Last episode we ended by talking with Bec about how cybercriminals leverage the fight-or-flight response and get you to do things you wouldn’t normally do, like share bank details, through amygdala hijacking. Bec concluded the episode by giving us some great advice on how we can retrain ourselves NOT to be so reactive and hopefully, stop ourselves from doing something rash.

In this episode, Awareness ≠ Behavioural Change - Rethinking Cybersecurity Training, we’re going to build upon what Bec discussed last week, a cyber psychology 101 if you will, and see how we practically apply key psychological concepts like cognitive agility, convergent and divergent thinking and meta-cognitive skills to things like tabletop exercises and security awareness training.

Key Takeaways:

Embrace Cognitive Agility: The world is too complex for a one-size-fits-all approach. Learn when to adapt and think critically in the face of unexpected situations.

Awareness does not equal change in behaviour: One size doesn't fit all, and quantitative is usually valued over qualitative, which needs to change.

Leverage Divergent and Convergent Thinking: Don't just train for specific scenarios. Develop the flexibility to both explore diverse solutions and converge on the best course of action when the time comes.

Build Diverse Teams: Groupthink can be your worst enemy in a crisis. Foster diverse perspectives within your team to avoid this critical blindspot.

Make Reflective Learning a Priority: Learn from every experience, good or bad. Debrief after incidents and ask: What went well? What didn't? How can we improve?

Focus on Impact Skills, Not Just Technical Knowledge: Decision-making, communication, and collaboration are the foundational skills needed to navigate complex cyber threats.

We hope you enjoyed this episode - See you next time, keep secure, and don’t forget to ask yourself, ‘Am I the compromising position here?’

Keywords: cybersecurity, training, incident response, crisis management, soft skills, impact skills, cognitive agility, reflective learning, diverse teams, behavioural change

SHOW NOTES

Full show notes can be found here: https://www.compromisingpositions.co.uk/podcast/episode-23-awareness-does-not-equal-behavioural-change-rethinking-cybersecurity-training

ABOUT BEC MCKEOWN

Bec McKeown CPsychol is the Founder and Director of Mind Science, an independent organisation that works with cyber security professionals. She helps businesses to advance the human aspect of system resilience, so a collaborative culture of innovative thinking and an agile threat response becomes the norm.

As a Chartered Psychologist with extensive experience of carrying out applied research for organisations including the UK Ministry of Defence, Bec has gained a unique perspective on the ways humans react in times of crisis. She works at both operational and strategic levels, with a focus on situational awareness, decision-making and problem-solving in complex environments.

LINKS FOR BEC MCKEOWN

Bec’s LinkedIn

Mind Science LTD