Human Risk ManagementConference
Each year, HRMCon brings together cybersecurity thought leaders and practitioners to present a half-day virtual conference geared toward continuously evolving the power of behavior change in mitigating risks.
Fill out one form to access all the recordings from this event.
HRMCon 2023: Risky BusinessSessions On Demand
Let's face it, we've all experienced the frustration of being stuck in customer service hell, waiting for hours on end to get the help we need. But what happens when employees seek cybersecurity help and guidance, only to be met with an information black hole? Is your security team seen as a group of trolls in the basement, unapproachable and unhelpful? It's time to change that perception.
In this session, Sunette Runhaar, Insider Threat Awareness Lead at Uber, will explore the often-overlooked topic of employee experience in security awareness programs. She will delve into how internal processes can either help or hinder an organization's security culture, and share insights on how to build trust between the security team and the workforce.
This session takes you on a journey that combines the power of emotions and cognitive bias with threat intelligence to create meaningful cybersecurity connections and behavioral changes across your organization. Ashley Chackman, Cybersecurity Specialist with Ciena, and doctoral candidate and cybersecurity expert Dustin S. Sachs share how cognitive bias, emotion, user experience, and behavioral science can drive real cybersecurity change in your teams. You'll leave with practical tactics to immediately put to work in your own cybersecurity practices.
Twice, Kathryn Glynn has created sustainable, 25-person Ambassador programs for zero dollars by tapping into the passion and skills of team members outside of the cybersecurity team. By giving team members the opportunity to contribute to the security of the company, they'll feel more invested in its success and more connected to the cybersecurity team. Kathryn previously created a successful program at Oshkosh Corporation and currently heads the Ambassador program at Kimberly-Clark, so she's lived this.
All cybersecurity technology was a ground-breaking innovation at one point: DLP, IPS, IDS, 2FA. How did cybersecurity professionals make the case for new technology in the past, and what can we learn from it? Panelists, Rinki Sethi, CISO for bill.com, and Martijn Verbree, National Cyber Lead at KPMG Australia, each bring over 20 years of experience in the cybersecurity industry, and have been at the forefront of some of the most groundbreaking technology solutions over the years. So how have they successfully convinced CISOs to adopt new technology and innovative solutions in the past? Learn how they have navigated the complexities of cybersecurity sales, and how they have made the business case for new technologies that are now ubiquitous.
Join us for the cybersecurity mock trial of the year, where we shine a spotlight on the age-old debate on whether phishing simulations are an effective tool for improving cybersecurity or if they do more harm than good. Our courtroom drama will feature a heated debate between plaintiff Charisse Castagnoli and defendant Jenny Hedderman, with Allan Alford as the judge presiding over the case, and Nicole Thibault as expert witness. Our judge will listen to both sides of the argument and provide a fair and impartial verdict. Come witness the drama and join the discussion on the future of phishing simulations in cybersecurity.
Co-Founder and CSO
Co-Founder and CEO
As the CEO and Co-founder of Living Security, Ashley Rose is the driving force behind Living Security’s push to lead the Human Risk Management industry. She has successfully raised more than $25 million in funding to scale the business, pivoted the company from solely in-person training to a fully digital platform, and has led the company to be named an industry leader in the Forrester Wave. She co-founded Living Security based on the philosophy that empowering people is the best approach to lasting security behavior changes and breach prevention. She is an industry thought leader, sharing her unique perspective on the evolution of cybersecurity with various publications including Forbes, TechRepublic, Darkreading, Security Magazine, CyberWire, and Cybersecurity Ventures.
Chris is considered one of the world’s foremost experts on counter threat intelligence and vulnerability research within the Information Security industry. He’s the CISO for Boom Supersonic and works as an advisor for several entities worldwide. His most recent projects are focused within the aerospace, deception, identity, cryptography, Artificial Intelligence, and services sectors. Since the late 90s, Chris has been deeply involved with security R&D, consulting, and advisory services in his quest to protect and defend businesses and individuals against various types of attack. Over the years, he’s founded or worked with several folks specializing in OSINT/SIGINT/HUMINT research, intelligence gathering, cryptography, and deception technologies. These days he’s working on spreading the risk, maturity, collaboration, and communication word across the industry.
CISO, Podcaster, President
With 20+ years in information security, Allan has served as CISO five times in four industries, with a strong history in technology, manufacturing, telecommunications, litigation, and education. Allan parlayed an IT career into a product security career and then ultimately fused the two disciplines. This unique background means that Allan approaches the CISO role with a highly business-aligned focus and an understanding of an organization's greater goals, drivers, methods, and practices.
Allan has led security functions in companies from 5 to 50,000 employees and executes a risk-based approach to security, as well as compliance with many frameworks. Allan hosts The Cyber Ranch Podcast.
eCommerce, Cyber, Privacy Attorney
Insider Threat Awareness Program Lead
Sunette is an information security awareness specialist and is currently the Insider Threat Awareness Program Lead at Uber. Under her leadership, the program plays a key role in Uber’s security resilience strategy, helping employees to recognise and prevent potential insider threats through a robust education and awareness program.
Before Sunette joined Uber, she spent several years at Tesla as the Information Security Education and Awareness Lead, where she built the company’s first global data security awareness program from the ground up. Sunette holds a Master of Science degree in Biochemistry from the University of Stellenbosch in her home country of South Africa.
Sr. Information Security Awareness & Training Lead
Kathryn Glynn’s role at Kimberly-Clark is Sr. Information Security Awareness & Training Lead. Her undergrad is in Marketing and Information Technology and she holds a Masters Degree in Marketing. In her career she has held numerous positions that mix Marketing and IT together and for the past 7 years she has been in Information Security, specifically focusing on securing the human. In her role she helps team members to not fear cyber-attacks but to feel empowered knowing they have the right tools to fight against them. People are not the problem; they are the solution. Educated, empowered people are your company’s best defense. Kathryn is an expert in analyzing, designing, developing, and implementing adult learning curriculum in a variety of multimedia formats that encourage employee growth and retention.
Jenny W. Hedderman Esq. is Risk Counsel from the Office of the Comptroller in Massachusetts. Attorney Hedderman specializes in compliance, internal controls and risk management in the areas of statewide accounting, payroll, financial reporting, and statewide financial audits for the 154 state agencies. Her current focus is developing the Comptroller’s Statewide Risk Management program, including cybersecurity, internal controls and cybersecurity awareness to reduce fraud and cyber incidents. Recent projects include the CTR Cyber Center website (macomptroller.org/ctr-cyber/) providing cybersecurity content, Cybersecurity Tips of the Week, CTR Cyber 5 (5 minute videos) and other internal controls to improve financial responsibility and protection of data, assets, and resources across the Commonwealth. Attorney Hedderman is Chair of the State Records Conservation Board. Secretary of the Essex Co-Operative Farming Association Board, as well as Adjunct Professor in Business Law at Endicott College.
Sr. Manager, Governance Risk and Compliance
As a dynamic Information Security and Risk Management Leader, he brings over 17 years of experience in managing cybersecurity projects and conducting incident response investigations. Throughout his career, he honed expertise in cybersecurity frameworks, threat detection, and risk management practices.
Currently pursuing his Doctoral degree at Colorado Technical University, his research focuses on cyber risk decision-making. His deep understanding of cybersecurity frameworks and compliance standards empowers him to apply principles of governance and compliance effectively to information security initiatives.
Rinki Sethi is the current vice president and chief information security officer at BILL, where she leads global information technology functions. She is also responsible for leading efforts to protect BILL’s information and technology assets and advise the company’s continued innovations in the security space.
Sethi brings decades of security and technology leadership expertise, including her recent roles as VP and CISO at Twitter and Rubrik, Inc. She has been at the forefront of developing cutting-edge online security infrastructure at several Fortune 500 companies such as IBM, Palo Alto Networks, Intuit, eBay, walmart.com, and PG&E. Sethi also serves on the board of ForgeRock, a global digital identity leader, and Data-In-Use Encryption leader Vaultree. She advises many other startups and VCs.
Principal Security Awareness
Nicole Thibault began a career in Security Awareness in 2013. Starting from the ground up (in so many ways) she built the foundation of a Security Awareness program at a large heath care corporation. Now, ten years later in the tech industry, Nicole helps shift the mindset of employees and contractors to know security isn't something to be feared, and employees should turn to security for issues and concerns. Building a culture of personnel who report phishing emails and odd computer behavior is the starting point to employee empowerment.
Lead Partner, Cyber Security
Martijn specializes in cyber security, digital technology, and risk management. He has more than 20 years' experience leading large-scale cyber and technology risk transformations across the globe in financial services, large dotcoms, and critical national infrastructure. He's experienced in cyber risk strategy, implementation, and incident response for boards and the C-suite.
While on a career break from KPMG, Martijn set up and ran the European business for an Australian tech startup in London. During this time, Martijn gained hands-on experience in agile working, fast-paced digital transformation, and DevOps.
In January 2022, Martijn joined KPMG Australia. Previously, he was a partner in KPMG's London office, where he led the cyber security business for their largest corporate clients.