Welcome to the third part of our AI mini-series.

In this episode, Jeff and Lianne discuss how AI is transforming the world of cybersecurity, and what you need to know to stay ahead of the curve.

They share their personal experiences with using AI tools, such as the custom GPT suite and the tool they are creating, Security Sage, to enhance their security practices and workflows.

They also explore the challenges and risks that AI poses to cybersecurity, such as phishing, vishing, OSINT, data leaks, and model inversion attacks.

They offer some practical advice on how to use AI safely and responsibly, and how to leverage it to become a better cybersecurity professional.

In this Episode we cover:

How AI is democratizing and disrupting the field of cybersecurity

How to use prompt engineering to get the best out of AI models

How to protect yourself and your organization from AI-enabled cyberattacks

How to use AI to improve your cybersecurity function and become an ally and enabler for your business

How to keep up with the latest developments and trends in AI and cybersecurity

No episode this week!

We’re back to finish off our AI mini-series on the 4th January where your hosts, Jeff Watkins and Lianne Potter discuss how they utilise AI in their work as cybersecurity and tech specialists, their own hints and tips on how to get the best out of the tool, and their predictions for AI usage within the security field in 2024.

If you’re missing your Compromising positions fix, why not visit our back catalogue of 13 fantastic episodes, or watch our festival special, The 12 Days of Breachmas for short, bursts of sweet cybersecurity content!

Links in the show notes and see you next Thursday!

As we’ve been talking to our guests this year, the topic of AI and chatgpt came up several times and It quickly became apparent that their insights deserved a standalone episode. So we’ve been snipping them out of the main episodes to bring you, in the tradition of a season-based show, a lovely clip show! You’ll hear some familiar voices from season 1 and a few that will be joining us next year for future seasons.

Enjoy five hot takes on AI from five very interesting people!

In this Episode we cover:

• In a knowledge economy, is it ethically right to pass off LLMs output as our own?

• Should we ban our employees from using tools like ChatGPT because of cybersecurity concerns?

• AI is only as good as the data is built upon - so not very good according to data analysts worried about bias!

• Will AI replace customer service reps?

• And what companies are putting AI on the risk register?

This week we are joined by Helena Hill, a seasoned UX Strategist and Consultant and AI expert with a wealth of experience spanning diverse clients, from pre-start-ups to global industry giants.

Last week Helena taught us how we in the cybersecurity team can effectively use the User experience team, and its principles to improve our security controls and create a better journey. If you’ve not listened to that episode yet, do check it out. 

This episode we’re asking Helena about her other expertise in AI and how cybersecurity teams can use tools like ChatGPT to make our lives easier

We’ll touch upon cybersecurity concerns around AI, but mostly this will be a practical episode on how to get the most out of these exciting tools.

In this Episode we cover:

• How to use LLMs to enhance the customer experience

• The Ethics of AI and Chatbots

• Malicious uses of GPTs Like FraudGPT

• How to quality check you LLM creations

• The Dangers of third-party GPT plugins

• How to create better prompts and thus get better outputs

• And how to use AI to improve efficiencies in your cybersecurity team and create better security awareness content

This week we are joined by Helena Hill, a seasoned UX Strategist and Consultant and AI expert with a wealth of experience spanning diverse clients, from pre-start-ups to global industry giants.

In this episode, we explore the fascinating topic of UX and cybersecurity.

We’re going to learn from the UX function to see how we can create a better user experience for people on their security journey, learn how to get buy-in from the business about implementing controls such as MFA, and how to ‘sell’ our security value offering as a positive user experience.

And of course, crucially, how to take those first few steps to engage with the UX team!

This is the first of our two part conversation with Helena, next week we will be talking about her other specialism in AI, which kicks off our Christmas miniseries on AI

This week our guest is Melina Palmer, a renowned keynote speaker in behavioural economics and the CEO of The Brainy Business, as well as hosting one of the best podcasts on the subject of the practical application of behavioural economics.

In this episode, we're going to discuss the art of influencing both up and down, and how to tailor your cybersecurity message to different audiences.

Melina teaches us that it's not about the cookie - that is, it's not just about the product or cybersecurity awareness and controls themselves, but it's about how we frame information and communicate change.

With her expertise in behavioural economics, Melina shows us how to make change easier, reduce decision fatigue, and increase social capital through understanding and compromise.

If you're interested in understanding the behavioural science behind cybersecurity and how we can communicate more effectively, then you're in the right place.

This week our guest is Melina Palmer, a renowned keynote speaker in behavioural economics and the CEO of The Brainy Business, as well as hosting one of the best podcasts on the subject of the practical application of behavioural economics.

In this episode, we discuss how silos and tribal mentalities occur in the workplace due to confirmation bias and how we can expand the circle of empathy to create a more cohesive team.

We'll also delve into the issue of time discounting, availability bias and optimism bias to understand why people are drawn to the easy option in the moment.

We shall explore how the cybersecurity team's curse of knowledge can be a barrier to effective communication, and the need to create easier-to-digest content that enables 'buy-in.'

If you're interested in understanding the behavioural science behind cybersecurity and how we can communicate more effectively, then you're in the right place.

This week our guest is Ray Blake. Ray is an advisor on financial crime matters and co-creator of the Dark Money Files podcast. In this episode, we explore the motivations driving individuals to commit such crimes, probing whether it's sheer greed, the allure of victimless crimes, or a complex mix of factors.

We discuss how the lack of direct interaction with victims and the personal rationalizations criminals make facilitate the perpetuation of these crimes. We also talk about the concept of corporate values and how they may not always align with individual morals, leading to a disconnect that can be exploited.

Furthermore, we look at the responsibility and moral hazard inherent in the fight against fraud, highlighting how cybersecurity often wrongfully blames the victim rather than focusing on the perpetrator.

A word of warning listeners, we do discuss the darker side of crime, including human trafficking which some of our listeners may find upsetting. If this isn’t for you, feel free to skip this one and we’ll see you next week.

This week we have a very special guest, Reema Vadoliya. Reema is the passionate business founder of data consultancy, People of Data, a gifted storyteller, and a professional problem-solver.

In this episode, Reema shares her insights on how to collaborate more effectively between cybersecurity and data professionals. She emphasizes the importance of empathetic communication, how sometimes quantifying risks is about gut feeling, not just metrics…

We look at how we can use data-driven storytelling to engage and educate people about cybersecurity, including how to make our phishing simulation stats not only more interesting to non-cybersecurity people but also how to make it actually drive meaningful behavioural changes.

Welcome to part two of our enlightening discussion with Matt Ballentine, Engagement Manager at Equal Experts.

In this episode, Lianne Potter and Jeff Watkins continue this conversation and dive deeper into the nuances of modern-day communication and work dynamics. Do we need to set new etiquette for engaging in conversations? How do we establish norms when our work environment is evolving?

Matt also shares insights on the importance of security in our workflow, the power of networking and the need for effective communication and some unconventional wisdom including our favourite thought experiment ever… what would Dolly Parton do?

Establishing New Norms for Work: Top Tips

1. Build Rapport: To establish new norms for work, you need to know who you need to influence and build rapport with them. Think about the language you use, ask for conversation, and set up a coffee club to create a comfortable environment.

2. Embrace Discomfort: Getting comfortable with discomfort is essential to establish new norms for work. Use metaphors to help address problems and think about what Dolly Parton would do to enable better ideas.

3. Be Inclusive: When off-shoring and outsourcing teams, think of the team as a whole. Be conscious of time zones and make people who are not in the room active participants.

4. Prioritise Communication: Establishing new norms for work requires prioritising communication. If it doesn't get prioritised, it doesn't happen. Avoid firefighting and focus on drills, learning, talking, and listening to create a comfortable and productive work environment.

This Episode we are joined by Matt Ballentine, an Engagement Manager at Equal Experts.

We do a deep dive into workplace culture and user-needs-centric cybersecurity.

Matt believes that the essence of modern leadership isn't just about supervision, but about becoming a nexus between people and ideas.

From the transformative shift of T-shaped managers to the pivotal role of psychological safety, we'll journey through the strategies leaders need to adopt to thrive in today's interconnected age.

Get ready to challenge your understanding of work, play, and the art of connection in this two-part episode.

See you next time, keep secure, and don’t forget to ask yourself, ‘Am I a compromising position here?’

In this episode, our guest Josh Nesbitt, CTO of Glean a Leeds EdTech startup, shares his insights on securing the data of vulnerable people, the importance of accessibility and compliance in production-ready products, and the challenges of achieving usability, functionality, and security in concert. 

Join us as we debunk common misconceptions around agile and explore how security teams can be more creative in their approach. We’ll talk about how to use tooling and engagement to get engineers and security teams on the same page and figure out if security champions are really working in our organisations. 

Today, we've got a super interesting interview with Christian Hunt, the founder of Human Risk. He's a Behavioral Science expert and author of the book 'Humanizing Rules', which explores how we can use Behavioral Science to improve compliance and ethics.

Today, we've got a super interesting interview with Christian Hunt, the founder of Human Risk. He's a Behavioural Science expert and author of the book 'Humanizing Rules', which explores how we can use Behavioural Science to improve compliance and ethics.

Our first episode and also Live!

Introducing Compromising Positions!