Why security teams need an empathy filter

Everyone who works in cybersecurity needs this reminder from time to time: people who are not in this space aren’t obsessed with the latest attacks and their impact. They probably don’t care at all because they already have other difficult projects they’re working on or personal issues that stretch them thin. Any security team that wants to be effective and make a difference needs to keep this idea at the top of their mind when rolling out an awareness campaign or sending out an email.Overly technical and dramatic messages about trending or successful attacks fly right by busy ears. So what’s the solution?Creating simple messages that resonate with people in their context. This is a practical way of using empathy to create true resonance, but it’s often difficult to accomplish without help. That’s why a non-IT specialist with communication expertize can act as an empathy filter for the security team when bringing them on board. My guest today, Lance Spitzner, Director of Security Awareness at the SANS Institute and founder of the Honeynet Project, coined that term (“empathy filter”) as we were recording.His over 20 years of security experience in cyberthreat research, security architecture, and awareness training really shine in this episode, creating momentum and motivation for change. Lance has published three security books, consulted in over 25 countries, and helped over 350 organizations build awareness programs to manage their human risk. He remains hands on, dedicated, and an energetic vector for the cybersecurity community.In this Cyber Empathy episode, Lance explains why simplifying security is the best approach to protecting cybercriminals’ favorite target: people. He also shares examples of how to do this in practice and who to ask for help to achieve this. What’s more, this episode helps you find out how to determine if the security team is empathetic.In this episode, you will learn:Why simplifying security is the best approach to secure people (02:24)Why security teams need an “empathy filter” and who can play that role (10:20)The importance of having an empathetic security team (18:13)Lance shares an empathetic security approach success story (30:00)Resources: Lance’s booksThe ADKAR ModelLance Spitzner and Carolyn Crandall at RSAC 2019Lance Spitzner - Securing the Human BeingThe Honeynet ProjectDaniel Kahneman booksCass R. Sunstein booksRobert B. Cialdini booksConnect with Lance:WebsiteLinkedInTwitterLet’s connect!WebsiteLinkedInTwitter