Cyber Empathy

Whenever someone says humans are the weakest link in cybersecurity, besides educating through fear, they are crafting a narrative, creating a reality in people's heads, and making them feel helpless against cyber criminals.

My guest, Lianne Potter, feels utterly differently about how to educate people on cybersecurity. Instead of fear, she advocates for empowering them through trust, autonomy, and, above all things, reciprocity.

Lianne is a Cyber Anthropologist, Head of Security Operations at Asda, a published author, host of the Compromising Positions podcast, keynote speaker, and multi-award-winning cybersecurity specialist. She recently won Computing.com's Security Specialist of the Year award, and, in 2021, she was named one of the Security Leaders of the Year and Woman of the Year in the Enterprise category.

This conversation is yet another opportunity to discover the dedication, kindness, and thoughtfulness that brought Lianne all these well-deserved achievements.

Throughout our conversation, she brought her brilliant and unique vision of cybersecurity. We discussed cybersecurity's own microculture in the tech space, its rituals and habits, and how cybersecurity specialists can transform how they educate the people they serve.

Lianne proposed brilliant ideas like ritualizing protection, empowering people through trust and autonomy instead of micromanaging and fear, cultivating the' hero mentality, and more.

Episode highlights:

• The moment Lianne fell in love with cybersecurity (6:40)
• What makes cybersecurity's micro-culture so attractive (10:20)
• The 3 main traits of cybersecurity (14:30)
• Why reciprocity is crucial in cybersecurity (17:20)
• Why trust and autonomy are the biggest gifts cybersecurity can offer (20:00)
• Lianne’s experience with joining her first cybersecurity team (26:30)
• The importance of how we communicate things (37:10)
• Why educating through fear never works (42:00)

Resources Mentioned:

• Lianne on LinkedIn
• Lianne on Twitter / X
• The Compromising Positions podcast
• Lianne on Tom Eston’s Shared Security Podcast
• What is a Cyber Anthropologist? Lianne Potter on The Brainy Business Podcast
• Wearables, Shareables, Unbearables - The IoT and AI Tech Nobody Asked For but Cybercriminals Love!

Let's connect!

• Website
• LinkedIn
• Twitter

Joshua Corman is a security strategist, philosopher, and co-founder of I am The Cavalry, a collective of professionals from technology, law, and public policy who work to mitigate the impact software-enabled and always-connected devices have on public safety and human life.

We had a deeply moving conversation about Joshua's influential work in cybersecurity, the birth of I Am The Cavalry, and his experiences navigating tough life transitions.

Using his masterful ability to capture thoughts, feelings, and experiences, Joshua brings to life the essence of building genuine connections, fostering trust, and caring deeply for others - and the role these play in using cybersecurity for a worthy goal.

Episode Highlights:

• Joshua shares a valuable lesson a stranger taught him about empathy (3:10)
• About the feeling that gave birth to I Am The Cavalry (8:00)
• Why bother? Because we want to be safer sooner (15:40)
• There's nothing more intoxicating than having an impact, material progress, and tangible wins (22:40)
• What is the next wave of empathy in cybersecurity (28:20)
• You don't need to be famous to make the world better (36:40)

Resources Mentioned:

• I Am The Cavalry website
• I Am The Cavalry Twitter
• I Am The Cavalry - Hippocratic Oath for Connected Medical Devices
• Swimming with sharks - security in the Internet of Things: Joshua Corman at TEDx Naperville
• Jack Daniel's LinkedIn profile
• Beau Woods's website
• Claus Cramon Houmann's LinkedIn profile
• Cyber Summit 2020: Opening Remarks from Josh Corman
• 10 Years After…My Thoughts on Josh Corman's BSides Las Vegas 2023 Keynote
• Everclear - Heartspark Dollarsign
• BSides Las Vegas
• ShmooCon

Connect with Joshua:

• LinkedIn

Let's connect!

• Website
• LinkedIn
• Twitter

Javvad is a brilliant Security Awareness Advocate, Speaker, sharp industry commentator, and one of the most prolific bloggers in the community. His natural talent for making the cybersecurity industry's most technical and complicated matters easy to understand is a gift and an inspiration.

Join me as Javvad masterfully dissects the negativity and the rationalization bias, using brilliant analogies to explain the disconnect between cybersecurity specialists' expectations and people’s responses to digital challenges.

And, if you’re up for it, help us answer this question: how can we make cybersecurity fun for people?

PS: This is not my AI-generated voice, but rather my adapter-damaged one. I only noticed the terrible quality after the recording, so please bear with me - or just skip to Javvad's parts, which are flawless!

Episode Highlights:

• What we really need to be teaching people about cybersecurity (4:50)
• How to deal with the curse of knowledge (10:10)
• The best way to keep cybersecurity connected to people's realities (19:20)
• How to rebrand the cybersecurity team - and why we need this (24:10)
• The problem with rational thinking (28:30)
• Why cybersecurity is evolving beyond tech-focused conversations (38:50)

Resources:

• Book - Javvad Malik - 50 Ways To Survive & Thrive In Cybersecurity

Connect with Javvad:

• Website
• LinkedIn
• Twitter

Let's connect!

• Website
• LinkedIn
• Twitter

How many accounts on different websites do you have?

Sharing our personal information online as a condition to access content has become a reflex. We hit the "I've read and agree to the terms and conditions" button without thinking about it. In fact, only a handful would notice if anything else is written in that box.

Yet things are starting to change; those worried about data privacy aren't only hackers anymore. The wave of awareness that questions what companies do with the personal information we share with them has started spreading to every corner of the cybersphere.

My guest, the brilliant and passionate Merry Marwig, is optimistic about the future of the data privacy landscape and believes it is already going through a positive transformation.

Merry is a Volunteer Advisor at The Plunk Foundation, a Privacy Consultant at DataGrail, and, as you'll see throughout our conversation, overly excited about data privacy tech.

Merry's thoughts on the evolution of data privacy programs stay firmly rooted in the reality of her research and data-driven approach, factors which also fuel the change seeping into people's perception over these issues, and the link between privacy and security.

With Merry’s help, you’ll also understand the emotional toll privacy harms have on you, me, and everyone else, and how ethical use of consumers' information can actually boost a company's growth, plus much more.

Episode highlights:

• How privacy and security are different, but related (1:20)
• The emotional toll of privacy harms (6:50)
• Understanding how our data gets resold online (15:10)
• Why now is the right time to do the right thing about data privacy (17:20)
• How younger generations see data privacy (24:40)
• Why privacy is part of our culture (29:30)
• How our understanding of privacy is deepening (38:50)
• Why even marketers are moving to privacy (46:40)

Connect with Merry:

• LinkedIn

Let's connect!

• Website
• LinkedIn
• Twitter

If you boil cybersecurity down to its essence, you'll find a hacker doing their best to educate, communicate, and help people see the world the way they do: with curiosity and the innate desire to understand it and make it better.

Yet what's the community reaction when a message fails to land as expected? It’s (still too) often victim-blaming, a sarcastic remark, or a vague piece of advice to do more of… something.

To our guest, Alyssa Miller, it all comes down to self-awareness and understanding that, frequently, impact is more important than intent. Being more aware of how and what we communicate may seem like a simple adjustment, but it is definitely the cornerstone of a more transparent, more thoughtful, and empathetic communication style in cybersecurity.

As SVP and CISO, Alyssa is responsible for aligning strategic security initiatives with business line objectives to protect customers' data and privacy. She is also a lifelong hacker, RSA and TEDx speaker, and the Author of "Cybersecurity Career Guide," a book she wrote to address the disconnect between the perceived scarcity of specialists in cybersecurity and all those pounding on the door trying to figure out how to get into the industry.

Throughout our conversation, you'll hear Alyssa's thoughts on the meaning of being a hacker, emotional intelligence, and self-awareness. She also talks about the importance of conferences in cybersecurity, why it is preferable to make friends instead of fans, her book, the lessons learned along the way, and much, much more.

Listen to this episode to discover:

• When Alyssa started to see the world from an empathetic point of view (4:40)
• What changes she experienced and witnessed since the industry began discussing empathy (14:00)
• What (ethical) hackers actually do (18:50)
• Why it’s better to make friends than to make fans (24:20)
• What is a hacker? (31:30)
• How to get into cybersecurity (42:10)

Resources mentioned:

• Book: Alyssa Miller - Cybersecurity Career Guide
• IppSec - We think we know how to build differentiating skills in offsec
• Solving the Tech Skills Gap at Your Local Coffee Shop | Alyssa Miller | TEDxLSSC

I’ve had dozens of conversations exploring the need for empathy and compassion in cybersecurity, from supporting victims of cybercrime to acknowledging the data we protect are not numbers on a screen but real people’s experiences.

Yet the transformation empathy is capable of goes way beyond cybersecurity. It seeps into the teams and companies we build, the relationships we influence through technology, it guides leadership, and so much more!

That’s why I’m delighted to open Season 5 of Cyber Empathy with a trailblazer in the community, known for his generosity, empathy, and honesty.

Vivek Ramachandran, Founder of SquareX, joins me to discuss the importance of optimism, perseverance, compassion, and vulnerability and their instrumental role in every aspect of his life.

Discover how Vivek's commitment to accessible education and his genuine desire to help others have shaped his career and inspired the entire offensive security community (and continues to do so).

Listen as Vivek recounts personal stories, including the astonishing support he received when transitioning a personal project into a full-time venture, and the profound impact of his empathetic approach on individuals and teams across the world.

This conversation sets the tone for this new season in which we’ll dive even deeper into the layers of our humanity and how they shape technology and the way we show up for ourselves and others.

Tune in to explore:

• Why people tend to give back when the opportunity arises (11:10)
• How to be kind, compassionate, and empathetic when it is challenging to be it (18:40)
• How to carve time for yourself when building a company and doing deep research in cybersecurity (25:00)
• How Vivek balances accountability, flexibility, and trust at SquareX (29:50)
• The role empathy plays in Vivek’s SquareX and other tech companies (37:50)

Connect with Vivek:

• LinkedIn
• Twitter
• SquareX's website

Let's connect!

• Website
• LinkedIn
• Twitter

In an industry whose goal is to protect people, purely profit-driven marketing makes no sense - and certainly doesn’t work.

After over a decade of running digital marketing for high-growth B2B technology startups, my guest, Dani Woolf, realized marketing is wildly different in information security.

It took her four years after joining the cybersecurity industry in 2018 to create Audience 1st, a customer research agency built on four pillars:

• curiosity to truly understand audiences
• empathy to listen first and identify cybersecurity buyers' pain points
• dedication to provide insights that promote growth
• and honest connection to establish authentic relationships with buyers.

Dani Woolf continues to do meaningful work for people who care as the Creator and Host of the Audience 1st podcast and the WTF Did I Just Read? Tech Sales and Marketing Edition Podcast.

Throughout this conversation, Dani shares her thoughts on marketers' role in cybersecurity, her "mission before money” mindset, and why repetition and messaging consistency are crucial in this space.

You'll also hear why we need leaders who choose peaceful and kind ways of communicating and why Dani believes the creative tension between old-school and modern marketers in cybersecurity is a good thing.

Additionally, Dani explains how she uses honesty to get real, deep insights from tech and IT pros, why she doubles down on being pragmatic and practical, and more ways to create positive change.

Listen to this episode to learn:

• Why Dani advocates for slowing down and opening our hearts in cybersecurity (3:00)
• How to avoid leaving people out through black-and-white approaches in communication (7:50)
• Why having creative tension is a good thing (14:40)
• How marketers can make a meaningful contribution to cybersecurity (18:30)
• How to set expectations to have in-depth conversations with tech and security leaders (27:00)
• Why it’s crucial to connecting with audiences beyond data (34:00)
• Which benefits come from being pragmatic, practical, and prescriptive (41:20)

Resources from this episode:

• What vendor looks really good, but is it actually GREAT?
• Jason Vana's LinkedIn profile
• Everyone Hates Marketers
• Behind the mask: Managing high-functioning anxiety
• Your audience insights = Your foundation
• The biggest problems in the cybersecurity industry
• Dani's post about her interview at Cyber Empathy
• Marketers can learn a great deal from security researchers
• Here's how I flipped from reactive to proactive as a marketer in my 14+ years in B2B
• How to build authentic relationships in cybersecurity to scale growth
• Vulnerability management in cybersecurity
• Peep Laja's website
• the Jobs to be Done framework

Connect with Dani:

• Website
• LinkedIn
• Twitter

Let's connect!

• Website
• LinkedIn
• Twitter

The blame game is a strong reflex in cybersecurity for many people. Pointing fingers at the human error that caused the breach, complaining about the CEO who didn't invest enough resources or training in cybersecurity, and taking it out on the CISO are all common occurrences. And they don’t help anyone.

Blaming harms everything that empathy in cybersecurity represents and works so hard to change in the industry: connection, trust, personal growth, and making meaningful progress.

But there’s hope! One of the most powerful solutions, actually born out of an empathetic approach to human connection: Nonviolent Communication.

Today’s guest, Octavian Istrate, explains how this technique can end the blame game, change perspectives, and get people to open up.

Octavian is a Certified Trainer with the US Center for Nonviolent Communication (CNVC) and a dedicated Association for Nonviolent Communication (ACNV) member. He discovered Nonviolent Communication in 2010, and 7 years into applying it to his personal life, he decided to share it with others through courses, workshops, and practice groups. In 2019, he became a Certified Trainer and turned his passion into a core part of his work.

In this episode, we explore how Nonviolent Communication contributes to developing empathy in cybersecurity, what makes it a powerful tool for personal growth, and how it helps build healthier relationships.

You'll hear Octavian's thoughts on emotional needs in the workplace, what drew him towards Nonviolent Communication, and how to use this approach to manage difficult situations.

Additionally, Octavian talks about the changes he experienced as someone coming from a technical background, empathy blockers, and how he ended up becoming a change strategist. We even go through a real-life exercise on how to apply Nonviolent Communication!

Listen to this episode to learn:

• How Nonviolent Communication can remove blame from cybersecurity conversations and behaviors (4:10)
• What was going on in Octavian’s life when he learned about Nonviolent Communication (11:00)
• How to separate observation from judgment (14:20)
• What made Octavian decide to become a Nonviolent Communication trainer (28:00)
• A real-life exercise on Nonviolent Communication (37:50)
• How empathy blockers affect communication (48:20)

Resources from this episode:

• Book: Marshall B. Rosenberg - Nonviolent Communication: A Language of Life: Life-Changing Tools for Healthy Relationships (Nonviolent Communication Guides)
• Center for Nonviolent Communication's website
• Empathy Blockers

Connect with Octavian:

• Octavian’s website (Romanian)
• Octavian as a change strategist (Romanian)

Let's connect!

• Website
• LinkedIn
• Twitter

Cybersecurity has a human heartbeat.

The variety of backgrounds that people in this space have enriches an industry that is day by day more interested in its human side. Different experiences bring new perspectives and ways of doing things to a community that craves human connection.

Our guest, the extraordinary Maril Vernon, is the perfect example. Coming from the social media marketing space, Maril took the cybersecurity industry by storm, becoming the 2023 Cybersecurity Woman Hacker of the Year, claiming the 2023 CyberJustu Pentest Ninja Award, and being recognized as one of the Top 10 Women Influencing Cyber by CyberSHEcurity.

Maril is the Senior Application Security Architect at Aquia Inc., Contributing Writer at CSO Online, COO at Teach Kids Tech, Co-host and Co-founder of The Cyber Queens Podcast, Purple Team Program Manager, and a 24/7 advocate for amplifying female and LGBTQ diversity in cybersecurity.

Throughout our conversation, Maril shares her thoughts on creating space for recognizing emotions in the workplace, how she sees and experiences empathy in cybersecurity, and the positive impact of her social media marketing background on her development as a hacker. Maril also talks about remote work cultures and human connection, generational differences, self-care, her commitment to increasing equality and diversity in cybersecurity, and more.

Listen to this episode to learn:

• How Maril sees the importance of empathy in cybersecurity (3:10)
• Why there’s rising interest in the human side of cybersecurity (7:50)
• How inclusive the industry really is (18:00)
• Why Maril decided to start The Cyber Queens Podcast (26:00)
• How different backgrounds enrich the cybersecurity industry (34:50)
• How radical acceptance can be a life-changing hack (41:50)

Resources from this episode:

• The Cyber Queens Podcast
• Maril's Bio
• Hacker Valley Media - Unleashing the Power of Cybersecurity Purple Teams with Maril Vernon
• The Cyber Guild - Spotlight on Maril Vernon
• Maril on Twitter - What Makes Hacking Ethical or Unethical?
• Phillip Wiley
• Tracy Z. Maleeff (InfosecSherpa) on CyberEmpathy
• Lesley Carhart (hacks4pancakes)

Connect with Maril:

• LinkedIn
• Twitter

Let's connect!

• Website
• LinkedIn
• Twitter

A̶l̶m̶o̶s̶t̶ every route in cybersecurity lands on empathy. Despite its ultimate goal of protecting data, information security remains a people-focused discipline, with paths that lead to it as varied as they come.

Yet the magic happens when hackers with the most unconventional backgrounds use their hacking skills to break down things and reconnect them in surprising ways. My guest, Pete Herzog, a humble giant in the cybersecurity space, is the perfect example of this.

Pete is the Co-founder and Managing Director of ISECOM and the Co-founder of Urvin AI, Mewt, and Invisibles. On top of his immense contribution to cybersecurity, his diverse range of interests also materialized in a collection of fascinating neurohacking tools.

Join us for an exploration of the hacker mindset at the intersection of hacking, neuroscience, and music!

Pete's unconventional route to cybersecurity has a lot to teach us, as does his innate ability to combine multiple disciplines in remarkable ways. I talked to Pete about Hacker Highschool, the project he started to bring cybersecurity education to teenagers, the spark that lit the creation of neurohacking music and Invisibles, the Open Source Security Testing Methodology Manual (OSSTMM), his thoughts on trust, empathy in cybersecurity, and much more.

Tune into this episode to get:

• A glimpse into Pete's background and how his passion project - neurohacking music - started (4:00)
• Insight into Pete's "unconventional" background and how it molded his approach to cybersecurity (16:30)
• Why our difficult experiences are what (should) make us empathetic (23:30)
• Why Hackers Highschool is such an important project for this community (26:00)
• Pete’s thoughts on "zero trust" and the creation of the OSSTMM (31:10)

Resources from this episode:

• Pete's post on what's cybersecurity about
• Pete's tweet on being nice in cybersecurity
• Hacker Highschool
• Invisibles' website
• @GenXBanshee tweet on Pete's Invisibles neuro hacking music
• Neurohacking
• Xavi De La Iglesia
• Binaural Beats
• Transcranial direct-current stimulation
• OSSTMM (The Open Source Security Testing Methodology Manual)
• 2600.com

Connect with Pete:

• Website
• LinkedIn
• Twitter

Let's connect!

• Website
• LinkedIn
• Twitter