ciso perspective

We’re taking a different approach to our chat in Episode 07 of the Re-thinking the Human Factor podcast. We know that a lot of our listeners are CISOs. And we also know that people love to hear what other people think about things. So we’ve put these two things together and invited one of our listeners, a CISO, onto the show to talk about security, awareness, behaviour and culture.

In this episode, Bruce invited Geordie Stewart, a CISO, to come on the show and share with us the key lessons he’s learned from the first three episodes of our show:

  • Episode 01 – An interview with Gregory Michaelidis, former Head Speech Writer for the Secretary of Homeland Security
  • Episode 02 – An interview with Heather Dahl and Chase Cunningham
  • Episode 03 – A conversation with John Pollack, former Speechwriter to President Bill Clinton

Geordie Stewart joins Bruce Hallas in a discussion we hope will help you synthesize the vast amount of information covered in those episodes. Geordie is a CISO who has worked at organisations like John Lewis, TUI UK & Europe and has most recently taken up residence at the UK’s largest Building Society, the Nationwide. As well as his day job he is an international speaker and keen innovator in the area of technology risk communication. His award-winning master’s thesis at the Royal Holloway Information Security Group examined information security awareness from a fresh perspective as a marketing and communications challenge. [1]

“And in a busy environment with lots of competing messages…, the challenge is, how do we make sure messages of value land in a way that somebody can use and benefit from?…because we are competing with HR, finance, and these other sources of information and guidance within companies.”

Join Geordie and Bruce as they give you the hash on:

  • The necessity of understanding your audience and empathizing with them if you hope to effectively raise awareness, influence behaviour, and foster a culture amongst that audience
  • How a lack of feedback loops and accurate metrics has affected the speed at which the security industry has evolved in their communication and training strategies
  • The concept of the captive audience, and how having an audience built into the organizations that security professionals serve has stifled motivation to innovate and improve security awareness, behaviour, and culture communication and training
  • The role that brand plays in terms of how it influences the level of engagement you’ll get from people and whether or not people will comply with organizational policies and procedures