Episode Details

Guest: Julie Haney, Computer scientist and Human-Centered Cybersecurity Program Lead at National Institute of Standards and Technology [@NISTcyber]

On Linkedin | https://www.linkedin.com/in/julie-haney-037449119/

On Twitter | https://x.com/jmhaney8?s=21&t=f6qJjVoRYdIJhkm3pOngHQ

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

Imperva | https://itspm.ag/imperva277117988

Pentera | https://itspm.ag/penteri67a

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity podcast, host Sean Martin engages in an insightful conversation with Julie Haney, the leader of the human-centered cybersecurity program at NIST. The discussion revolves around the challenges organizations face in implementing security awareness and other information security training programs, products, and operations.

During the conversation, Julie introduces the NIST phish scale, a tool that helps training coordinators contextualize phishing click rates. It considers user context and alignment with individual roles, allowing organizations to tailor their phishing simulation exercises to engage employees effectively. This approach goes beyond numbers and focuses on the human factor in cybersecurity.

Sean and Julie discuss the various challenges organizations encounter when implementing security awareness programs. These challenges include obtaining leadership support, allocating sufficient resources, and finding engaging approaches for a diverse workforce. They emphasize the importance of collecting user-generated security incidents and gathering feedback to identify areas for improvement and enhance awareness programs.

Throughout the conversation, Sean and Julie highlight the significance of understanding and addressing human factors in cybersecurity. They stress that effective security awareness and training programs should go beyond compliance and consider the individual's mindset, attitudes, and behaviors. Additionally, they discuss the lack of effective metrics to measure program success and impact, emphasizing the need for organizations to gather data and feedback to continuously improve their programs.

Overall, this episode offers practical insights and advice for organizations seeking to enhance their security awareness and training initiatives. It emphasizes the importance of a human-centric approach and provides valuable tools, such as the NIST phish scale, to help organizations tailor their programs to engage employees effectively.

So, tune in to this episode as Sean and Julie take a journey into the challenges and solutions surrounding security awareness in the ever-evolving world of cybersecurity.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺

Listen Now