Living Security takes an intelligence-based approach to delivering security awareness training content at scale, anywhere from small business to Fortune 500. We help real people train for the next threat, not the last one. This is intelligence-driven security awareness which lends itself to accurately measuring human risk, today. So, how do we develop new training exercises as cyber threats continue to evolve and change?
Short-answer: by being observant storytellers. Our intelligence team uses automated open-source intelligence (OSINT) feeds to collect information on emerging threats, vulnerabilities and technologies. Then, we apply the appropriate content tags, analyze the information to produce intelligence, break the intelligence down into its constituent parts and develop a story.
Each one of our training exercises is a patchwork of intelligence stories woven together, influenced by each client's unique cultural fabric. Said another way, we turn tradecraft knowledge into the kind of story our audience will appreciate and understand. Intelligence drives everything we do.
Intelligence is a force multiplier. It makes everything around it better by reducing uncertainty in decision-making, contextualizing otherwise complex situations, de-emphasizing the noise, increasing clarity and so on. In this way, applied intelligence can plug into every output and outcome for our customers and provide best-in-class training.
By training for the next threat, not the last one, people begin to understand risk personally and corporately and are no longer perceived as weak links in the chain but a new sort of security perimeter (HUMINT). From a business sense, this reduces behavioral risk, eliminates blind-spots and influences culture change. Here are just a few examples of intelligence-driven content...
- Strava: A Curious Case for Security Awareness
- The GitHub Bug: A Near Miss
- IoT: When Smart Things are Dumb
- Landscape of Living Threats
- (Internet of) Stranger Things
- WiFi Security
Cyber Decision Intelligence
In the same vein, we use principles of decision intelligence to inform our content. Decision Intelligence is a burgeoning field, driven by Cassie Kozyrkov and Google at the helm, designed to use applied machine learning and statistics to help people make better decisions. The idea of making better decisions is not new. Everyone makes decisions, either explicitly or implicitly. But it is increasingly a topic of interest because of how many psychological and technological advances have been made in recent years and how those same advancements can improve human ability to improve outcomes.
For almost anyone willing to listen and learn, decisions can improve not only in type but in frequency. Even if outcomes do not happen as planned, good decisions increase the likelihood of them happening. Thinking drives action; secure thinking drives secure action.
As humans, we are always dealing with uncertainty, looking for evidence. Doing nothing isn’t an option. And decision intelligence and applied statistics help us to reason; not reason for us.
The intersection of psychology and security awareness is decision-making. Here, the security awareness professional, the CISO and the future-leader can learn how decision-making works, the context in which secure decisions are made and how better decisions influence positive behavior- and culture-change across the enterprise.
Parting wisdom? Remember that ‘secure’ is not a noun but a verb. ‘Secure’ is something we do - or more accurately - something we choose to do. Moving beyond behavior management in this way will win hearts and minds, as well as an appreciation for the security awareness team and beyond.
Sign Up To Receive Living Security’s Curated Content!
From the leading authority on game-based security training comes a series of publications for leaders in cyber security and security awareness to understand the value and ROI of implementing and experiencing a positive security culture.