RE: Human Layer Security

As the lead security advocate for KnowBe4, Javvad has had a cyber security career spanning over 20 years. A blogger, event speaker and industry commentator Javvad is best known as one of the industry's most prolific video bloggers. Javvad describes how he has observed cybersecurity attacks evolve and converge over time from his personal perspective.Tim and Javvad also talk about the human element of cybersecurity training, technological limits, and how the two interact. Javvad discusses his strong opinions on how businesses can create robust programs against sophisticated cyberattacks.Love what you hear? You can subscribe to the Tessian newsletter to stay up to date with all new episodes and developments in cybersecurity.

We're back for another season and we're delighted to welcome Itumeleng Makgati, Group Information Security Executive at Standard Bank Group, a leading bank in South Africa. With over two decades of experience in security and business consulting, Itumeleng is a leading voice in the security space, and has appeared on a number of top 100 CISO lists.She joins Tim Sadler, CEO and co-founder of Tessian, to discuss how security leaders can align their cybersecurity strategies with the goals of the business, as well as how to balance cybersecurity with a frictionless client experience - particularly in the world of banking. Itumeleng also shares her tips on building a scalable yet sustainable security culture that works for hybrid teams. A must listen for all security leaders. And if you want to learn more about how to balance security and customer experience, you can sign up to the Tessian newsletter to stay up to date . 

This week, Ted Harrington, ethical hacker, entrepreneur, security consultant and author of the bestselling book, “Hackable”, joins us on the show. Ted and his team have helped hundreds of companies – including the likes of Google, Disney, Amazon, Netflix, and Qualcomm – discover and fix thousands of security vulnerabilities. He shares his learnings, explains why it's so important to 'think like an attacker' and provides tips on how security teams can do just that. Adopting a hacker mindset, he says, is critical to safeguarding your organization in today's threat landscape. 

This week Tim Sadler welcomes Craig Goodwin, the co-founder of Cyvatar - the industry's first member-based cybersecurity as-a-service provider. As the former CISO and Chief Trust & Risk Officer at Fujitsu, and former Global Chief Security Officer at CDK Global, Craig has first-hand experience of the pressures senior security leaders - and their teams - face on a day-to-day basis. He explains how these experiences have led him to create solutions to help leaders tackle the constant firefighting and how his former roles have helped him build empathy with his customers. Tim and Craig also discuss the role of the media in reporting trending security topics - like ransomware - and how this affects security strategies. On this topic, Craig shares his views on how these trends will continue to evolve and what security leaders can do to prepare themselves. 

Helen Patton, Advisory CISO at Cisco joins Tessian's Tim Sadler on the podcast this week to discuss the role of the CISO - now and in the years to come. She urges security leaders to remember that they “don't operate in a vacuum" and provides tips on how security leaders can shift their mindsets to think ‘big' and work cross-functionally. Helen also shares her views on the much-discussed topic of security getting a seat at the table with the board of directors.Tune in to hear her advice and, also, her take on how the role of the CISO will evolve in the next 5-10 years. Learn what you, as a security leader or practitioner, could be doing now to set yourself up for success in the future. 

This week, Tim meets with Lola Obamehinti, founder of Nigerian Techie. With significant experience in developing and leading security and awareness programs at companies including eBay and TIAA, Lola explains why security awareness training is more than important than ever. She provides top tips on how get employees engaged in training and how to get buy-in from execs to make security awareness training as successful as possible. Tim and Lola also discuss diversity in tech, with Lola sharing her views on how to increase inclusivity and diversity in the industry. 

How does Business Email Compromise work? Who is behind the attacks? And how do you get the money back? In this episode, Tim Sadler is joined by Andrew Frey, a Forensic Financial Analyst for the San Francisco Field Office of the U.S. Secret Service, working in the Cyber Fraud Task Force. As one of the most knowledgeable people in the US government on the threat of Business Email Compromise, Andrew works directly with companies and individuals to gather intelligence on cybercriminals behind these attacks and helps recover lost funds when wire fraud has occurred.  He shares stories of attacks he's investigated and explains what businesses need to do should they fall victim to BEC attacks. You can also visit the Secret Service website at https://www.secretservice.gov/ to find out more information. 

This week, Tessian CEO Tim Sadler welcomes Mike Privette who, by day, is the CISO at Passport - a transportation software and payments company that helps cities manage parking and mobility infrastructure. And by night and weekends, Mike is a venture capital advisor, investor and author of the Security, Funded newsletter. Mike's in a unique position; he is a CISO and also advises the security companies that create products for security leaders. He explains what's going to get his attention and provides advice to his peers on how to go about choosing the right cybersecurity vendor and how to get good at the boring parts of cybersecurity. Mike also shares his perspective on why the cybersecurity market is attracting so much investment right now. 

This week, we are talking about getting hacked, as Tim Sadler is joined by Scott Schober, cybersecurity expert and CEO of wireless security tech firm, BVS. When Scott's small business got hacked for the second time, he knew he had to share his experience with other business owners to help them understand the threat landscape they are operating in. On the show, he talks openly about how his corporate checking account was hacked, the motives behind hacks, and the shady art of social engineering, whereby cybercriminals trawl through social media to find information about their targets. And he provides advice to other businesses on how to protect themselves and how to recover when something goes wrong. If you'd like a copy of Scott's book, you can get one here. 

Tim's guest this week is Joe Nocera, the Cyber & Privacy Innovation Institute Leader at PwC. With a passion for understanding the technical challenges of cybersecurity and translating these into practical business solutions, Joe joins Tim to discuss the biggest challenges companies are coming to him to solve. They talk about why human error is the leading cause of data breaches today and how to overcome the problem, starting with a new approach to security training, being empathetic to people's situations and addressing burnout in the organization. A terrific interview for business and security leaders looking to build a robust people-centric security strategy in 2022. 

New year, new guests. And Tim's first guest of 2022 is the inspiring and brilliant Guy Podjarny, the co-founder and president of Snyk - the world's first developer security platform that start-ups worldwide can build upon. Tim and Guy talk about what is driving the industry's shift to a new developer-centric approach to security and the business value in doing so. They also discuss what it means to be developer-friendly and Guy offers advice in the wake of the log4j vulnerability.  If you enjoy the episode, please leave a comment or review and you can also listen to more insights from Guy on his podcast: The Secure Developer. 

This week, Tessian's Tim Sadler is  joined by Dave Cole, CEO and co-founder of Open Raven - a company whose mission is to reinvent data security for a modern era and put an end to data exposure. A well-known figure in the security industry, Dave has previously worked as the Chief Product Officer at Tenable Network Security, CrowdStrike and he also held multiple senior positions at Symantec. Tim and Dave discuss why data security needs reinventing, how the rise of ransomware has changed security teams' attitudes to data protection, and also what makes a good security product. And if you want more Human Layer Security insights, you can sign up to the Tessian newsletter and stay up to date. 

This week, Tessian's Tim Sadler is joined by Leo Cunningham, CISO at Flo Health - one of the world's most used women's health apps on the market right now, with 200 million users across the world.They discuss how he and his team secure the sensitive data of millions of people who use the Flo Health app and also how the team educates the growing number of employees employed by the start-up. He shares his top tips for security leaders in a similar position. Tim and Leo also discuss CISO burnout. Did you know that 2 in 5 CISOs has missed a holiday like Thanksgiving or Christmas because of work demands? They discuss why this is the case and what can be done to overcome it. You can check out the report by visiting https://bit.ly/ciso-researchAnd if you want more Human Layer Security insights, you can sign up to the Tessian newsletter and stay up to date. 

Did you know that nearly two-thirds of security leaders believe that employees will cause their next data breach? Two-thirds. That's pretty high. This is something that Jessica Burn, a senior analyst at Forrester, wants to discuss on this episode of the RE: Human Layer Security podcast. With Tim away this week, she meets with Tessian's Henry Trevelyan Thomas to discuss why so many security leaders think this, and how they can overcome these fears by addressing the following questions -  how well do you know the 'humans' behind your employees? Do you know how they work and where the most vulnerable moments in their daily lives lie? After listening to this episode, you'll walk away with tips on how you can improve your human-centric approach to security.  And if you want to read the report Jess refers to in this episode, visit https://bit.ly/forrester-tessian to download. 

This week, Tim is joined by Jon Oberheide, the co-founder and Chief Technology Officer of Duo Security - one of the most successful security start-ups the world has seen. Its mission was clear; democratize security by making it easy and effective.Since founding the company in 2009, the concept of zero trust becoming a market-recognized category was considered a ridiculous moonshot - but today, it's broadly recognized as the way to build an effective security program. Jon shares views on how and why this has happened and why he's so proud that Duo is leading the charge. A few days before this interview, Jon announced his departure from Duo and Tim was keen to look back over his journey at the company, hear his top learnings around building a security start-up, and find out what's in store for the future. 

This week, Tim welcomes Josh Yavor, Tessian's Chief Information Security Officer and former security leader for Duo Security, Facebook and Cisco Secure. He shares why he believes the human factor is so important in cybersecurity, particularly when you consider the variety of attacks that people are faced with today - like social engineering and business email compromise. Josh explains how security leaders can - and should - empower and entrust users if they are going to overcome these major challenges, using real-world examples from his own experiences. A must-listen! And here's a link to the report that Josh refers to.  If you want more Human Layer Security insights, you can sign up to the Tessian newsletter and stay up to date. 

Did you know that organizations with a poor security culture demonstrate a 52-time higher risk of employees sharing account credentials? This week, Tim Sadler welcomes Kai Roer to the show - a renowned Security Culture Researcher with over 25 years of experience in cybersecurity and the recently appointed Chief Research Officer at KnowBe4. He defines what a security culture actually is, why leaders should care and what you can do to build a good security culture in your business. If you want to access even more Human Layer Security insights? You can sign up to the Tessian newsletter by clicking that link. 

In this episode, Tessian's CEO Tim Sadler speaks to Ben Aung, Chief Risk Officer at SAGE.  He shares his perspective on human layer risks like insider threats and human error, drawing on his experiences in his role at SAGE and also from his time as a deputy government Chief Security officer in the UK government. Looking for even more Human Layer Security insights? You can sign up to the Tessian newsletter and stay up to date . 

If there's one piece of advice Confidence Staveley would give you when it comes to cybersecurity? "Stop and think," she says. Doing something out of fear can never be a good thing - and that's what the cybercriminals are counting on. The cybersecurity awareness evangelist, entrepreneur, and recently crowned Cybersecurity Woman of the Year 2021, joins Tessian CEO Tim Sadler this week to discuss fraud and social engineering attacks, and why they are so effective. She explains how she is successfully raising awareness of cyber scams across Nigeria - thanks to #NoGoFallMaga - and what companies can learn from this to help improve people's cybersecurity behaviors. You can learn about Confidence's organizations and the Cyber Girls fellowship by visiting https://cybersafefoundation.org/cybergirls/ 

Lena Smart is the kind of CISO every organization needs. In 2019, she became MongoDB's first CISO - her third chief security position - and, since joining, she has implemented programs that have transformed the company's security posture and culture. In a conversation with Tessian's CEO Tim Sadler, she reveals how and why launching a security champions program has successfully reduced phishing click-thru rates, minimized threats caused by human error and helped build a stronger security culture to empower employees. She shares her tips on how you can do the same in your company.  Looking for even more Human Layer Security insights? You can sign up to the Tessian newsletter and stay up to date . 

A warm welcome to Debbie Reynolds - aka The Data Diva - who discusses one of the biggest challenges IT and security teams face today... data loss prevention. She and Tim dive into the issues surrounding hybrid work, the rise of ransomware, and employee error, and explore how they impact and influence organizations' data protection and privacy strategies.  As a world-renowned technologist and advisor to multinational corporations on global data privacy and data protection, Debbie shares her stories, her breadth of knowledge, and provides sound advice on how you can bolster your DLP strategies.  An if you want to hear more from Debbie, you can download and listen to her own podcast - The Data Diva. 

Bobby Ford, CSO at Hewlett Packard Enterprise and former CISO at Unilever joins Tessian's CEO this week to share his stories from the world of corporate security, his learnings from his time in the U.S. Army as an Information Security Analyst and his philosophy on cybersecurity today. Security leaders, he says, cannot be the captains of the "no" police if you want to protect employees, and Bobby explains how and why leaders need to equip users with the tools, resources and controls they need to leverage their intelligence. Because, he says, your employees are really smart - they're the sensors in your security ecosystem. Books referenced in the show: Outliers, Malcolm GladwellLooking for even more Human Layer Security insights? You can sign up to the Tessian newsletter and stay up to date . 

Want to hear from a former CIA hacker, cybersecurity commissioner to the Obama administration, and advisor to clients including the Obama family, Bill Gates, and a number of Fortune 500 companies? Then this is the episode for you. This week, Tessian's CEO Tim Sadler welcomes Dr Eric Cole to the show to discuss some of the biggest security challenges facing organizations today. He explains the role of the CISO today and why communication is everything in security. Without it, he says, everything falls apart. Listen to his tips and advice today. If you want more Human Layer Security insights delivered straight to your inbox, you can sign up to the Tessian newsletter and never miss a beat. 

At the time of recording, Tracy Z. Maleeff was an Information Security Analyst at the New York Times. She is now employed by the Krebs Stamos Group.On the RE:Human Layer Security podcast this week, Tessian's CEO Tim Sadler is joined by the brilliant Tracy Z. Maleeff - or Infosec Sherpa, as you may know her on Twitter. Tracy explains how she got into the cybersecurity industry - an inspiring story for any career changers out there - and why her skills as a librarian have made helped her become the information security professional she is today. Tracy shares her points of view on why it's so important for security leaders to lead with empathy, if they want to get employees on side and protect their company from threats like phishing and malicious insiders. You can sign up to Tracy's newsletter here, and if you're looking for even more Human Layer Security insights, you can sign up to the Tessian newsletter and stay up to date. 

Nuno Teodoro, the Cyber Security Officer of Huawei joins Tim Sadler this week to talk about trust, zero-trust and FUD in cybersecurity, at a time when questions around trust and Huawei dominate the news. Nuno also shares his opinions on the role that humans play in cybersecurity and the steps he and his team take to make security every employees' responsibility. No mean feat in a company with almost 200,000 employees!Books referenced in the show: Ghosts in the Wire, Kevin MitnickThe Cyber Effect: A Pioneering Cyber psychologist Explains How Human Behaviour Changes Online, Mary AikenAnd if you're looking for even more Human Layer Security insights, you can sign up to the Tessian newsletter and stay up to date. 

Kicking off the new season of the RE:Human Layer Security podcast, we are delighted to welcome James McQuiggan, Security Awareness Advocate at KnowBe4. James speaks to Tim Sadler, CEO at Tessian about a new school approach to security education and awareness, the rise of ransomware and why phishing training should lead with the carrot, not the stick. The episode is packed with advice and anecdotes to help you and your business think about the human factor in your cybersecurity strategy. Books referenced in the showThe Hitchhiker's Guide to Galaxy,  Douglas AdamsData Driven Defense, Roger GrimesTransformational Security Awareness, Perry CarpenterTribe of Hackers: Cybersecurity Advice from the Best Hackers in the WorldBook, Jennifer Jin and Marcus J. CareyIf you're looking for even more Human Layer Security insights, you can sign up to our newsletter to stay up to date. 

With Tim away this week, Tessian's co-founder Ed Bishop steps in to explain why people continue to fall for phishing scams, particularly during a global pandemic. He speaks to Dave Kennedy, founder of TrustedSec and Jeff Hancock, Stanford University professor and expert in trust and deception online, to understand the psychology behind phishing and the techniques hackers use to manipulate people's trust. Looking for more Human Layer Security  insights? Head over to the Tessian blog and you can also subscribe to the Tessian newsletter to stay up to date with all our Human Layer Security news.

How do you change the cybersecurity behaviours of thousands of employees at enterprise-scale? Tessian's CEO Tim Sadler speaks to Simon Hodgkinson, the former CISO at BP to find out. With over 35 years experience in the IT and security field, Simon shares his opinions on why security must be a seamless experience for employees if it's going to work, arguing that if you can allow people to get their jobs done securely without them actually seeing the security, then that's a fantastic outcome. He and Tim also discuss how and why the CISO has a harder job on their hands, compared to 30 years ago, and how to overcome challenges such as reporting risk to the board. It's a must-listen for any security professional. And if you want more Human Layer Security  insights, head over to the Tessian blog and you can also subscribe to the Tessian newsletter to stay up to date with all our Human Layer Security news.

A recent Tessian report revealed that male graduates were almost twice as likely to consider a career in cybersecurity than female grads, despite it being an industry for considerable growth opportunities for women. Why? And how can we change their perception of cyber?As an incredibly successful female CISO, Anne Benigsen, CISO at Bankers' Bank of the West shares her opinions on how we can encourage more women to pursue a career in cyber. You can access the full Opportunity in Cybersecurity 2021 report here or via the Tessian website.

It's interesting how many three-year plans include a lot of “blinky boxes” and “very few tactical objectives other than keep doing phishing tests" to protect humans in the organization, says Anne Benigsen, CISO at Bankers’ Bank of the West in her conversation with Tessian's CEO Tim Sadler this week. Anne and Tim discuss how companies can use technology to protect people from potential cybersecurity mistakes in the same way that safety features of a car - airbags, seatbelts, anti-lock brakes protect people from causing harm. Anne passionately explains why it’s time to make security every employee’s responsibility - whether they’re in IT or not. Want more Human Layer Security insights? Head over to the Tessian blog and you can subscribe to the Tessian newsletter to stay up to date with all our Human Layer Security news.

Building a security culture, and getting employees to care about security, is not easy. So, this week, Tessian's CEO Tim Sadler meets the very inspiring Ray Espinoza, CISO at Cobalt - the Pentest-as-a-Service platform that is modernizing the traditional, static penetration testing model - to explain how you can build your security "tribe".Ray discusses how to create a security culture built on trust and with humans at the heart. He provides actionable advice on how to  have open conversations with your stakeholders and employees, asking them whether they understand what you're doing and why you're doing it. Because, he says, their buy-in is critical to the delivery of your security strategy.Want more Human Layer Security  insights?  Head over to the Tessian blog and you can subscribe to the Tessian newsletter to stay up to date with all our Human Layer Security news.

This week, Tessian's CEO Tim Sadler is joined by Dan Raywood, journalist and former deputy editor of Infosecurity Magazine. Looking back over the past 12 months, Dan and Tim talk about resilience and how recent events have changed cybersecurity, from SolarWinds to Covid-19 - to which Dan poses the question, "Has anything actually really changed?!" They also discuss where IT leaders need focus efforts in 2021 and why the human factor is a major consideration.  Looking for more Human Layer Security  insights?  Head over to the Tessian blog and you can subscribe to the Tessian newsletter to stay up to date with all our Human Layer Security news.

How do you enhance productivity without compromising security? This week, Tessian's CEO Tim Sadler speaks to Jerry Perullo, the CISO at the Intercontinental Exchange (ICE) about why businesses need to work with users, use the data, and give employees the tools to protect themselves and make cybersecurity decisions. He and Tim talk about ICE's own security strategies and discuss why solving the problem with human error has been a long time coming. Jerry shares his tips and advice, explaining where security teams can, and should, start in building a long-term strategy to balance employee productivity and security. Want to know more? You can find more Human Layer Security insights on the Tessian blog and you can subscribe to the Tessian newsletter to stay up to date with all our Human Layer Security news.

Hacking humans is easy. Hacking software is not. And that's why hacking humans is still the easiest way to hack into organizations today and why social engineering type attacks are continually rising. But how do hackers hack humans? Tim Sadler speaks to Craig Hays, an ethical hacker, to find out . They discuss how attackers select their targets, leverage publicly available information online and craft successful social engineering scams to hack people and their organizations.Their conversation centers on a recent report from Tessian titled How to Hack a Human - a report in which Craig, along with other ethical hackers within the HackerOne community, contributed to. It's a must-read for any employee, IT or business leader looking to understand social engineering in more detail. You can find the full report on Tessian website or click here. Want to know more? You can find plenty insights about social engineering or advanced impersonation scams over on the Tessian blog and you can subscribe to the Tessian newsletter to stay up to date with all our Human Layer Security news.

What makes your organization tick? What does it love and what does it hate? Where do your employees 'hang out' and share information? Are your employees happy?These are the things that social engineers are looking to find out. These are things that help hackers hack humans to hack organizations - and they're getting pretty good at it. World-renowned social engineer and people hacker Jenny Radcliffe joins Tim Sadler on the podcast this week to discuss the art of persuasion, manipulation and persuasion. She reveals how cybercriminals can convince your employees into doing their malicious deeds for them and explains why business leaders must know their people better than the bad guys.If you want to hear more from Jenny, you can listen to her own podcast - Human Factor Security. And if you want to learn more about social engineering scams, you can find lots of insights on the Tessian blog and you can subscribe to the Tessian newsletter to stay up to date with all our Human Layer Security news.

The dictionary defines ‘cybersecurity' as “measures taken to protect a computer or computer system against unauthorized access or attack." There is no mention of people or humans. Tessian's CEO Tim Sadler speaks to Bruce Hallas - an advocate, trainer and consultant in information security awareness, behavior and culture - about why this needs to change.With so much to cover, Bruce drills down into why the cybersecurity industry needs to open its arms to other areas of expertise, beyond just those with purely technical backgrounds, in order to understand people, their behaviors and their cultures. Only then, he says, can organizations start to address the human factor in cybersecurity and get ahead of the cybercriminals.You can also listen to Bruce's podcast - Rethinking The Human Factor - and follow his work and research on Twitter. And if you want even more... more insights are on the Tessian blog and you can subscribe to the Tessian newsletter to stay up to date with all our Human Layer Security news.

The cybersecurity industry has relied on the concept of fear, uncertainty and doubt for years. It even has its own acronym - FUD. But is fear really the way to encourage people to make smarter cybersecurity decisions? Or does scaremongering actually has an adverse effect? Tim Sadler speaks to Dr Karen Renaud, Professor at Abertay University and Dr Marc Dupuis, Assistant Professor at the University of Washington Bothell to find out. Specializing in the human factors of cybersecurity, these academics have researched the effectiveness of fear appeals in cybersecurity and they fully believe that the industry needs to flip the script when it comes to training people to do the right thing. They recently shared their findings in the Wall Street Journal - a brilliant article titled Why Companies Should Stop Scaring Employees About Security and, in this episode, they shed more light on the topic.You can find more insights at the Tessian blog and you can subscribe to the Tessian newsletter to stay up to date with all Tessian's Human Layer Security news.

Think we'll be going back to old ways of working post-pandemic? Think again, says Stephane Kasriel, former CEO of freelancing website Upwork. He speaks to Tim about why he believes remote work is a win-all situation for employers, employees and society. He explains how to overcome challenges and reveals the top things your business should consider when planning your future remote work strategies. You can find more insights at the Tessian blog and you can subscribe to the Tessian newsletter to stay up to date with all our Human Layer Security news.

There's a common misconception that people are the weakest link when it comes to cybersecurity. Tim Fitzgerald, CISO at ARM and former CSO at Symantec, believes this way of thinking underserves people’s intent. In his conversation with Tim, he explains that people are just trying get their jobs but sometimes mistakes happen - and this is a problem that leaders need to solve. He shares his advice on how you, too, can build a cybersecurity strategy that not only improves people's security behaviors but also aligns with, and enhances, the overall ethos of your company.You can find more insights at the Tessian blog and you can subscribe to the Tessian newsletter to stay up to date with all our Human Layer Security news.

If you separate the culture from the strategy, nine times out of 10, you aren't going to achieve your business' goal. Why? Because the execution is going to be flawed.It's been a year like no other and one question that comes up time and time again is how do you keep your teams and employees motivated when times are tough? Tim speaks to Howard Schultz, the former chairman and chief executive officer of the Starbucks Coffee Company to find the answers. With stories from his days at Starbucks, Schultz explains how to lead with humanity during times of adversity and how to build a culture that inspires people to work. You can find more insights at the Tessian blog and you can subscribe to the Tessian newsletter to stay up to date with all our Human Layer Security news.