EPISODE 15: SHIFT HAPPENS: The ART OF NAVIGATING THE SEAS OF CYBER CHANGE
Today we are joined by Paula Cizek, Chief Research Officer at Nobl, where she guides leaders and teams through the change management process, from assessing the organization’s readiness for change to implementing initiatives. In this episode, we explore the fascinating topic of Corporate Change and how its lessons can be applied to cybersecurity.
In the vast ocean of the corporate world, change is as constant as the tides. It can be exhilarating for some and daunting for others. As leaders, we often stand at the helm, eager to navigate new courses. Yet, we must remember, that not all aboard share the same vision or enthusiasm for these uncharted waters.
Why is it scary for many? How do leaders balance the excitement of innovation with the practicalities and emotions of their teams? We’ll explore the dichotomy of change - the loss and the gain, the risk and the reward.
We'll unpack the layers of change management, from the first ripples of a new idea within the executive team to the waves it creates throughout an organization. How do we bring everyone on deck, giving them the time to adjust their sails and embrace the journey?
We'll also navigate the treacherous waters of resistance. Not every objection is an excuse, and sometimes, they signal hidden icebergs. How do we, as leaders, distinguish between the two?
So, tighten your lifejackets and get ready to dive into the deep end of transformation. In this episode “Shift Happens: The Art of Navigating the Seas of Cyber Change”.
—————————————————————————————————
In this Episode we cover:
Why there’s such a gap between the exec team and boots on the ground when it comes to accepting and being excited by change
The difference between “Fail Safe” and “Safe to Fail” changes and projects
Why we should Start with the Skateboard
That not every objection to change is an excuse
How to communicate change effectively
Being comfortable with being uncomfortable when it comes to negotiation
Why Risk and Uncertainty are different beasts
EPISODE 14: HACK THE NEURAL NETWORK - AI and CYBERSECURITY
Welcome to the third part of our AI mini-series.
In this episode, Jeff and Lianne discuss how AI is transforming the world of cybersecurity, and what you need to know to stay ahead of the curve.
They share their personal experiences with using AI tools, such as the custom GPT suite and the tool they are creating, Security Sage, to enhance their security practices and workflows.
They also explore the challenges and risks that AI poses to cybersecurity, such as phishing, vishing, OSINT, data leaks, and model inversion attacks.
They offer some practical advice on how to use AI safely and responsibly, and how to leverage it to become a better cybersecurity professional.
In this Episode we cover:
How AI is democratizing and disrupting the field of cybersecurity
How to use prompt engineering to get the best out of AI models
How to protect yourself and your organization from AI-enabled cyberattacks
How to use AI to improve your cybersecurity function and become an ally and enabler for your business
How to keep up with the latest developments and trends in AI and cybersecurity
BACK SOON
No episode this week!
We’re back to finish off our AI mini-series on the 4th January where your hosts, Jeff Watkins and Lianne Potter discuss how they utilise AI in their work as cybersecurity and tech specialists, their own hints and tips on how to get the best out of the tool, and their predictions for AI usage within the security field in 2024.
If you’re missing your Compromising positions fix, why not visit our back catalogue of 13 fantastic episodes, or watch our festival special, The 12 Days of Breachmas for short, bursts of sweet cybersecurity content!
Links in the show notes and see you next Thursday!
EPISODE 13: 5 HOT TAKES ON AI
As we’ve been talking to our guests this year, the topic of AI and chatgpt came up several times and It quickly became apparent that their insights deserved a standalone episode. So we’ve been snipping them out of the main episodes to bring you, in the tradition of a season-based show, a lovely clip show! You’ll hear some familiar voices from season 1 and a few that will be joining us next year for future seasons.
Enjoy five hot takes on AI from five very interesting people!
In this Episode we cover:
In a knowledge economy, is it ethically right to pass off LLMs output as our own?
Should we ban our employees from using tools like ChatGPT because of cybersecurity concerns?
AI is only as good as the data is built upon - so not very good according to data analysts worried about bias!
Will AI replace customer service reps?
And what companies are putting AI on the risk register?
EPISODE 12: How to Use ChatGPT and AI to Level UP Your Cybersecurity function
This week we are joined by Helena Hill, a seasoned UX Strategist and Consultant and AI expert with a wealth of experience spanning diverse clients, from pre-start-ups to global industry giants.
Last week Helena taught us how we in the cybersecurity team can effectively use the User experience team, and its principles to improve our security controls and create a better journey. If you’ve not listened to that episode yet, do check it out.
This episode we’re asking Helena about her other expertise in AI and how cybersecurity teams can use tools like ChatGPT to make our lives easier
We’ll touch upon cybersecurity concerns around AI, but mostly this will be a practical episode on how to get the most out of these exciting tools.
In this Episode we cover:
How to use LLMs to enhance the customer experience
The Ethics of AI and Chatbots
Malicious uses of GPTs Like FraudGPT
How to quality check you LLM creations
The Dangers of third-party GPT plugins
How to create better prompts and thus get better outputs
And how to use AI to improve efficiencies in your cybersecurity team and create better security awareness content
EPISODE 11: Are You User Experienced? Applying The Principles of UX & UR To The Cybersecurity Journey
This week we are joined by Helena Hill, a seasoned UX Strategist and Consultant and AI expert with a wealth of experience spanning diverse clients, from pre-start-ups to global industry giants.
In this episode, we explore the fascinating topic of UX and cybersecurity.
We’re going to learn from the UX function to see how we can create a better user experience for people on their security journey, learn how to get buy-in from the business about implementing controls such as MFA, and how to ‘sell’ our security value offering as a positive user experience.
And of course, crucially, how to take those first few steps to engage with the UX team!
This is the first of our two part conversation with Helena, next week we will be talking about her other specialism in AI, which kicks off our Christmas miniseries on AI
EPISODE 10: It’s Not about the Cookie : THE POWER OF FRAMING INTERACTIONS
This week our guest is Melina Palmer, a renowned keynote speaker in behavioural economics and the CEO of The Brainy Business, as well as hosting one of the best podcasts on the subject of the practical application of behavioural economics.
In this episode, we're going to discuss the art of influencing both up and down, and how to tailor your cybersecurity message to different audiences.
Melina teaches us that it's not about the cookie - that is, it's not just about the product or cybersecurity awareness and controls themselves, but it's about how we frame information and communicate change.
With her expertise in behavioural economics, Melina shows us how to make change easier, reduce decision fatigue, and increase social capital through understanding and compromise.
If you're interested in understanding the behavioural science behind cybersecurity and how we can communicate more effectively, then you're in the right place.
EPISODE 9: What the Cybersecurity Team Wants and Can’t Tell You (Because they Need More Behavioural Science)
This week our guest is Melina Palmer, a renowned keynote speaker in behavioural economics and the CEO of The Brainy Business, as well as hosting one of the best podcasts on the subject of the practical application of behavioural economics.
In this episode, we discuss how silos and tribal mentalities occur in the workplace due to confirmation bias and how we can expand the circle of empathy to create a more cohesive team.
We'll also delve into the issue of time discounting, availability bias and optimism bias to understand why people are drawn to the easy option in the moment.
We shall explore how the cybersecurity team's curse of knowledge can be a barrier to effective communication, and the need to create easier-to-digest content that enables 'buy-in.'
If you're interested in understanding the behavioural science behind cybersecurity and how we can communicate more effectively, then you're in the right place.
EPISODE 8: CYBERCRIME - THE GREATEST HEIST IN HUMAN HISTORY
This week our guest is Ray Blake. Ray is an advisor on financial crime matters and co-creator of the Dark Money Files podcast. In this episode, we explore the motivations driving individuals to commit such crimes, probing whether it's sheer greed, the allure of victimless crimes, or a complex mix of factors.
We discuss how the lack of direct interaction with victims and the personal rationalizations criminals make facilitate the perpetuation of these crimes. We also talk about the concept of corporate values and how they may not always align with individual morals, leading to a disconnect that can be exploited.
Furthermore, we look at the responsibility and moral hazard inherent in the fight against fraud, highlighting how cybersecurity often wrongfully blames the victim rather than focusing on the perpetrator.
A word of warning listeners, we do discuss the darker side of crime, including human trafficking which some of our listeners may find upsetting. If this isn’t for you, feel free to skip this one and we’ll see you next week.
EPISODE 7: If Data is the new oil, how do we prevent data spills?
This week we have a very special guest, Reema Vadoliya. Reema is the passionate business founder of data consultancy, People of Data, a gifted storyteller, and a professional problem-solver.
In this episode, Reema shares her insights on how to collaborate more effectively between cybersecurity and data professionals. She emphasizes the importance of empathetic communication, how sometimes quantifying risks is about gut feeling, not just metrics…
We look at how we can use data-driven storytelling to engage and educate people about cybersecurity, including how to make our phishing simulation stats not only more interesting to non-cybersecurity people but also how to make it actually drive meaningful behavioural changes.
EPISODE 6: What Would Dolly Parton Do?
Welcome to part two of our enlightening discussion with Matt Ballentine, Engagement Manager at Equal Experts.
In this episode, Lianne Potter and Jeff Watkins continue this conversation and dive deeper into the nuances of modern-day communication and work dynamics. Do we need to set new etiquette for engaging in conversations? How do we establish norms when our work environment is evolving?
Matt also shares insights on the importance of security in our workflow, the power of networking and the need for effective communication and some unconventional wisdom including our favourite thought experiment ever… what would Dolly Parton do?
Establishing New Norms for Work: Top Tips
1. Build Rapport: To establish new norms for work, you need to know who you need to influence and build rapport with them. Think about the language you use, ask for conversation, and set up a coffee club to create a comfortable environment.
2. Embrace Discomfort: Getting comfortable with discomfort is essential to establish new norms for work. Use metaphors to help address problems and think about what Dolly Parton would do to enable better ideas.
3. Be Inclusive: When off-shoring and outsourcing teams, think of the team as a whole. Be conscious of time zones and make people who are not in the room active participants.
4. Prioritise Communication: Establishing new norms for work requires prioritising communication. If it doesn't get prioritised, it doesn't happen. Avoid firefighting and focus on drills, learning, talking, and listening to create a comfortable and productive work environment.
EPISODE 5: WAR (Metaphor), What is it good for? ABSOLUTELY NOTHING!
This Episode we are joined by Matt Ballentine, an Engagement Manager at Equal Experts.
We do a deep dive into workplace culture and user-needs-centric cybersecurity.
Matt believes that the essence of modern leadership isn't just about supervision, but about becoming a nexus between people and ideas.
From the transformative shift of T-shaped managers to the pivotal role of psychological safety, we'll journey through the strategies leaders need to adopt to thrive in today's interconnected age.
Get ready to challenge your understanding of work, play, and the art of connection in this two-part episode.
See you next time, keep secure, and don’t forget to ask yourself, ‘Am I a compromising position here?’
Episode 4 : CODE RED - Empowering engineers to secure our ci/cd pipelines
In this episode, our guest Josh Nesbitt, CTO of Glean a Leeds EdTech startup, shares his insights on securing the data of vulnerable people, the importance of accessibility and compliance in production-ready products, and the challenges of achieving usability, functionality, and security in concert.
Join us as we debunk common misconceptions around agile and explore how security teams can be more creative in their approach. We’ll talk about how to use tooling and engagement to get engineers and security teams on the same page and figure out if security champions are really working in our organisations.
EPISODE 3: I’M ONLY H.U.M.A.N.(S)
Today, we've got a super interesting interview with Christian Hunt, the founder of Human Risk. He's a Behavioral Science expert and author of the book 'Humanizing Rules', which explores how we can use Behavioral Science to improve compliance and ethics.
EPISODE 2: THE HUMAN OS - WHY WE CAN’T JUST CTRL + ALT + DELETE OUR COMPLIANCE PROBLEMS
Today, we've got a super interesting interview with Christian Hunt, the founder of Human Risk. He's a Behavioural Science expert and author of the book 'Humanizing Rules', which explores how we can use Behavioural Science to improve compliance and ethics.
EPISODE 1: Row, Row, Row Your Boat, Down The Value Stream…Merrily, Merrily, Merrily, that’s the SEcurity Dream!
Our first episode and also Live!