Three decades. Billions of dollars in security investment. And the human element still sits behind 68% to 72% of every breach that happens. If that statistic does not make you uncomfortable, you have probably been in this industry long enough to have accepted it as inevitable. Masha Sedova has not accepted it, and this episode is the result of a career spent refusing to.
Masha co-founded Elevate Security, built it into the leading human risk management platform in the space, and watched it get acquired by Mimecast - where she now leads human risk strategy and product across a portfolio that combines email security, DLP, collaboration security, and behavioral risk intelligence under one roof. She is one of the most rigorous thinkers working at the intersection of people and security, and this conversation left me genuinely rattled in the best possible way.
We talk about what human risk management actually is and why calling it a rebrand of security awareness is a disservice to both categories.
We get into the 8/80 rule - the finding that 8% of your workforce is responsible for 80% of your incidents - and what it means for how security budgets should actually be allocated.
We cover the four personas framework, the open ecosystem bet, the board conversation, and the cultural debt that the phrase 'humans are the weakest link' has accumulated over thirty years.
I push back where I think the industry has not fully reckoned with what it is building, and Masha pushes right back.
If you work in cybersecurity in any capacity - whether you are a CISO, a founder, an investor, or a marketer trying to understand what your buyers actually care about - this episode will change how you think about the human element problem.
Listen and enjoy.
A special thanks to our friends at Mimecast for partnering with us to tell this story.
