The Behavioral Science of Cybersecurity - Si Pavitt & Steve Dewsnip, MOD
Cybersecurity Sessions8 Joulu 2022

The Behavioral Science of Cybersecurity - Si Pavitt & Steve Dewsnip, MOD

If a stranger walked into your workplace and asked you your name and email address, would you co-operate? What if they asked you to open a door for them, or to use your laptop or phone, all whilst wearing a shirt that said “CHALLENGE ME” on it?

This is the malicious floorwalker, an example of the behavioral interventions staged by the UK Ministry of Defence to educate their workforce about security threats and put their teachings into practice. In this episode, Cyril speaks with Si Pavitt (Head of the Ministry of Defence Cyber Awareness, Behaviours and Culture Team) and Steve Dewsnip (Behavioural Scientist at Atkins) to find out how gamifying psychological theory delivers surprising results across as diverse an organization as the UK’s Ministry of Defence.

Guests Si Pavitt

Si Pavitt is the Head of the Ministry of Defence Cyber Awareness, Behaviours and Culture (CyAB&C) team under the 2* Directorate of Cyber Defence and Risk (CyDR). He is primarily responsible for setting the strategic direction for socio-behavioural change as it relates to cyber-secure behaviour across Defence. He also provides consultancy to Defence human vulnerability and social engineering activities.

Stephen Dewsnip

Stephen Dewsnip is a Behavioural Scientist and Organisational Change Consultant from Atkins Global. Working in the highly collaborative MOD Cyber Awareness Behaviours & Culture (CyAB&C) team, Stephen is responsible for the design and delivery of behavioural interventions to promote cyber-secure behaviours.

Key points
  • Why you should incentivize positive actions rather than police security best practices
  • How to use social engineering to reinforce the need to challenge suspicious behavior
  • The importance of protecting psychological wellbeing during behavioral exercises

Jaksot(35)

Ethical Hacking & Bug Bounty Hunting - Jessica Howarth, PortSwigger

Ethical Hacking & Bug Bounty Hunting - Jessica Howarth, PortSwigger

Cyber-criminals are relentless, and the number of attacks is growing. Businesses are increasingly turning to ethical hackers to find bugs and exploits before attackers do, offering financial incentive...

8 Syys 202223min

Mentoring in Cybersecurity - Gabrielle Botbol, Desjardins

Mentoring in Cybersecurity - Gabrielle Botbol, Desjardins

Mentoring is essential to closing the cybersecurity skills gap, especially in realizing the potential of people from underrepresented communities. In recent years many newcomers to cyber have been men...

4 Elo 202221min

Security and Privacy - Charlie Osborne, ZDNet

Security and Privacy - Charlie Osborne, ZDNet

Many businesses argue that they need to collect information about customers to verify who they are and secure their accounts. However, this is at odds with online privacy advocates, who say organizati...

7 Heinä 202223min

MFA is Better than Passwords… Right? - Roger Grimes, KnowBe4

MFA is Better than Passwords… Right? - Roger Grimes, KnowBe4

We’re told that multi-factor authentication is more secure than passwords, but in truth most MFA is susceptible to the same old threats, such as phishing and man-in-the-middle attacks. In fact, the wi...

9 Kesä 202225min

AI in Cybersecurity: A Double-Edged Sword - Elaine Lee, Mimecast

AI in Cybersecurity: A Double-Edged Sword - Elaine Lee, Mimecast

It’s likely that we encounter artificial intelligence more often than we realize. Just as AI can be used to facilitate fraud and spread misinformation via deepfakes and sophisticated identity theft, i...

5 Touko 202225min

Offensive Security - Jonathan Echavarria, ReliaQuest

Offensive Security - Jonathan Echavarria, ReliaQuest

How can you really know what havoc hackers could wreak on your systems? By challenging them to do it and fixing the exploits they discover, of course. In this episode of the Cybersecurity Sessions, An...

7 Huhti 202220min

The Women Changing Cybersecurity

The Women Changing Cybersecurity

In this month’s episode, Andy Still hands hosting duties over to Netacea’s cybersecurity content specialist, Yasmin Duggal, for a special edition of the podcast for International Women’s Day. Just 16%...

8 Maalis 202245min

Artificial Engagement and Ad Fraud - Stewart Boutcher, Beacon

Artificial Engagement and Ad Fraud - Stewart Boutcher, Beacon

In this month’s episode, we’re talking about ad fraud and the role bots play in this lucrative space. Marketers care intensely about engagement and pay advertisers good money to get it, but how do the...

10 Helmi 202222min