The Behavioral Science of Cybersecurity - Si Pavitt & Steve Dewsnip, MOD

If a stranger walked into your workplace and asked you your name and email address, would you co-operate? What if they asked you to open a door for them, or to use your laptop or phone, all whilst wearing a shirt that said “CHALLENGE ME” on it?

This is the malicious floorwalker, an example of the behavioral interventions staged by the UK Ministry of Defence to educate their workforce about security threats and put their teachings into practice. In this episode, Cyril speaks with Si Pavitt (Head of the Ministry of Defence Cyber Awareness, Behaviours and Culture Team) and Steve Dewsnip (Behavioural Scientist at Atkins) to find out how gamifying psychological theory delivers surprising results across as diverse an organization as the UK’s Ministry of Defence.

Guests Si Pavitt

Si Pavitt is the Head of the Ministry of Defence Cyber Awareness, Behaviours and Culture (CyAB&C) team under the 2* Directorate of Cyber Defence and Risk (CyDR). He is primarily responsible for setting the strategic direction for socio-behavioural change as it relates to cyber-secure behaviour across Defence. He also provides consultancy to Defence human vulnerability and social engineering activities.

Stephen Dewsnip

Stephen Dewsnip is a Behavioural Scientist and Organisational Change Consultant from Atkins Global. Working in the highly collaborative MOD Cyber Awareness Behaviours & Culture (CyAB&C) team, Stephen is responsible for the design and delivery of behavioural interventions to promote cyber-secure behaviours.

Key points

• Why you should incentivize positive actions rather than police security best practices
• How to use social engineering to reinforce the need to challenge suspicious behavior
• The importance of protecting psychological wellbeing during behavioral exercises