Jill Wick on The Human Side of Cybersecurity

What if the best way to improve cybersecurity — or any other form of human risk — wasn't another policy, training course, or piece of technology, but a board game? That's the kind of question my guest, Jill Wick, loves asking.

Episode Summary
Jill is a cybersecurity awareness consultant, business psychologist, podcaster, and author. Her work sits at the intersection of psychology, marketing, behavioural science, and cybersecurity, and she is passionate about helping organisations understand that security is fundamentally a human challenge, not simply a technical one.

Drawing on her experience in fraud prevention and her academic background in business psychology, Jill explains why traditional approaches to awareness often fail, why experimentation matters, and how a simple Snakes and Ladders-inspired game can create meaningful conversations about risk and decision-making.

The discussion ranges far beyond cybersecurity. We explore creativity, curiosity, communication, organisational culture, social media, learning, and the challenge of measuring success when the outcome you're seeking is something that doesn't happen.

Key Topics
In this episode, we discuss:

• Why cybersecurity is ultimately a human problem rather than a technology problem
• The psychology behind phishing, scams, and social engineering
• Why more policies and more training often fail to change behaviour
• How unclear policies can create confusion instead of compliance
• The role of curiosity, creativity, and experimentation in risk management
• How games can create psychologically safe environments for learning
• The importance of conversation and peer learning in awareness programmes
• What compliance, safety, conduct, and operational risk professionals can learn from cybersecurity awareness
• Why awareness professionals should think more like marketers
• The value of experimentation, iteration, and A/B testing
• How social media can help build communities around important ideas
• Why measuring engagement may be just as important as measuring failures

Guest Biography
Jill Wick is a cybersecurity awareness consultant, business psychologist, author, and podcast host who specialises in the human side of cybersecurity. Drawing on a background in fraud prevention and behavioural science, she helps organisations build stronger security cultures through creative, engaging approaches that go beyond traditional training and compliance. Known for her innovative use of games, psychology, and marketing techniques, Jill is a passionate advocate for making cybersecurity awareness more human, effective, and enjoyable

Links
Jill's LinkedIn profile - https://www.linkedin.com/in/jill-wick/
Jill's website - https://www.jillwick.com/
Cyber & Psych, Jill's podcast - https://open.spotify.com/show/5uteiqHvCTGCVtCsKCzGJ6?si=322ef51fd6a3423c&nd=1&dlsi=c6d8309550784df9
Security-Awareness-Tools, Jill's book - https://www.isbn.de/buch/9783658511111/security-awareness-tools


AI-Generated Timestamped Outline

• 00:00 – Introduction
• 02:15 – Jill's background: From fraud prevention and business psychology to cybersecurity awareness.
• 05:30 – Understanding why people fall for scams, phishing attacks, and social engineering.
• 06:00 – Why cybersecurity is fundamentally a human problem, not just a technical one.
• 08:00 – The limitations of rules, policies, and traditional awareness training.
• 12:00 – The origin of Jill's cybersecurity board game and why simplicity matters.
• 14:00 – How games create psychologically safe conversations and improve learning.
• 19:30 – The game as a conversation tool: building culture, peer learning, and engagement.
• 22:00 – Creativity, curiosity, and the courage to experiment with new approaches.
• 26:00 – What cybersecurity awareness can learn from marketing, advertising, and A/B testing.
• 35:30 – Why awareness and technology must work together rather than compete.
• 41:30 – New projects: workshops, events, games, and Jill's forthcoming book Security Awareness Tools.
• 44:00 – Lessons for compliance and risk professionals: attention is a limited resource.
• 51:00 – Measuring success: engagement, participation, reporting, and positive signals.