Storytelling for better cybersecurity, with Sarah Moffat
With a vast background in cybersecurity and understanding the human factor, Sarah is currently advising the Federal Government on privacy and security in Washington, D.C. She is also a leadership and development coach, using her knowledge of psychology to inspire others, tailoring specific training to meet the personal needs of her clients.
Can storytelling shape culture within the workspace towards better cybersecurity? Let’s hear what Sarah has to say on this enlightening topic.
Storytelling For Better Cybersecurity, with Sarah Moffat
JOIN SARAH MOFFAT AND BRUCE HALLAS AS THEY DISCUSS:
Navigating generational influences upon the way people pick up new technology.
- How storytelling can help instructional design.
- Millennials have a very different security culture to baby boomers.
- Creating a map as a framework to build a program to suit different attitude types. (Because realistically, what can learn from pilots and powerpoint?)
How as an industry have we seen cybersecurity education and awareness training?
- Is it a good idea to have it as a stand alone piece of training?
- Cyber security needs to become interwoven at every level of life, especially at work.
- Security as a life skill is needed for this new tech-based environment.
- How early should we all be learning cybersecurity as a culture nowadays?
- Cultures are formed through a process of experience, so are we doing a good enough job developing behaviours early enough?
The importance of identifying right action, not only as cyber security professionals, but also helping those we lead to understand easily which choices are the “right” ones
- Personal choice. How to cultivate a healthy reaction.
- Is once a year training worthwhile in a changing security landscape?
- The importance of awareness training and inspiring interest throughout the year.
Bridging the gap
- Implanting security into the overall culture of the organisation can better protect it.
- Branding strategy, touch points and brand equity are all important attributes of an effective awareness and behaviour campaign
- How bridging the gap between the CIO and the rest of an organisation boosts security awareness and engagement.
Mistakes that can happen when creating security cultures
- The percentage of people given the responsibility for security awareness within an organisation is really high but it is another hat they wear.
- Ticking boxes vs. building a new culture.
- Protecting PII should be about protecting people.
- Is security awareness a risky business?
- Personal responsibility plays a large role in adaptation of new behaviour across culture.
- Investment of time and money and/or the lack thereof, and how it influences change.
- As security professionals, we must remember that doing the same thing over and over again expecting different results is insanity.
- Capitalise on what we know drives human behaviour.
- Telling stories costs very little, so not much risk involved, and stories have been proven to change behaviours.
Storytelling For Better Cybersecurity, with Sarah Moffat
MORE ABOUT SARAH MOFFAT:
DO YOU NEED SOME HELP IMPLEMENTING THE NEW STRATEGIES YOU’RE PICKING UP? SIGN UP FOR ONE OF OUR WORKSHOPS:
Thanks for listening and sharing,
Bruce & The Re-thinking the Human Factor Podcast Team