Calling Users Stupid episode artwork

EPISODE · Sep 17, 2020 · 27 MIN

Calling Users Stupid

from Defense in Depth

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-calling-users-stupid/) Many cybersecurity professionals use derogatory terms towards their users, like calling them "dumb" because they fell for a phish or some type of online scam. It can be detrimental, even behind their back, and it doesn't foster a stronger security culture. Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our guest Dustin Wilcox, CISO, Anthem. Thanks to our sponsor, Hunters. Attackers always find new ways to bypass organizational defenses. While their traces hide in the data, they're also extremely difficult to detect. Hunters.AI is a context-fueled XDR solution that harnesses top-tier threat hunting expertise and ML to autonomously detect, investigate and correlate attack findings across cloud, network, and endpoint. On this episode of Defense in Depth, you'll learn: Security people have notoriously had a "better than them" attitude towards their users who they view as the ones causing all the problems and making their lives more difficult. Calling users stupid for making a "mistake of effort" even if it's behind their back does not foster a bond with the security team. It fosters the us vs. them attitude. Security professionals will have a lot more success if they understand why users do the things they do. Once there is that understanding, then cybersecurity will better be able to design systems that accommodate users. About a third of your users confidently believe they're following the right cybersecurity procedures. That discrepancy is not the fault of the users, it's the fault of cybersecurity's education of users. Security can always be more effective in offering up the right tools and the correct education. Security awareness must begin with good service and process design. Phishing tests are pointless to determine security effectiveness. That's because no matter how low your click rates go, someone can always create a more creative test that will send them soaring back up again. If your defense in depth strategy is so poorly designed that your company can be compromised by the simple click of a phish, then you've got a poorly configured security stack. Security professionals' jobs exist because of their users. If there was no organization and users, then there would be no need for security professionals. Quoting Albert Einstein: "If you judge a fish by his ability to climb a tree, he will live his whole life thinking he is stupid." Look at user mistakes as an education moment, not an opportunity to put them down. If you educate them, they'll go onto educate others as well. Mistakes can actually be very beneficial.

NOW PLAYING

Calling Users Stupid

0:00 27:27

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

MG Show MG Show The MG Show, hosted by Jeffrey Pedersen and Shannon Townsend, is a leading alternative media platform dedicated to uncovering the truth behind today’s most pressing political issues. Launched in 2019, the show has grown exponentially, offering unfiltered insights, comprehensive research, and real-time analysis. With a commitment to independent journalism and factual integrity, the MG Show empowers its audience with knowledge and encourages active participation in the political discourse. Eat to Live Jenna Fuhrman, Dr. Fuhrman Our health is our most precious gift and smart nutrition can change your life. Each month, join Dr. Fuhrman and his daughter, Jenna Fuhrman as they discuss important topics in the world of nutrition. Eat to Live will change the way you eat and think about food. French Your Way Jessica: Native French teacher founder of French Your Way Boost your French listening skills and test your comprehension with this one of a kind series of podcasts. Get the chance to listen to a real conversation between native speakers talking at normal speed AND customise your learning experience through carefully designed sets of questions (2 levels of difficulty) available for download at www.frenchvoicespodcast.com. All interviews also come with the transcript. French teacher Jessica interviews native speakers of French from around the world who share a bit of their life and passion. Where else would you meet in one same place a French yoga teacher based in Melbourne, a soap manufacturer from Provence, or a couple cycling around the world? XXX Tech by SOVRYN Dr. Brian Sovryn The crossroads between technology, sensuality, and metaphysics - and the longest running anarchist podcast in the world! Brought to you by Dr. Brian Sovryn.

Frequently Asked Questions

How long is this episode of Defense in Depth?

This episode is 27 minutes long.

When was this Defense in Depth episode published?

This episode was published on September 17, 2020.

What is this episode about?

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-calling-users-stupid/) Many cybersecurity professionals use derogatory terms towards their users, like calling them "dumb" because they fell...

Can I download this Defense in Depth episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!