Vector (4)

2023 Human Risk Management Conference

Each year, HRMCon brings together cybersecurity thought leaders and practitioners to present a half-day virtual conference geared toward continuously evolving the power of behavior change in mitigating risks.

Fill out one form to access all the recordings from this event. 

Original Event: June 22, 2023

Watch Now

Watch These Exciting HRMCon 2023: Risky Business Sessions On Demand


It’s All Going To End in Tears…
With Chris Roberts

10:00 AM CT
Can ANYONE of us recall a single time in the world of Hollywood, or the media where an artificial intelligence system was introduced to humanity, and it ended well? Think about it for a moment. When we build these systems in a managed, controlled, restricted environment they occasionally work as we want, they can hunt for the needle in the haystack faster, more efficiently, and effectively than we’ve ever been able to no matter if it’s global genomic research or adversarial efforts within our own organizations. However, welcome to the modern era where we’ve let an ungated intelligence loose on the mass population with no instructions, controls, or safety in place. Let’s talk about what we CAN do to help humanity, what we SHOULD talk with our folks about, and what TO do when it all goes pear shaped. 

Basement Trolls or Helpful Heroes? Improving the Image of Your Awareness Team

10:50 AM

Let's face it, we've all experienced the frustration of being stuck in customer service hell, waiting for hours on end to get the help we need. But what happens when employees seek cybersecurity help and guidance, only to be met with an information black hole? Is your security team seen as a group of trolls in the basement, unapproachable and unhelpful? It's time to change that perception.

In this session, Sunette Runhaar, Insider Threat Awareness Lead at Uber, will explore the often-overlooked topic of employee experience in security awareness programs. She will delve into how internal processes can either help or hinder an organization's security culture, and share insights on how to build trust between the security team and the workforce.


Humanizing Cybersecurity: The Role of Emotion in Driving Change

11:30 AM CT

This session takes you on a journey that combines the power of emotions and cognitive bias with threat intelligence to create meaningful cybersecurity connections and behavioral changes across your organization. Ashley Chackman, Cybersecurity Specialist with Ciena, and doctoral candidate and cybersecurity expert Dustin S. Sachs share how cognitive bias, emotion, user experience, and behavioral science can drive real cybersecurity change in your teams. You'll leave with practical tactics to immediately put to work in your own cybersecurity practices.


Build an Awareness Team Without Spending a Dime

12:05 PM CT

Twice, Kathryn Glynn has created sustainable, 25-person Ambassador programs for zero dollars by tapping into the passion and skills of team members outside of the cybersecurity team. By giving team members the opportunity to contribute to the security of the company, they'll feel more invested in its success and more connected to the cybersecurity team. Kathryn previously created a successful program at Oshkosh Corporation and currently heads the Ambassador program at Kimberly-Clark, so she's lived this.


From Revolutionary to Routine: Building a Business Case for Cybersecurity Innovation

12:40 PM CT

All cybersecurity technology was a ground-breaking innovation at one point: DLP, IPS, IDS, 2FA. How did cybersecurity professionals make the case for new technology in the past, and what can we learn from it? Panelists, Rinki Sethi, CISO for, and Martijn Verbree, National Cyber Lead at KPMG Australia, each bring over 20 years of experience in the cybersecurity industry, and have been at the forefront of some of the most groundbreaking technology solutions over the years. So how have they successfully convinced CISOs to adopt new technology and innovative solutions in the past? Learn how they have navigated the complexities of cybersecurity sales, and how they have made the business case for new technologies that are now ubiquitous.


Phishing Simulations on Trial: Necessary Training or Workplace Harassment? You Be the Judge

01:25 PM CT

Join us for the cybersecurity mock trial of the year, where we shine a spotlight on the age-old debate on whether phishing simulations are an effective tool for improving cybersecurity or if they do more harm than good. Our courtroom drama will feature a heated debate between plaintiff Charisse Castagnoli and defendant Jenny Hedderman, with Allan Alford as the judge presiding over the case, and Nicole Thibault as expert witness. Our judge will listen to both sides of the argument and provide a fair and impartial verdict. Come witness the drama and join the discussion on the future of phishing simulations in cybersecurity. 

HRMCon 2023: Speakers

Drew Rose

Co-Founder and CSO

Living Security

With a Bachelors of Science in Cybersecurity and a CISSP, Drew has a passion for building security programs and reducing risk. He's worked with institutions in the government, private and public sectors. His specialty lies in understanding human behaviors and how emotions impact everyday decisions, and he uses this knowledge to help organizations craft security awareness programs with impact. Having spent 8 years in the military, Drew is a patriot and loves exploring his new home in Austin, Texas. He's also the creative mind behind many of the puzzles, games, and content for Living Security. 

Ashley Rose

Co-Founder and CEO

Living Security

As the CEO and Co-founder of Living Security, Ashley Rose is the driving force behind Living Security’s push to lead the Human Risk Management industry. She has successfully raised more than $25 million in funding to scale the business, pivoted the company from solely in-person training to a fully digital platform, and has led the company to be named an industry leader in the Forrester Wave. She co-founded Living Security based on the philosophy that empowering people is the best approach to lasting security behavior changes and breach prevention. She is an industry thought leader, sharing her unique perspective on the evolution of cybersecurity with various publications including Forbes, TechRepublic, Darkreading, Security Magazine, CyberWire, and Cybersecurity Ventures.

Chris Roberts
Chris Roberts, a.k.a. Dr. Dark Web


Boom Supersonic

Chris is considered one of the world’s foremost experts on counter threat intelligence and vulnerability research within the Information Security industry. He’s the CISO for Boom Supersonic and works as an advisor for several entities worldwide. His most recent projects are focused within the aerospace, deception, identity, cryptography, Artificial Intelligence, and services sectors. Since the late 90s, Chris has been deeply involved with security R&D, consulting, and advisory services in his quest to protect and defend businesses and individuals against various types of attack. Over the years, he’s founded or worked with several folks specializing in OSINT/SIGINT/HUMINT research, intelligence gathering, cryptography, and deception technologies. These days he’s working on spreading the risk, maturity, collaboration, and communication word across the industry.

Allan Alford

CISO, Podcaster, President

Allan alford consulting

With 20+ years in information security, Allan has served as CISO five times in four industries, with a strong history in technology, manufacturing, telecommunications, litigation, and education. Allan parlayed an IT career into a product security career and then ultimately fused the two disciplines. This unique background means that Allan approaches the CISO role with a highly business-aligned focus and an understanding of an organization's greater goals, drivers, methods, and practices.

Allan has led security functions in companies from 5 to 50,000 employees and executes a risk-based approach to security, as well as compliance with many frameworks. Allan hosts The Cyber Ranch Podcast.

Charisse Castagnoli

eCommerce, Cyber, Privacy Attorney

Ashley Chackman


Ashley is a driving force behind behavior change, occupying the role of lead for Security Training Awareness and Communication at Ciena. She spearheads the strategy and implementation of the global Security Awareness program. Drawing from her 10-year tenure in the technology and public sectors, Ashley has come to recognize the significance of helping people comprehend the “why” behind initiatives to inspire real change, rather than simply inundating them with technology or security tools. Presently, her focus lies in imparting advice and guidance to Human Risk leaders, equipping them with the skills to construct captivating communications using threat intelligence and emotion.

Sunette Runhaar

Insider Threat Awareness Program Lead


Sunette is an information security awareness specialist and is currently the Insider Threat Awareness Program Lead at Uber. Under her leadership, the program plays a key role in Uber’s security resilience strategy, helping employees to recognise and prevent potential insider threats through a robust education and awareness program.

Before Sunette joined Uber, she spent several years at Tesla as the Information Security Education and Awareness Lead, where she built the company’s first global data security awareness program from the ground up. Sunette holds a Master of Science degree in Biochemistry from the University of Stellenbosch in her home country of South Africa.

Kathryn Glynn

Sr. Information Security Awareness & Training Lead


Kathryn Glynn’s role at Kimberly-Clark is Sr. Information Security Awareness & Training Lead. Her undergrad is in Marketing and Information Technology and she holds a Masters Degree in Marketing. In her career she has held numerous positions that mix Marketing and IT together and for the past 7 years she has been in Information Security, specifically focusing on securing the human. In her role she helps team members to not fear cyber-attacks but to feel empowered knowing they have the right tools to fight against them. People are not the problem; they are the solution. Educated, empowered people are your company’s best defense. Kathryn is an expert in analyzing, designing, developing, and implementing adult learning curriculum in a variety of multimedia formats that encourage employee growth and retention.

Jenny Hedderman

Risk Counsel

Comptroller of the Commonwealth of Massachusetts

Jenny W. Hedderman Esq. is Risk Counsel from the Office of the Comptroller in Massachusetts. Attorney Hedderman specializes in compliance, internal controls and risk management in the areas of statewide accounting, payroll, financial reporting, and statewide financial audits for the 154 state agencies. Her current focus is developing the Comptroller’s Statewide Risk Management program, including cybersecurity, internal controls and cybersecurity awareness to reduce fraud and cyber incidents. Recent projects include the CTR Cyber Center website ( providing cybersecurity content, Cybersecurity Tips of the Week, CTR Cyber 5 (5 minute videos) and other internal controls to improve financial responsibility and protection of data, assets, and resources across the Commonwealth. Attorney Hedderman is Chair of the State Records Conservation Board. Secretary of the Essex Co-Operative Farming Association Board, as well as Adjunct Professor in Business Law at Endicott College.

Dustin Sachs, MBA, CISSP

Sr. Manager, Governance Risk and Compliance

World Fuel Services

As a dynamic Information Security and Risk Management Leader, he brings over 17 years of experience in managing cybersecurity projects and conducting incident response investigations. Throughout his career, he honed expertise in cybersecurity frameworks, threat detection, and risk management practices.

Currently pursuing his Doctoral degree at Colorado Technical University, his research focuses on cyber risk decision-making. His deep understanding of cybersecurity frameworks and compliance standards empowers him to apply principles of governance and compliance effectively to information security initiatives.

Rinki Sethi


Rinki Sethi is the current vice president and chief information security officer at BILL, where she leads global information technology functions. She is also responsible for leading efforts to protect BILL’s information and technology assets and advise the company’s continued innovations in the security space.

Sethi brings decades of security and technology leadership expertise, including her recent roles as VP and CISO at Twitter and Rubrik, Inc. She has been at the forefront of developing cutting-edge online security infrastructure at several Fortune 500 companies such as IBM, Palo Alto Networks, Intuit, eBay,, and PG&E. Sethi also serves on the board of ForgeRock, a global digital identity leader, and Data-In-Use Encryption leader Vaultree. She advises many other startups and VCs.

Nicole Thibault

Principal Security Awareness


Nicole Thibault began a career in Security Awareness in 2013. Starting from the ground up (in so many ways) she built the foundation of a Security Awareness program at a large heath care corporation. Now, ten years later in the tech industry, Nicole helps shift the mindset of employees and contractors to know security isn't something to be feared, and employees should turn to security for issues and concerns. Building a culture of personnel who report phishing emails and odd computer behavior is the starting point to employee empowerment.

Martijn Verbree

Lead Partner, Cyber Security

KPMG Australia

Martijn specializes in cyber security, digital technology, and risk management. He has more than 20 years' experience leading large-scale cyber and technology risk transformations across the globe in financial services, large dotcoms, and critical national infrastructure. He's experienced in cyber risk strategy, implementation, and incident response for boards and the C-suite.

While on a career break from KPMG, Martijn set up and ran the European business for an Australian tech startup in London. During this time, Martijn gained hands-on experience in agile working, fast-paced digital transformation, and DevOps.

In January 2022, Martijn joined KPMG Australia. Previously, he was a partner in KPMG's London office, where he led the cyber security business for their largest corporate clients.

Living Security’s mission is to help prevent cybersecurity breaches with a human risk management solution that does more than meet compliance needs, it also truly changes behavior.

© 2024 Living Security All rights reserved.