Posts Tagged ‘Human Risk’
Awareness Is The Outcome
Awareness is treated like a task to be completed, measured, and filed away. But real awareness doesn’t arrive on a schedule or live inside a dashboard. It shows up later, under pressure, as recognition, hesitation, judgement. And if it’s not there when it matters, the work never really happened. We keep saying “awareness” as if…
Read MoreAttendance Doesn’t Equal Engagement
If someone can attend your training without thinking, feeling, or changing how they behave, engagement never happened. This is about the difference… and why it matters more than completion rates ever will. Cyber teams love the word engagement. It sounds warm. Reassuring. Progressive. But nine times out of ten, what they are really measuring is…
Read MoreAttention Seeking B*tch
Why being an attention-seeker makes me better at producing outstanding cyber security training. Let’s get the title out the way first. I’ve been called an attention-seeker most of my adult life. Sometimes it’s affectionate. Sometimes it’s a joke. Sometimes it’s said with the full intent of landing as an insult and staying there. I’ve never…
Read MoreWe Don’t Protect Ideas. We Apply Pressure.
Most organisations talk about innovation like it’s a badge you earn once and pin to your chest forever. We’ve learned the harder, more honest truth. Innovation doesn’t survive on intention. It survives on challenge. That belief shaped how we build our board and why we built it to push back, not clap along. Most companies…
Read MoreTwo Tribes, One Fire
A long simmering tension exists between Security Awareness and Business Resilience. When the two finally work as one, prevention strengthens recovery and recovery strengthens behaviour. This is where modern cyber culture grows up. Behaviour ● Culture ● Human Risk If you’ve ever sat in a meeting where Security Awareness and Business Resilience glare at each…
Read MoreWhen Learning Becomes Real
There’s a particular kind of madness in the corporate world where we ask people to defend their company from sophisticated cyber criminals, then hand them a slide deck with clipart padlocks and a three-question quiz at the end. It’s the equivalent of teaching someone to defuse a bomb by reading aloud from a manual. And…
Read MoreThe Myth of “Not My Job”
The strange thing about security rhetoric is how quickly it slides into fantasy. A few LinkedIn posts, a handful of panel quotes, and suddenly we’re entertaining the idea that security is not everyone’s problem, that it belongs to the blessed few sitting somewhere between IT, compliance, and a metaphorical fucking fire exit. It’s a seductive…
Read MoreDon’t teach me anything.
John Oliver was joking when he barked that line at Edward Snowden. Yet it might as well be every employee staring down another mandatory cyber module. Beneath the comedy is a truth most organisations refuse to face. People do not reject cyber security because they are stupid. They reject it because the learning experience reeks…
Read More