How do we measure and manage the human element of cyber risk beyond technology and basic security training?
Welcome to Razorwire, where we uncover what really matters in cybersecurity. I’m James Rees and in this episode, talking about the world of human risk intelligence with Flavius Plesu, Founder and CEO of OutThink. We'll question whether staff really are the 'weakest link' and instead explore how understanding real human behaviour can turn your workforce into a formidable security asset.
For too long, information security has focused almost exclusively on technical controls, but sophisticated attacks today often exploit human decision-making more than any firewall. Flavius draws on his experience as a CISO and innovator, sharing first-hand insights into how organisations can predict, quantify and actively manage risk stemming from their staff. We discuss psychological profiling techniques that identify high-risk individuals, methods for engaging employees in security and balancing monitoring with trust when using behavioural analytics. If you want to future-proof your security posture, this episode is essential listening.
3 Key Talking Points:
- Why traditional security awareness strategies fall short - and what truly effective human risk management looks like: Learn why measuring click rates and running generic training programmes leaves you blind to real human risk, and discover how behavioural science and crowdsourced intelligence can finally give you the visibility and control you need.
- Real world examples of predicting and preventing insider threats - before damage is done: See exactly how banks and enterprises use psychographic segmentation and statistical models to identify risky patterns in their workforce, and understand the practical steps to transform your incident response from reactive to predictive.
- Navigating the ethical line: how to balance security monitoring with employee privacy and trust: Master the delicate balance between effective security monitoring and employee rights, learning how transparency-driven design and GDPR-compliant approaches can turn potential resistance into active security partnership across your organisation.
Ready to rethink the human side of cyber risk? Tune in to this Razorwire episode and sharpen your defences from the inside out.
On Moving Beyond Traditional Training:
"Something like 90% of users admitted to bypassing security controls… with full knowledge that they're introducing additional risk to the organisation. So the idea that training would be enough, just train them, they'll get it. It's a bit naive."
Flavius Plesu
Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen
In this episode, we covered the following topics:
- The Evolution of Human Risk in Cybersecurity Learn how the industry's shift from purely technical controls to recognising human factors is reshaping security strategy and why this change is essential for modern organisations.
- Defining Human Risk Intelligence Understand what human risk intelligence actually means and discover how organisations can quantify and predict human behaviour to strengthen their cybersecurity posture.
- The Shortcomings of Traditional User Training Discover why legacy approaches like annual training and click-through tests fail to address real world human risk and what you should be doing instead.
- Accidental vs....
