[RSAC 2023] Human emotion should be at the core of cybersecurity training

[RSAC 2023] Human emotion should be at the core of cybersecurity training
Lisa Plaggemier, the executive director of National Cybersecurity Alliance, is delivering her speech on cybersecurity training during a track session at the RSA Conference on April 25. Photo by Kuksung Nam, The Readable

By Kuksung Nam, The Readable
Apr. 25, 2023 8:15PM GMT-7

RSA Conference 2023 ― San Francisco ― Cybersecurity training needs to focus on human emotion as an essential element in making a visible change in people’s behaviors, according to a pioneer in security awareness and education on Tuesday.

Lisa Plaggemier, the executive director of the National Cybersecurity Alliance (NCA), a non-profit organization whose mission is to make cybersecurity more assessable to all parties, asserted that cybersecurity training should leverage human emotion and make connections with the people on the other side of the screen.

In the words of the expert, current cybersecurity training is going through an “epidemic of boringness.” Because the people administering the training are so focused on delivering the content thoroughly, they often miss out on making a human connection and fail to impact the actual security behaviors.

According to a report issued by the cybersecurity company Tessian last year, 72% of the respondents said that cybersecurity training was not engaging, and only 36% of them answered that they paid full attention during such sessions. This survey collected the opinions of 500 security leaders and 2,000 working professionals from various fields in the United States and the United Kingdom.

The expert stressed the importance of human emotion, such as inspiration and curiosity. “Users who find training to be very interesting were 13 times more likely to make fundamental changes in the way they think about cybersecurity,” said the executive director of NCA, citing the research she had conducted before joining the NCA.

Jenny Brinkley, the director of Amazon Security, is delivering her speech on cybersecurity training during a track session at the RSA Conference on April 25. Photo by Kuksung Nam, The Readable

Alongside boredom, Jenny Brinkley, the director of Amazon Security, stated that cybersecurity training should be separated from fear. “You have to remove the fear,” said the director. “We are living in a time where optimism and hope is the way we are going to get forward.”

Furthermore, the experts shared several actionable steps that cybersecurity communities could take, such as brainstorming with staff (including the trendsetters in the office), starting with an affordable budget, and continuing the work even though there might be some who disagree with it.

“If you are doing really different and creative things, not everybody is going to like it,” said Plaggemier. “That’s often times a hint that you might actually get people’s attention and be successful.”

nam@thereable.co


Kuksung Nam is a journalist for The Readable. She has extensively traversed the globe to cover the latest stories on the cyber threat landscape and has been producing in-depth stories on security and privacy by engaging with industry giants, foreign government officials and experts. Before joining The Readable, Kuksung reported on politics for one of South Korea’s top-five local newspapers, The Kyeongin Ilbo. Her journalistic skills and reportage earned her the coveted Journalists Association of Korea award in 2021 for her essay detailing exclusive stories about the misconduct of a former government official. She holds a Bachelor’s degree in French from Hankuk University of Foreign Studies, a testament to her linguistic capabilities.