Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    [Security Masterminds] Beyond the Technical: Cultivating Empathy in Cybersecurity

    Beyond the TechnicalCybersecurity exists to protect people and their information. In our recent discussion on Security Masterminds, Julie provided unique insights on putting people at the center of cybersecurity.

    As Julie Haney, leader of the Human Centered Cybersecurity program at the National Institute of Standards and Technology (NIST), discusses, we need to shift our mindset to recognize that cybersecurity is ultimately meant to serve humans – both experts and regular users. Cybersecurity only exists because of humans, because of people, Haney explains. People built the technology and the services we are trying to protect. Cybersecurity is for the use and benefit of people. It is there to protect us and our information. 

    One common stigma within the IT and cybersecurity field is viewing users as the problem or the weakest link that threatens otherwise strong protections. While it is a pet peeve, it is something we work to change within the organization's security culture. Having worked with some very sharp, technical people for many years, I heard many things like, "Oh, if we could just eliminate people from the problem, then everything would be secure..." Haney recalls.

    But this perspective is misguided. We need to recognize that cybersecurity exists to serve humans – both security experts and regular users. So, how can we shift to a more people-centric mindset?

    Recognizing Cybersecurity as a Human-Centered Pursuit

    First, Haney advises becoming more self-reflective as a cybersecurity community. When issues arise, we should ask why and examine the root causes – often some combination of technology, policies, and people's struggles. 

    Security protections can fail not because users are unaware or make mistakes but because experts have unrealistic expectations or need to equip people with the context to make informed decisions. Rather than eliminating the human element, we must view users as partners in security. 

    Cultivating Empathy and Understanding

    Practicing empathy, listening, and relationship building are critical to this partnership. Security experts should strive to understand users' perspectives instead of quickly judging apparent errors or apathy toward threats.

    Haney suggests an attitude shift away from an us versus them antagonism between security teams and users. Both sides can feel frustration, but empathy and two-way communication prevent divisiveness.

    Reducing Fatigue Through Usability and Support

    Organizations can also reduce employee security fatigue by improving usability, minimizing disruption, enhancing communication in plain language, and positively reinforcing security behaviors. 

    Rather than being tacked on as an afterthought, secure coding, and testing should be conducted throughout the design process and supported by security tools and policies. It can ensure protections align with user needs instead of disrupting workflows. Likewise, clear communication avoids assumptions about existing knowledge.

    Positive reinforcement builds inclusion and effectiveness. Simple gestures like a thank you or an email to the user's manager and contests for best phish reported can make employees feel valued as security partners rather than being shamed or policed by the security team.

    Developing Holistic Skill Sets

    Finally, more than technical skills are required. Cybersecurity professionals need communication abilities, business acumen, and interpersonal skills to relate security priorities to the organization.

    Computer science curricula focus heavily on technical expertise. But professionals must also persuade diverse stakeholders, tailor messaging, and forge collaborations through listening and relationship building.

    By putting humans at the center of cybersecurity – understanding their needs, challenges, and gifts – we can create more effective protections and an environment of collaboration rather than friction.

    Check out the episode with Julie Haney on Security Masterminds to learn more about empathy, securing our organizations with a human-centered focus, and reducing security fatigue among users.

    Listen Here

    Want to cut & paste the link in your own browser?: https://www.buzzsprout.com/1892704/14213575

     

    Return To KnowBe4 Security Blog

    Topics: KnowBe4, Security Masterminds Podcast

    James McQuiggan

    ABOUT JAMES MCQUIGGAN

    James McQuiggan has over 20 years of experience in cybersecurity. He is currently a Security Awareness Advocate for KnowBe4, where he is responsible for amplifying the organization’s messaging related to the importance of, effectiveness of and the need for new-school security awareness training within organizations through social media, webinars, in-person presentations, industry trade shows and traditional media outlets.

    Prior to joining KnowBe4, McQuiggan worked at Siemens where he held various cybersecurity roles, including consulting and supporting various corporate divisions on cybersecurity standards, information security awareness and securing product networks. McQuiggan is a part-time faculty professor at Valencia College in the Engineering, Computer Programming and Technology division. He also volunteers for several initiatives through ISC2, including president of the ISC2 Central Florida Chapter, a member of the North American Region Advisory Council and a member of the Board of Trustees for the Center for Cyber Safety and Education.

    Read more from James »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews