4 Levels of Human Factor Security with Roy Zur

Many believe that cybersecurity is for high tech professionals only. It's important to know that employees at every level can accidentally open the door to your network. Today's guest is Roy Zur. Roy is the founder and CEO of Thrive DX for Enterprise which is a global education company committed to transforming lives through digital skills training and solutions as well as addressing the human factor of cybersecurity training. Roy is a 15 year veteran of the Israeli Defense Force where he served as a major. Roy also serves as the adjunct professor in Risk Management and Cybersecurity. He is the founder and chairman of the non-profit Israeli Institute for Policy and Legislation and a member of the Forbes Business Council.

Show Notes:

• [1:05] - Roy shares his background in cybersecurity and the different responsibilities he's had.
• [2:27] - Roy describes the challenges experienced in the Israeli Defense Force.
• [3:55] - It's not just about the training, it's also about the screening.
• [6:30] - The rapid changes in cyber security makes maintaining the curriculum a challenge.
• [9:13] - When finding people that qualify as candidates for this learning, there is a lot to learn. Roy describes parts of the program.
• [11:47] - Many people are afraid of cyber security because it seems so complicated, but it is more of a human factor issue.
• [13:08] - There are different groups within an organization that have access to data.
• [14:34] - Roy defines the groups or levels of an organization.
• [16:11] - Software developers and engineers have a huge responsibility.
• [17:08] - Each group has to have an education about security and the type of skills they need will vary.
• [18:47] - The method of learning is also different per level.
• [20:21] - Giving employees the information they need and nothing more is crucial so they can spend their time working on their responsibilities.
• [22:12] - Training for awareness which usually includes everyone in an organization takes about 2 hours a year but people don't always take it seriously.
• [24:11] - Phishing simulations are very effective. Roy describes the most effective methods of training.
• [26:15] - Full bootcamps can be up to 500 or more hours.
• [27:25] - In Education, Bloom's Taxonomy plays a big role.
• [29:11] - When you create new knowledge, you've completed the full cycle of truly learning something.
• [30:58] - For most people, the motivation to complete cybersecurity training is simply for compliance.
• [33:12] - These trainings have to be tied into the human factor of cybersecurity.
• [36:36] - Small businesses are actually at more risk of being impacted more greatly by a data breach.
• [39:10] - On Thrive DX's website, there are a lot of great resources available.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

Links and Resources:

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Thrive DX Website