data breaches, understand the human side of data security and why it matters to your business through communication and collaboration.Security vs Convenience: The trade-off of security for convenience is a real risk to data handling.Links to everything we discussed in this episode can be found in the show notes and if you liked the show, please do leave us a review. Follow us on all good podcasting platforms and via our YouTube channel, and don't forget to share on LinkedIn and in your teams.It really helps us spread the word and get high-quality guests, on future episodes.  We hope you enjoyed this episode - See you next time, keep secure, and don’t forget to ask yourself, ‘Am I the compromising position here?’ Keywords: cybersecurity, data, cloud security, GDPR, AI, data privacySHOW NOTESDarknet Diaries (a fantastic cybersecurity podcast) did a brilliant episode on the VTech HackLearn more about Sir Tim Berners-Lee’s data project, InruptABOUT JENN CALLANDJenn Calland is a seasoned Data Analyst, Analytics Engineer, former Platform Engineer and Full Stack Developer with expertise spanning Google Cloud, Looker, BigQuery, and many other technologies. Not only recognized for her technical acumen, Jenn is a fervent advocate for Diversity & Inclusion in tech. Her leadership and mentorship have made significant strides in promoting supportive work environments especially for Women in Tech, emphasizing the balance between career and personal responsibilities.LINKS FOR JENN CALLANDJenn’s LinkedInJenn’s X (aka Twitter) account

Last episode we ended by talking with Bec about how cybercriminals leverage the fight-or-flight response and get you to do things you wouldn’t normally do, like share bank details, through amygdala hijacking. Bec concluded the episode by giving us some great advice on how we can retrain ourselves NOT to be so reactive and hopefully, stop ourselves from doing something rash.In this episode, Awareness ≠ Behavioural Change - Rethinking Cybersecurity Training, we’re going to build upon what Bec discussed last week, a cyber psychology 101 if you will, and see how we practically apply key psychological concepts like cognitive agility, convergent and divergent thinking and meta-cognitive skills to things like tabletop exercises and security awareness training. Key Takeaways:Embrace Cognitive Agility: The world is too complex for a one-size-fits-all approach. Learn when to adapt and think critically in the face of unexpected situations.Awareness does not equal change in behaviour: One size doesn't fit all, and quantitative is usually valued over qualitative, which needs to change.Leverage Divergent and Convergent Thinking: Don't just train for specific scenarios. Develop the flexibility to both explore diverse solutions and converge on the best course of action when the time comes.Build Diverse Teams: Groupthink can be your worst enemy in a crisis. Foster diverse perspectives within your team to avoid this critical blindspot.Make Reflective Learning a Priority: Learn from every experience, good or bad. Debrief after incidents and ask: What went well? What didn't? How can we improve?Focus on Impact Skills, Not Just Technical Knowledge: Decision-making, communication, and collaboration are the foundational skills needed to navigate complex cyber threats.We hope you enjoyed this episode - See you next time, keep secure, and don’t forget to ask yourself, ‘Am I the compromising position here?’ Keywords: cybersecurity, training, incident response, crisis management, soft skills, impact skills, cognitive agility, reflective learning, diverse teams, behavioural changeSHOW NOTESFull show notes can be found here: https://www.compromisingpositions.co.uk/podcast/episode-23-awareness-does-not-equal-behavioural-change-rethinking-cybersecurity-trainingABOUT BEC MCKEOWNBec McKeown CPsychol is the Founder and Director of Mind Science, an independent organisation that works with cyber security professionals. She helps businesses to advance the human aspect of system resilience, so a collaborative culture of innovative thinking and an agile threat response becomes the norm.As a Chartered Psychologist with extensive experience of carrying out applied research for organisations including the UK Ministry of Defence, Bec has gained a unique perspective on the ways humans react in times of crisis. She works at both operational and strategic levels, with a focus on situational awareness, decision-making and problem-solving in complex environments.LINKS FOR BEC MCKEOWNBec’s LinkedInMind Science LTD

Welcome to Compromising Positions! The tech podcast that asks non-cybersecurity professionals what we in the industry can do to make their lives easier and help make our organisations more prepared to face ever-changing human-centric cyber threats! This week we are joined by Bec McKeown, a chartered psychologist with extensive experience in carrying out applied research for organisations including the UK Ministry of Defence and the founder and director of Mind Science, an independent organisation that works with cybersecurity professionalsIn this episode, Hands Off My Amygdala! The Psychology Behind Cybersecurity, we are going to hear about Bec’s varied and interesting career in advising people in highly stressful situations to be reflective and not reactive, and how they cannot only learn from their actions but become masters of them. This episode is a smorgasbord of psychological concepts that will make you think twice about how you normally run your security awareness programme and but also your tabletop exercise too. And crucially, learn why people act the way they do during an actual cybersecurity incident. Key Takeaways:The curse of knowledge: Understanding what it's like to not understand cybersecurity from a technical perspective can be an advantage in helping you communicate better. By putting yourself in the shoes of the listener, you can convey complex ideas in a way that is easy to understand and relatableZero trust: While zero trust may make sense from a technical standpoint, it can lead to frustration and workarounds when it hinders employees. Theory Y suggests that people given more agency and autonomy are likely to work well, if not harder, than when constantly surveilled.Just culture: Accepting that mistakes will be made and analysing the steps that lead to that mistake happening with a view of learning how to avoid it without blame can improve the learning culture. Most people don't come to work to be malicious, if a mistake happens it is due to other factors like stress or bad processes.Microlearning: Nobody wants to sit in training for three hours! Microlearning helps by breaking up information into bite-sized chunks that are easy to digest. It's also important to account for different learning styles and provide information in various formats.Amygdala hijacking: Cybercriminals leverage amygdala hijacking, which occurs when the amygdala activates the fight-or-flight response when there is no serious threat to a person's safety. It's essential to recognize the contextual cue that led you to act that way and develop strategies to deal with it before it happens.Links to everything we discussed in this episode can be found in the show notes and if you liked the show, please do leave us a review. Follow us on all good podcasting platforms and via our YouTube channel, and don't forget to share on LinkedIn and in your teams.It really helps us spread the word and get high-quality guests, on future episodes.  We hope you enjoyed this episode - See you next time, keep secure, and don’t forget to ask yourself, ‘Am I the compromising position here?’ Keywords: cybersecurity, curse of knowledge, covid, zero trust, psychology, reciprocity, autonomy, security awareness, military, learning styles, gamification, leader boards, crisis, tabletop exercises, amygdala hijackingSHOW NOTESImmersive LabsBec’s Article in Immersive Labs on Workforce ResiliencyChristian Hunt’s episode - Compromising PositionsArticle on Theory X and Theory Y - Mind ToolsInfluence by Robert CialdiniActionable Gamification - Yu-Kai ChouABOUT BEC MCKEOWNBec McKeown CPsychol is the Founder and Director of Mind Science, an independent organisation that works with cyber security professionals. She helps businesses to advance the human aspect of system resilience, so a collaborative culture of innovative thinking and an agile threat response becomes the norm.As a Chartered Psychologist with extensive experience of carrying out applied research for organisations including the UK Ministry of Defence, Bec has gained a unique perspective on the ways humans react in times of crisis. She works at both operational and strategic levels, with a focus on situational awareness, decision-making and problem-solving in complex environments.LINKS FOR BEC MCKEOWNBec’s LinkedInMind Science LTD

Welcome to Compromising Positions! The tech podcast that asks non-cybersecurity professionals what we in the industry can do to make their lives easier and help make our organisations more prepared to face ever-changing human-centric cyber threats! This week we are joined by Sabrina Segal, an integrity, risk, and compliance advisor, with almost 20 years of experience in the public, private, and third-sectors. In this week’s episode, Bringing the Curtain Down on Risk Theatre and Applauding objective-centred Risk Management, Sabrina shares with us, a quite frankly amazing model to work from: The OCRM, Objective-centred Risk Management. This model a great antidote to what Sabrina describes as ‘risk theatre’ which is the performance of risk governance activities, without real substance or accountability but with the dangerous consequence of making an organisation still feel like they have ‘done something’ when really it’s not worth the paper, or Excel doc, it is written on. This approach is scalable, practical, and effective, and it can help you achieve your goals while managing your risks and opportunities.Key Takeaways:Shift the Focus: Ditch the risk register and start with your objectives. What are you trying to achieve? What could stop you? This simple change aligns risk with your mission and drives informed decision-making.Price Your Risks: Don't just identify risks, quantify them. Calculate the resource and software costs associated with each. This transparency reveals your true risk appetite and exposes gaps between rhetoric and reality.Go-No-Go Decisions: OCRM empowers you to make clear, objective decisions based on risk pricing. Is the potential upside worth the cost? This eliminates wasted time and resources on low-impact risks.Psychological safety: How to create an environment where employees feel empowered to speak up and challenge the status quo, even about risks.The "halo effect": How the good work of charities and non-profits can sometimes mask poor risk management practices.Utilising External Board Members: How to ensure they have the full picture and can effectively advise on cyber risks.Links to everything we discussed in this episode can be found in the show notes and if you liked the show, please do leave us a review. Follow us on all good podcasting platforms and via our YouTube channel, and don't forget to share on LinkedIn and in your teams.It really helps us spread the word and get high-quality guests, on future episodes.  We hope you enjoyed this episode - See you next time, keep secure, and don’t forget to ask yourself, ‘Am I the compromising position here?’ Keywords: cybersecurity, risk management, objective-centred, OCRM, risk appetite, RACI, psychological safety, halo effect, board members, third sector, technical challenges.SHOW NOTESTim Leech’s LinkedIn A Post Sabrina did on Objective MappingThe Halo-effect with Isabel de Bruin Cardoso - Tolerable Risk PodcastGovernance, Strategy and Risk with Claris D’Cruz - Tolerable Risk PodcastABOUT SABRINA M. SEGALSabrina M. Segal is an integrity, risk, and compliance advisor, international development and humanitarian assistance professional, licensed US attorney, and Certified Fraud Examiner with almost 20 years of experience in the public, private, and third-sectors. Sabrina's focus is risk in the third-sector as the impact of risk management, when done poorly, can be devastating to both third-sector organizations and the beneficiaries they serve. Sabrina is an active writer on LinkedIn and hosts the Tolerable Risk podcast.LINKS FOR SABRINA M. SEGALSabrina’s LinkedInSabrina’s Podcast, Tolerable Risk

Welcome to Compromising Positions! The tech podcast that asks non-cybersecurity professionals what we in the industry can do to make their lives easier and help make our organisations more prepared to face ever-changing human-centric cyber threats! This week we are joined by Sabrina Segal, an integrity, risk, and compliance advisor, with almost 20 years of experience in the public, private, and third-sectors. In this episode, Not New, but Novel - Tackling Risk in the Third Sector, We take a look at the challenges facing the third sector when it comes to cybersecurity and technology risks. The third sector, which includes charities and non-profits, is often overlooked or underestimated when it comes to cybersecurity and risk management. But this sector faces unique challenges and opportunities that require a novel and holistic approach to risk.Sabrina has a really refreshing take on risk and we will hear how she enables her clients to get to grips with what she calls ‘tolerable risk’ and why we can’t avoid risks, but we can reframe risks to not only identify threats but also opportunities. While at the same time, making sure everyone cares about risk, not just people with ‘risk manager’ in their title! Key Takeaways:Forget Risk Appetite and Risk Matrices - Embrace ‘risk awareness’ tailored to your mission and your organisation’s objectivesIdentify Your ‘Tolerable Risk’ - Risk can’t be avoided but we can identify and work within our ‘risk tolerance’ for better informed decisionsRisk is a Two-Sided Coin - It’s not just about threats but opportunities too, and it’s much easier for people to get excited about opportunities than threats!Don’t Greenwash Those “Charity Days” - Forget painting the fence, litter picking or sorting cans, instead donate your cybersecurity expertise for maximum impactRisk Is Everyone’s Job - Ditch the ‘risk manager’ title and empower everyone to be a risk champion!Links to everything we discussed in this episode can be found in the show notes and if you liked the show, please do leave us a review. Follow us on all good podcasting platforms and via our YouTube channel, and don't forget to share on LinkedIn and in your teams.It really helps us spread the word and get high-quality guests, on future episodes.  We hope you enjoyed this episode - See you next time, keep secure, and don’t forget to ask yourself, ‘Am I the compromising position here?’ Keywords: third sector, risk management, cybersecurity, charities, non-profits, risk awareness, tolerable risk, cyber threats, data privacy, ethical considerationsJeff Watkins and Lianne Potter delivering their new talk on AI and Cybersecurity for The Future of Cybersecurity Conference [VIDEO] in Manchester 2024 - WEARABLE, SHAREABLE… UNBEARABLE? THE IOT AND AI TECH NOBODY ASKED FOR BUT CYBERCRIMINALS LOVE!Lianne Potter appearing on legendary Cybersecurity podcast Smashing Security, 358: Hong Kong hijinks, pig butchers, and poor ransomware gangsAn Article on the Cyber Risks Associated with the United Nations (UN) Sharing Biometric Refugee Data, The ConversationABOUT SABRINA M. SEGALSabrina M. Segal is an integrity, risk, and compliance advisor, international development and humanitarian assistance professional, licensed US attorney, and Certified Fraud Examiner with almost 20 years of experience in the public, private, and third-sectors. Sabrina's focus is risk in the third-sector as the impact of risk management, when done poorly, can be devastating to both third-sector organizations and the beneficiaries they serve. Sabrina is an active writer on LinkedIn and hosts the Tolerable Risk podcast.LINKS FOR SABRINA M. SEGALSabrina’s LinkedInSabrina’s Podcast, Tolerable Risk

Welcome to Compromising Positions! The tech podcast that asks non-cybersecurity professionals what we in the industry can do to make their lives easier and help make our organisations more prepared to face ever-changing human-centric cyber threats! This Episode we are joined by Amy Kouppas, a Scrum Master, D&I lead, and founder of a Women’s Health & Wellbeing group at Sky. We are talking about all things agile and scrum! Most organisations have some form of agile methodologies, and the likelihood is, yours does too but what is it? What is Kanban? What is Scrum? What does a Scrum master do and why are they always sprinting? Amy helps us answer these questions and more in this episode: Fun with Purpose - A Scrum Guide! In this Episode we cover:Scrum Master: Coach, Not Boss: Ditch the project manager stereotype. A scrum master is a facilitator, coach, and mentor, guiding the team towards self-organisation and autonomy. Their ultimate goal? To make themselves obsolete by fostering a team that thrives independently.Empowerment & Creativity: Scrum unleashes the full potential of your team. They become accountable, empowered, and free to be creative within the sprint framework. This fosters a culture of continuous improvement where everyone contributes to success.Documentation - Enough is Enough: The agile manifesto doesn't advocate for zero documentation. It emphasises "just enough" documentation. Focus on clear, concise information that supports transparency and efficient collaboration.Retrospectives with a Twist: Retrospectives are the beating heart of scrum. Make them engaging and fun with themes, games, and even time capsules. This playful approach fosters honest reflection and continuous improvement.Links to everything we discussed in this episode can be found in the show notes and if you liked the show, please do leave us a review. Follow us on all good podcasting platforms and via our YouTube channel, and don't forget to share on LinkedIn and in your teams.It really helps us spread the word and get high-quality guests, on future episodes.  We hope you enjoyed this episode - See you next time, keep secure, and don’t forget to ask yourself, ‘Am I the compromising position here?’ Show NotesThe Agile ManifestoJeff’s quote source for ‘If You’re Not Keeping Score, You’re Just Practicing’ is attributed to Chris McChesneyA Video of Lianne and Jeff’s talk on Ab(user) Stories and Ab(use) casesThe stat 1 cybersecurity professional per 100 developers can be found in Toby Irvine’s article The RatioAbout AMY KOUPPASAmy Kouppas is a Scrum Master and D&I Lead for Digital technology at Sky, with a passion for squad wellbeing. She is also a Cribologist and Founder of the Leeds Site Women's Health and Wellbeing Group. Amy's personal brand is "fun with purpose," and she aspires to be a mentor and coach to others and champion her women's wellbeing group and festival one day. In addition, she dreams of owning an animal shelter.LINKS FOR AMY KOUpPASAmy’s LinkedInKeywords: cybersecurity, scrum, agile, team management, empowerment, continuous improvement, retrospectives, collaboration, documentation

Welcome to Compromising Positions! The tech podcast that asks non-cybersecurity professionals what we in the industry can do to make their lives easier and help make our organisations more prepared to face ever-changing human-centric cyber threats! This Episode we are joined by Damjan Obal, Head of design at Ardoq, lecturer and international speaker on all things design and data. In this episode, And the Bafta for Best Cybersecurity Awareness Training Goes To…, we are looking at how we practically apply design principles to our security awareness programmes, with things like design thinking, the double diamond design method, opportunity solution trees and much much more! We also look at the dangers of gamification and how to get your bafta-winning moment when delivering your security message to the business!In this Episode we cover:Convenience vs. Security: The Eternal Battle: You’re late for a meeting, and that pesky password reset pops up. What do you do? Convenience often wins, and that’s where security takes a hit. We’ll explore shortcuts, trade-offs, and the delicate balance between ease and safety.Data Storytelling: Making Ones and Zeros Relatable: Security teams deal with mountains of data. But how do they turn it into compelling narratives? Whether it’s the sheer quantity of incidents or the relentless attacks, we’ll reveal how to tell data-driven stories that resonate.Infographics: A Picture Is Worth a Thousand Alerts: Enter the superhero of visual communication: infographics! We’ll explore how these bite-sized graphics simplify complex security concepts. From breach timelines to threat landscapes, infographics make data digestible for everyone.Tangibility in the Intangible: Making Cybersecurity Real: Cybersecurity can feel abstract, like chasing shadows. Think metaphors, analogies, and relatable scenarios. Because securing data isn’t just about 1s and 0s—it’s about protecting our digital existence.The Gamification Dilemma: Fun vs. Functionality: Gamification is all the rage, but is it always the answer? Not necessarily. Remember, not every challenge needs a leader board.Links to everything we discussed in this episode can be found in the show notes and if you liked the show, please do leave us a review. Follow us on all good podcasting platforms and via our YouTube channel, and don't forget to share on LinkedIn and in your teams.It really helps us spread the word and get high-quality guests, on future episodes.  We hope you enjoyed this episode - See you next time, keep secure, and don’t forget to ask yourself, ‘Am I the compromising position here?’ Keywords: cybersecurity, compliance, user experience, storytelling, human-computer interaction, behaviour change, security champions, accessibility, cybersecurity awareness training, behavioural change, data, design thinking, gamificationSHOW NOTESThe wonderful Bec McKeown will be joining us in a few weeks! Make sure you’re subscribed to the channel because you won’t want to miss that one!Privacy is a Crime VideoDouble Diamond Design MethodOpportunity Solution TreesActionable Gamification: Beyond Points, Badges, and Leader Boards by Yu-Kai ChouZombies Run AppABOUT DAMJAN OBALAs a Head of design at Ardoq, Damjan works with internal and external stakeholders to help asset-heavy industries understand, orchestrate, and operationalize their data. As part of the team working on data products, his research focuses on data observability and data quality.He spends days uncovering user needs and helping R&D teams turn those needs and challenges into business opportunities.Previously, he led user experience teams with Cognizant, Pexip, and Cisco, and before that managed the global UX team at Entain.LINKS FOR DAMJAN OBALArdoqDamjan’s WebsiteDamjan’s LinkedIn

Welcome to Compromising Positions! The tech podcast that asks non-cybersecurity professionals what we in the industry can do to make their lives easier and help make our organisations more prepared to face ever-changing human-centric cyber threats! This Episode we are joined by Damjan Obal, Head of design at Ardoq, lecturer and international speaker on all things design and data. In this episode, F.U.D OFF! - Cybersecurity Awareness Beyond Compliance and Boredom, we learn from Damjan about the importance of storytelling, the difference between game theory and gamification, what accessibility champions get so right that we in security get it so wrong, and how to design a security awareness programme that resonates with people and encourages empathy and behavioural change. F.U.D - Fear, uncertainty and Doubt have been a mainstay in cybersecurity messaging but is it serving us or is it just turning people off our messaging? Find in this episode if there is another way and if we should just tell F.U.D to F.U.D off for good!——————In this Episode we cover:How to use storytelling effectively: Why do we only talk about the stuff nobody cares about when we have such great stories to tell!Finding your ‘WHY’: The first steps towards making your security engagements salient, relevant and focused on the bigger pictureGame Theory vs. Gamification: How do you use either effectively to make security awareness training more interesting and relevant F.U.D Off: Why fear-mongering doesn’t work and how the odd joke might engage your audience betterLessons from the world of accessibility: Learning how the principles of good accessibility might lead to better security controls and buy-in——————Links to everything we discussed in this episode can be found in the show notes and if you liked the show, please do leave us a review. Follow us on all good podcasting platforms and via our YouTube channel, and don't forget to share on LinkedIn and in your teams.It really helps us spread the word and get high-quality guests, on future episodes.  We hope you enjoyed this episode - See you next time, keep secure, and don’t forget to ask yourself, ‘Am I the compromising position here?’ Keywords: cybersecurity, compliance, user experience, storytelling, human-computer interaction, behaviour change, security champions, accessibilityShow NotesUsing Cartoons to Teach Internet Security - Sukamol Srikwan and Markus JakobssonI couldn’t find the bank that interviewed its customers - Sorry! - If you know do tell us and we’ll update the show notes!About Damjan ObalAs a Head of design at Ardoq, Damjan works with internal and external stakeholders to help asset-heavy industries understand, orchestrate, and operationalize their data. As part of the team working on data products, his research focuses on data observability and data quality.He spends days uncovering user needs and helping R&D teams turn those needs and challenges into business opportunities.Previously, he led user experience teams with Cognizant, Pexip, and Cisco, and before that managed the global UX team at Entain.LINKS FOR Damjan ObalArdoqDamjan’s WebsiteDamjan’s LinkedIn

Welcome to Compromising Positions! The tech podcast that asks non-cybersecurity professionals what we in the industry can do to make their lives easier and help make our organisations more prepared to face ever-changing human-centric cyber threats! This Episode we are joined by James Hall, developer and Founder of Parallex, a digital consultancy that focuses on ‘building better digital experiences together’.In this episode, That’s illuminating! Protecting Aberdeen’s IOT Street Lights from Cyber attacks! James shares his experience on securing public utilities, other IOT devices, how he ‘sells’ security as a value add to his stakeholders, and if Bug Bounties are actually worth doing!—————In this Episode we cover:Agile means no documentation right? Wrong! While documentation is certainly lighter in agile teams, it doesn’t mean it is completely absent. But this lightweight style does bring its challenges and teams need to avoid keeping it all ‘in their head’ if they want security teams to understand what they are building and the security challenges that may come with that. James tells us about the danger of assuming prior knowledge and gives advice on how to test your documentation by giving it to the most junior member of the team and seeing if they can follow it. But while documentation is important we need to remember that…Shared documentation is not the same as shared knowledge. It is not enough to ensure that everyone on the team is aware of the security requirements. It is important to have open communication channels and encourage team members to ask questions and share their knowledge.Paired programming would help fill in the blind spots of any security issues there might be. It is important to acknowledge that there are things that we don’t know as developers and paired programming with a member of the security team can help fill in these gaps. By working together, team members can share their knowledge and learn from each other.Securing IOT devices is challenging because hardware manufacturers don’t have an incentive to make their products secure. This is a major challenge in securing IoT devices, and it is important to be aware of this when designing solutions that rely on IOT devices.Bringing risk to life is important otherwise people will ignore it. It is important to communicate the risks associated with cyber-attacks in a way that is easy to understand. —————Links to everything we discussed in this episode can be found in the show notes and if you liked the show, please do leave us a review. Follow us on all good podcasting platforms and via our YouTube channel, and don't forget to share on LinkedIn and in your teams.It really helps us spread the word and get high-quality guests, on future episodes.  We hope you enjoyed this episode - See you next time, keep secure, and don’t forget to ask yourself, ‘Am I the compromising position here?’ Visit www.compromisingpositions.co.uk for full show notes

Welcome to Compromising Positions! The tech podcast that asks non-cybersecurity professionals what we in the industry can do to make their lives easier and help make our organisations more prepared to face ever-changing human-centric cyber threats! Today we are joined by Paula Cizek, Chief Research Officer at Nobl, where she guides leaders and teams through the change management process, from assessing the organization’s readiness for change to implementing initiatives. In this episode, we explore the fascinating topic of Corporate Change and how its lessons can be applied to cybersecurity.In the vast ocean of the corporate world, change is as constant as the tides. It can be exhilarating for some and daunting for others. As leaders, we often stand at the helm, eager to navigate new courses. Yet, we must remember, that not all aboard share the same vision or enthusiasm for these uncharted waters.Why is it scary for many? How do leaders balance the excitement of innovation with the practicalities and emotions of their teams? We’ll explore the dichotomy of change - the loss and the gain, the risk and the reward.We'll unpack the layers of change management, from the first ripples of a new idea within the executive team to the waves it creates throughout an organization. How do we bring everyone on deck, giving them the time to adjust their sails and embrace the journey?We'll also navigate the treacherous waters of resistance. Not every objection is an excuse, and sometimes, they signal hidden icebergs. How do we, as leaders, distinguish between the two?So, tighten your lifejackets and get ready to dive into the deep end of transformation. In this episode “Shift Happens: The Art of Navigating the Seas of Cyber Change”.————In this Episode we cover:Why there’s such a gap between the exec team and boots on the ground when it comes to accepting and being excited by changeThe difference between “Fail Safe” and “Safe to Fail” changes and projectsWhy we should Start with the SkateboardThat not every objection to change is an excuseHow to communicate change effectivelyBeing comfortable with being uncomfortable when it comes to negotiationWhy Risk and Uncertainty are different beasts——————Links to everything we discussed in this episode can be found in the show notes and if you liked the show, please do leave us a review. Follow us on all good podcasting platforms and via our YouTube channel, and don't forget to share on LinkedIn and in your teams.It really helps us spread the word and get high-quality guests, on future episodes.  We hope you enjoyed this episode - See you next time, keep secure, and don’t forget to ask yourself, ‘Am I the compromising position here?’ Keywords: Cybersecurity, Cyber threats, Change management, Organisational, transformation, Risk management, Innovation, and LeadershipSHOW NOTESFind them here ABOUT PAULA CIZEKPaula Cizek is the Chief Research Officer of NOBL, where she guides organizations through large-scale transformation. A thought leader in change management and change resistance, she specializes in translating complex concepts into simple, practical tactics that deliver immediate and meaningful change.Before joining NOBL, she was Innovation Manager at the IPG Media Lab, advising brand and media clients on emerging technology. Prior to that, she was Senior Innovation Consultant at Mandalah, where she led consumer behavior and brand strategy research for brands around the world. She's worked with a diverse roster of clients including Warner Bros., Chanel, Capital One, Bayer Pharmaceuticals, Airbnb, Chipotle, Grupo Bimbo, and more, and she's been published or quoted in publications like BrandingMag and Women's Wear Daily. She graduated from Georgetown University, majoring in Marketing and International Business.LINKS FOR Paula CizekPaula’s LinkedInNOBL