[Security Masterminds] Beyond the Technical: Cultivating Empathy in Cybersecurity

Beyond the TechnicalCybersecurity exists to protect people and their information. In our recent discussion on Security Masterminds, Julie provided unique insights on putting people at the center of cybersecurity.

As Julie Haney, leader of the Human Centered Cybersecurity program at the National Institute of Standards and Technology (NIST), discusses, we need to shift our mindset to recognize that cybersecurity is ultimately meant to serve humans – both experts and regular users. Cybersecurity only exists because of humans, because of people, Haney explains. People built the technology and the services we are trying to protect. Cybersecurity is for the use and benefit of people. It is there to protect us and our information. 

One common stigma within the IT and cybersecurity field is viewing users as the problem or the weakest link that threatens otherwise strong protections. While it is a pet peeve, it is something we work to change within the organization's security culture. Having worked with some very sharp, technical people for many years, I heard many things like, "Oh, if we could just eliminate people from the problem, then everything would be secure..." Haney recalls.

But this perspective is misguided. We need to recognize that cybersecurity exists to serve humans – both security experts and regular users. So, how can we shift to a more people-centric mindset?

Recognizing Cybersecurity as a Human-Centered Pursuit

First, Haney advises becoming more self-reflective as a cybersecurity community. When issues arise, we should ask why and examine the root causes – often some combination of technology, policies, and people's struggles. 

Security protections can fail not because users are unaware or make mistakes but because experts have unrealistic expectations or need to equip people with the context to make informed decisions. Rather than eliminating the human element, we must view users as partners in security. 

Cultivating Empathy and Understanding

Practicing empathy, listening, and relationship building are critical to this partnership. Security experts should strive to understand users' perspectives instead of quickly judging apparent errors or apathy toward threats.

Haney suggests an attitude shift away from an us versus them antagonism between security teams and users. Both sides can feel frustration, but empathy and two-way communication prevent divisiveness.

Reducing Fatigue Through Usability and Support

Organizations can also reduce employee security fatigue by improving usability, minimizing disruption, enhancing communication in plain language, and positively reinforcing security behaviors. 

Rather than being tacked on as an afterthought, secure coding, and testing should be conducted throughout the design process and supported by security tools and policies. It can ensure protections align with user needs instead of disrupting workflows. Likewise, clear communication avoids assumptions about existing knowledge.

Positive reinforcement builds inclusion and effectiveness. Simple gestures like a thank you or an email to the user's manager and contests for best phish reported can make employees feel valued as security partners rather than being shamed or policed by the security team.

Developing Holistic Skill Sets

Finally, more than technical skills are required. Cybersecurity professionals need communication abilities, business acumen, and interpersonal skills to relate security priorities to the organization.

Computer science curricula focus heavily on technical expertise. But professionals must also persuade diverse stakeholders, tailor messaging, and forge collaborations through listening and relationship building.

By putting humans at the center of cybersecurity – understanding their needs, challenges, and gifts – we can create more effective protections and an environment of collaboration rather than friction.

Check out the episode with Julie Haney on Security Masterminds to learn more about empathy, securing our organizations with a human-centered focus, and reducing security fatigue among users.

Listen Here

Want to cut & paste the link in your own browser?: https://www.buzzsprout.com/1892704/14213575

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews