Platform

Unify HRM Overview

Platform

Capabilities

Identify: Human Risk Operations Center (HROC)
Dashboards

Power Insights

Benchmarks

Protect: Workflow Automation & Orchestrations
Nudges

Phishing Simulations

Training

Report: Human Risk Index (HRI)
Employee Scorecards

Manager Reporting

Board and Executive Reporting

Bundles

Unify Go
Start your journey to HRM here.

Monitor risk by:

Security Training Compliance

Phishing and Email

Unify Enterprise
Covers risk in Unify Go and adds:

Malware & Ransomware

Data Loss

Account Takeover

Featured Resources

Living Security Blog
Living Security A Leader in Forrester Wave
link

Living Security Blog
The Little Dot in the Top Right Corner
link

Living Security Blog
Why Your Team Should Have A Business Continuity Plan
link
Solutions

Solutions Overview

Solutions

By Role

CISO
Provides CISO’s, executives, and boards a complete picture and prioritization of workforce risk by type, department, location, and more.
link

Security Awareness Team
Go beyond training completion and phishing click rates and proactively safeguard your organization from human-induced security incidents.
link

GRC
Identify, resolve and track commonly violated policies with granular accuracy to lower risk and improve workforce compliance.
link

SOC/IR
Unleash the true potential of your human firewall with data-driven insights and action plans that curb threats before they become incidents.
link

By Risk

Training Compliance
Monitor training compliance status for users and segments across the enterprise.
link

Phishing & Email
Identify the users most and least at risk to social engineering attacks and protect them.
link

Malware & Ransomware
Proactively protect users from malware including viruses, worms, Trojan viruses, spyware, adware, and ransomware.
link

Data Loss
Pinpoint when data is at risk of leaving your controlled environment through unauthorized access or malicious intent.
link

Identity Threats
Get visibility into the most susceptible users for account compromise and mitigate their risk.
link
Products

Products

Products Overview
Transform how your organization approaches Security Awareness and Training by shifting to a proactive HRM approach that creates a strong culture of security.

Living Security Blog
Living Security A Leader in Forrester Wave
link

Unify Human Risk Management
Establish a proactive security loop.
Security Awareness Training
Interactive compliance training for modern threats.
CyberEscape Rooms
Put your team in the center of security scenarios
Cybersecurity Awareness Month
Create a cyber vigilant workforce in October
Cybersecurity Engagement Training Go beyond compliance training Phishing Training
Stop social engineering attacks in their tracks with realistic simulations and training
across phishing, vishing, smishing, and more.
HRM

HRM

Human Risk Management: Proactive Security
Human Risk Management (HRM) is the process of identifying, assessing, and mitigating risks associated with human behavior in relation to an employee's use of technology.
HRM Maturity Model
How far is your company along the path to true proactive security?
HRMCon on Demand Watch over 10 hours of sessions & hear from over 20 cybersecurity risk management professionals. HRM: Ask Me Anything
Monthly live series focused on diverse Human Risk Management topics and continuing the conversation around HRM.
Forrester Wave™: Human Risk Management Report Access The Forrester Wave™: Human Risk Management, Q3 2024 to discover why Living Security is named a leader for reducing human risk with innovative, real-time insights and solutions.

Living Security Blog
The Little Dot in the Top Right Corner
link
Resources

Resources

Resources
Level up on Human Risk Management with a comprehensive collection of webcasts, whitepapers, ebooks, and more.
Blog
Access hundreds of informative blogs with deep dives and best practices relating to the full array of cybersecurity risks we face.
Cybersecurity Webinars
Watch dozens of webinars tackling some of cybersecurity’s biggest challenges featuring thought leaders from leading organizations.
Case Studies
See how a variety of organizations utilize Living Security’s HRM Platform, Training, and Phishing to reduce risk with proactive defense.

Partners
Human Risk Management Powered by Partners.
Technology Alliance Program
Extend the value of your offering with HRM.
Partner Support
Unlock your potential with our partner hub.

Living Security Community Share HRM best practices Newsroom Read the latest news on Living Security. Support
The more you know, the more you grow.
Why Living Security
Establish a proactive security loop.
Schedule Demo

May 20, 2024

Advance Your Career with Human Risk Management

Leveraging Human Risk Management for your Career Advancement

Securing a promotion in any professional field requires strategic planning, consistent effort, and effective communication of accomplishments. As someone leading Security Awareness and Training, understanding how Human Risk Management (HRM) can aid in this progression is pivotal.

There is a great article published by Ruchi Sinha, PhD, Associate Professor of Organizational Behavior at the University of South Australia Business School, featured in the Harvard Business Review, where she creates a roadmap for earning a promotion in various roles.

In this instance we have tailored these insights to focus on the domain of Security Awareness and Training. Read a summary below of the key steps you can take.

Or for an in-depth look, download the full white paper here.

Step 1: Plant the Seed

Promotions rarely occur spontaneously; they require careful preparation and evidence-based advocacy. Starting a dialogue with your manager six to nine months prior to seeking a promotion is best as everyone will need time to plan. This conversation should revolve around:

Clearly articulating the requirements for advancing to the next career level during routine one-on-one meetings.
Identifying key performance indicators (KPIs) crucial for the role.
Aligning your metrics with organizational objectives and presenting proactive strategies understood by the C-suite and Board
Implementing success metrics that reflect your contribution to fostering a culture of security consciousness and reducing organizational risk, backed by insightful data analysis.
Documenting achievements meticulously in a brag folder to substantiate your case during promotion discussions.

Close the Gap to a Promotion

At Living Security, we speak to hundreds of Security & Awareness Leaders on a monthly basis. We consistently hear that reporting (Board/C-suite and across the business) is very important, but the metrics they look for are narrowly focused and often revolve around:

Phishing: Open Rates, Click Rates, Report Rates, Credentials Harvested
Training: Completion Percentages, Engagement Rates, Blog Subscribers
Culture: Cyber Champions Program Enrollment

Although these metrics are very important, they are not the metrics and focus areas to move the business forward. To make the next jump, you need to enhance the program and that starts by measuring outcomes and not activities.

Human Risk Management Metrics Quantify the Impact of Security & Awareness Leaders

HRM programs and platforms enable SAT leaders to extend the measurement and reporting of key metrics beyond phishing, training, and culture. Risk can also be quantified by:

Access Level: which groups or employees have elevated access to sensitive information
Departments: which teams, departments, or office locations are at elevated risk
Security Risks: which groups are at heightened risk of data, identity, malware, and/or social engineering threats

Example HRM Metrics to Track and Report

If the business is concerned about their Cyber Insurance Coverage, show them how your last campaign jumped MFA adoption by 37%, decreasing the likelihood of an incident. Show them how you have built a culture of ownership and accountability, e.g. increasing your report rate by 27%, because you communicate with your audience regularly and through a variety of channels (email, Slack, Teams, etc.). When you can tie back your value to the business objectives, you are viewed differently.

Step 2: Document your Achievements in a Brag Folder

Now that you have a focus on larger organizational goals, the big first step is complete. Once you have achieved a major goal (defined by you and your manager), and have the data to back it up, it is time to start this conversation. To do this, you need to be able to show quantitative HRM metrics backing your value and growth within the organization.

Here is an actual example from one of our customers. The client ran enterprise-wide phishing simulations in the summer months and came to the conclusion, with their CISO, that they need to focus their program efforts on a specific risk group based on three data points:

• Privileged users (IAM tool data)...
• Who have clicked on a simulated or real phish (Phishing data), and... • Who been heavily targeted (Email Security data)

The Director of Training and Awareness came up with a proposed campaign for October with a focus on the risk cohort they identified. The program would consist of:

A Slack Message, notifying the group of an upcoming training they will be enrolled in
A Slack invite to one of four lunch and learn sessions that will cover two major areas:

• The responsibility that comes with having elevated access

• Not just how to spot a phish but the importance to the security team and company of reporting the phish.
Enrollment into three micro learning videos, each one minute, on the topics covering privileged access and spear-phishing.

Example HRM Action Plan and Results

Here is the outcome of that work targeting 150 High Risk Users who fit their risk profile and the results that went straight into the “brag folder.”

October Awareness Targeting Social Engineering Risky Users

By November 28, they only had one user of the 150 repeat click
All 150 users completed at least one of the two actions: lunch and learn or video modules

All 150 users over the next two months REPORTED at least one suspicious email (real or simulated) - moving high risk users into the vigilant category.

The data above does two things:

• Shows that a focused training program can shift behavior

• Demonstrates a resilient culture, not based on surveys, but based on users understanding their risk, their willingness to learn in short stints, and adopting their learning into their day to day work.

Our client found a problem the CISO deeply cared about. They created a plan to drive this risk down. Then they had the metrics to prove that the efforts worked and now they have a compelling action plan to run again when new users fit this same profile in the future!

Step 3: Make the Ask

Approaching your manager for a promotion requires confidence, supported by a compelling narrative of your accomplishments aligned with organizational objectives.

Emphasize:

Tangible outcomes of your initiatives, such as increased MFA adoption or decreased instances of sharing sensitive information.
Your proactive approach to identifying and addressing security risks, as evidenced by higher report rates of suspicious emails post-training.

Expressing readiness to assume greater responsibility and contribute meaningfully to organizational goals.

Sample Dialogue:

“I believe I’ve consistently met our shared expectations and contributed positively to our objectives. I am eager to take on more challenges and advance in my career. I welcome your guidance on how I can further contribute to our team and the organization as a whole.”

In essence, leveraging HRM practices entails strategic alignment of your achievements with organizational goals, effective communication of value propositions, and proactive engagement in career advancement discussions. By adopting this approach, security professionals can navigate their career pathways with confidence and competence.