EPISODE 23: Awareness ≠ Behavioural Change - Rethinking Cybersecurity Training
Welcome to Compromising Positions!
The tech podcast that asks non-cybersecurity professionals what we in the industry can do to make their lives easier and help make our organisations more prepared to face ever-changing human-centric cyber threats!
This week we are joined by Bec McKeown, a chartered psychologist with extensive experience in carrying out applied research for organisations including the UK Ministry of Defence and the founder and director of Mind Science, an independent organisation that works with cybersecurity professionals
Last episode we ended by talking with Bec about how cybercriminals leverage the fight-or-flight response and get you to do things you wouldn’t normally do, like share bank details, through amygdala hijacking. Bec concluded the episode by giving us some great advice on how we can retrain ourselves NOT to be so reactive and hopefully, stop ourselves from doing something rash.
In this episode, Awareness ≠ Behavioural Change - Rethinking Cybersecurity Training, we’re going to build upon what Bec discussed last week, a cyber psychology 101 if you will, and see how we practically apply key psychological concepts like cognitive agility, convergent and divergent thinking and meta-cognitive skills to things like tabletop exercises and security awareness training.
Key Takeaways:
Embrace Cognitive Agility: The world is too complex for a one-size-fits-all approach. Learn when to adapt and think critically in the face of unexpected situations.
Awareness does not equal change in behaviour: One size doesn't fit all, and quantitative is usually valued over qualitative, which needs to change.
Leverage Divergent and Convergent Thinking: Don't just train for specific scenarios. Develop the flexibility to both explore diverse solutions and converge on the best course of action when the time comes.
Build Diverse Teams: Groupthink can be your worst enemy in a crisis. Foster diverse perspectives within your team to avoid this critical blindspot.
Make Reflective Learning a Priority: Learn from every experience, good or bad. Debrief after incidents and ask: What went well? What didn't? How can we improve?
Focus on Impact Skills, Not Just Technical Knowledge: Decision-making, communication, and collaboration are the foundational skills needed to navigate complex cyber threats.
Links to everything we discussed in this episode can be found in the show notes and if you liked the show, please do leave us a review.
Follow us on all good podcasting platforms and via our YouTube channel, and don't forget to share on LinkedIn and in your teams.
It really helps us spread the word and get high-quality guests, on future episodes.
We hope you enjoyed this episode - See you next time, keep secure, and don’t forget to ask yourself, ‘Am I the compromising position here?’
Keywords: cybersecurity, training, incident response, crisis management, soft skills, impact skills, cognitive agility, reflective learning, diverse teams, behavioural change, measurement, human element
Show Notes
Christian Hunt’s episode - Compromising Positions
Kirkpatrick Model - Mind Tools
Copywrite movies. Privacy is a Crime Video
The software Lianne used on her tabletop exercise to get anonymous responses: Mentimeter and Slido
About Bec McKeown
Bec McKeown CPsychol is the Founder and Director of Mind Science, an independent organisation that works with cyber security professionals. She helps businesses to advance the human aspect of system resilience, so a collaborative culture of innovative thinking and an agile threat response becomes the norm.
As a Chartered Psychologist with extensive experience of carrying out applied research for organisations including the UK Ministry of Defence, Bec has gained a unique perspective on the ways humans react in times of crisis. She works at both operational and strategic levels, with a focus on situational awareness, decision-making and problem-solving in complex environments.
LINKS FOR Bec McKeown
Bec’s LinkedIn