263: Security Education, Awareness, Behavior, and Culture with Kat Sweet
Description
02:01 - Kat’s Superpower: Terrible Puns!
- Puns & ADHD; Divergent Thinking
- Punching Down
- Idioms
08:07 - Security Awareness Education & Accessibility
- Phishing
- Unconscious Bias Training That Works
- Psychological Safety
- Management Theory of Frederick Taylor
- Building a Security Culture For Oh Sh*t Moments | Human Layer Security Summit
- Decision Fatigue
20:58 - Making the Safe Thing Easy
- (in)Secure Development - Why some product teams are great and others aren’t…
- The Swiss Cheese Model of Error Prevention
22:43 - Awareness; Security Motivation; Behavior and Culture (ABC)
33:34 - Dietary Accessibility; Harm Reduction and Threat Monitoring
- Celiac Disease
- A Beginner’s Guide to a Low FODMAP Diet
- Casin
- DisInfoSec 2021: Kat Sweet - Dietary Accessibility in Tech Workplaces
Reflections:
John: Internal teams relating to other internal teams as a marketing issue.
Casey: Phishing emails cause harm.
Kat: AIDA: Awareness, Interest, Desire, Action
Unconscious Bias Training That Works
The Responsible Communication Style Guide
This episode was brought to you by @therubyrep of DevReps, LLC. To pledge your support and to join our awesome Slack community, visit patreon.com/greaterthancode
To make a one-time donation so that we can continue to bring you more content and transcripts like this, please do so at paypal.me/devreps. You will also get an invitation to our Slack community this way as well.
Transcript:
PRE-ROLL: Software is broken, but it can be fixed. Test Double’s superpower is improving how the world builds software by building both great software and great teams. And you can help! Test Double is hiring empathetic senior software engineers and DevOps engineers. We work in Ruby, JavaScript, Elixir and a lot more. Test Double trusts developers with autonomy and flexibility at a remote, 100% employee-owned software consulting agency. Looking for more challenges? Enjoy lots of variety while working with the best teams in tech as a developer consultant at Test Double. Find out more and check out remote openings at link.testdouble.com/greater. That’s link.testdouble.com/greater.
JOHN: Welcome to Episode 263 of Greater Than Code. I'm John Sawers and I'm here with Casey Watts.
CASEY: Hi, I'm Casey! And we're both here with our guest today, Kat Sweet.
Hi, Kat.
KAT: Hi, John! Hi, Casey!
CASEY: Well, Kat Sweet is a security professional who specializes in security education and engagement. She currently works at HubSpot building out their employee security awareness program, and is also active in their disability ERG, Employee Resource Group. Since 2017, she has served on the staff of the security conference BSides Las Vegas, co-leading their lockpick village. Her other superpower is terrible puns, or, if they're printed on paper—she gave me this one—tearable puns.
[laughter]
KAT: Like written paper.
CASEY: Anyway. Welcome, Kat. So glad to have you.
KAT: Thanks! I'm happy to be here.
CASEY: Let's kick it off with our question. What is your superpower and how did you acquire it?
KAT: [chuckles] Well, as I was saying to both of y’all before this show started, I was thinking I'm going to do a really serious skillful superpower that makes me sound smart because that's what a lot of other people did in theirs. I don't know, something like I'm a connector, or I am good at crosspollination. Then I realized no, [chuckles] like it, or not, terrible puns are my actual superpower.
[laughter]
Might as well just embrace it.
I think as far as where I acquired it, probably a mix of forces. Having a dad who was the king of dad puns certainly helped and actually, my dad's whole extended family is really into terrible puns as well. We have biweekly Zoom calls and they just turn into everyone telling bad jokes sometimes.
[laughter]
But I think it also probably helps that, I don't know, having ADHD, my brain hops around a lot and so, sometimes makes connections in weird places. Sometimes that happens with language and there were probably also some amount of influences just growing up, I don't know, listening to Weird Al, gets puns in his parodies. Oh, and Carlos from The Magic School Bus.
CASEY: Mm hmm. Role models. I agree. Me too.
[laughter]
KAT: Indeed. So now I'm a pundit.
CASEY: I got a pun counter going in my head. It just went ding!
KAT: Ding!
[laughter]
CASEY: I never got – [overtalk]
KAT: They've only gotten worse during the pandemic.
CASEY: Oh! Ding!
[laughter]
Maybe we'll keep it up. We'll see.
I never thought of the overlap of puns and ADHD. I wonder if there's any study showing if it does correlate. It sounds right. It sounds right to me.
KAT: Yeah, that sounds like a thing. I have absolutely no idea, but I don't know, something to do with divergent thinking.
CASEY: Yeah.
JOHN: Yeah. I’m on board with that.
CASEY: Sometimes I hang out in the channels on Slack that are like #puns, or #dadjokes. Are you in any of those? What's the first one that comes to mind for you, your pun community online?
KAT: Oh yeah. So actually at work, I joined my current role in August and during the first week, aside from my regular team channels, I had three orders of business. I found the queer ERG Slack channel, I found the disability ERG Slack channel, and I found the dad jokes channel.
[laughter]
That was a couple of jobs ago when I worked at Duo Security. I've been told that some of them who are still there are still talking about my puns because we would get [laughs] pretty bad pun threads going in the Slack channels there.
CASEY: What a good reputation.
KAT: Good, bad, whatever. [laughs]
CASEY: Yeah.
KAT: I don't know. Decent as a form of humor that's safe for work goes, too because it's generally hard to, I guess, punch down with them other than the fact that everyone's getting punched with a really bad pun, but they're generally an equalizing force. [chuckles]
CASEY: Yeah. I love that concept. Can you explain to our listeners, punching down?
KAT: So this is now the Great British Bake Off and we're talking about bread. No, just kidding.
[laughter]
No, I think in humor a lot of times, sometimes people talk about punching up versus punching down in terms of who is actually in on the joke. When you're trying to be funny, are you poking fun at people who are more marginalized than you, or are you poking at the people with a ton of privilege? And I know it's not always an even concept because obviously, intersectionality is a thing and it's not just a – privilege isn't a linear thing. But generally, what comes to mind a lot is, I don't know, white comedians making fun of how Black people talk, or men comedians making rape jokes at women's expense, or something like that. Like who's actually being punched? [chuckles]
CASEY: Yeah.
KAT: Obviously, ideally, you don't want to punch anyone, but that whole concept of where's the humor directed and is it contributing to marginalization?
CASEY: Right, right. And I guess puns aren't really punching at all.
KAT: Yeah.
CASEY: Ding!
KAT: Ding! There goes the pun counter.
Yeah, the only thing I have to mindful of, too is not over relying on t