Sarah Aalborg on Secure by Choice

https://is1-ssl.mzstatic.com/image/thumb/Podcasts221/v4/c7/f3/ca/c7f3ca3d-48d2-4b36-27de-1f6f1cfdf174/mza_1544507604479344495.jpg/600x600bb.jpg

The Human Risk Podcast

Human Risk

335 episodes

1 week ago

People are often described as the largest asset in most organisations. They are also the biggest single cause of risk. This podcast explores the topic of 'human risk', or "the risk of people doing things they shouldn't or not doing things they should", and examines how behavioural science can help us mitigate it. It also looks at 'human reward', or "how to get the most out of people". When we manage human risk, we often stifle human reward. Equally, when we unleash human reward, we often inadvertently increase human risk.

Social Sciences

Science

RSS

All content for The Human Risk Podcast is the property of Human Risk and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Social Sciences

Science

https://d3wo5wojvuv7l.cloudfront.net/t_rss_itunes_square_1400/images.spreaker.com/original/e57d35b025802277b1ed19e88c2ceb59.jpg

Sarah Aalborg on Secure by Choice

The Human Risk Podcast

1 hour 4 minutes

1 month ago

Sarah Aalborg on Secure by Choice

What do people have to do with cybersecurity? A lot. As with other fields of human risk, it’s people that are typically the root cause of problems in the cybersecurity world. Which is where my guest’s expertise in behavioural design comes into play.

On this episode, I’m speaking with Sarah Aalborg, a cybersecurity and behavioural design expert who’s on a mission to change how organisations approach IT security.

Rather than focusing on firewalls and tech solutions, Sarah examines the human behaviours that can undermine even the best-designed security systems.

Her new book, Secure by Choice, challenges conventional security thinking by exploring how cognitive biases affect security professionals and how to use behavioural design to reshape security culture.

We discuss the pitfalls of traditional security training – particularly those phishing tests that feel more like traps than training – and how to flip the script by focusing on what we want people to do rather than what we want them to avoid.

Sarah shares practical strategies for using positive reinforcement, creating engaging training experiences, and making security less about fear and more about action.

By applying principles of behavioural science and risk-based thinking, Sarah explains how we can bridge the gap between security policies and everyday human behaviour.

Guest Biography
Sarah Aalborg is a cybersecurity expert and behavioural design advocate, focusing on how cognitive biases impact IT security professionals and their decision-making processes.

She is the author of Secure by Choice, a book that challenges conventional approaches to cybersecurity training by applying principles of behavioural science to security culture.

With a background in IT security spanning over two decades, Sarah speaks at major security events and consults with organisations on how to create more effective, engaging, and human-centric security programs.

AI-Generated Timestamped Summary
[00:00:00] Introduction

[00:01:00] Meet Sarah Aalborg – Why she wrote Secure by Choice and her journey into behavioural design.

[00:03:00] The '20-centimetre above the keyboard' exercise – How human inaction impacts tech security.

[00:05:00] Why phishing tests feel like entrapment – and how to flip the script.

[00:08:00] Turning phishing tests into positive reinforcement opportunities.

[00:10:00] How a simple 'Report Suspicious Email' button can change behaviours.

[00:12:00] The problem with fear-based messaging in cybersecurity.

[00:14:00] Why telling people what NOT to do isn’t effective.

[00:15:00] Sarah’s four-step framework for creating risk-aware security cultures.

[00:17:00] Why most security training is designed to address the wrong problem.

[00:20:00] The McDonald's kiosk example – What we can learn from other industries.

[00:25:00] The importance of actionable examples in security training.

[00:30:00] The generative AI paradox – When tech meets human bias.

[00:35:00] Why AI is the ultimate behavioural science challenge.

[00:40:00] The 'Operating System' analogy – Why the human brain is still running Stone Age software.

[00:50:00] Why cyber professionals need to look outside their own industry for inspiration.

[00:55:00] The role of curiosity and exploration in designing effective security programs.

Links:Sarah’s website: https://securebychoice.com/
Sarah on LinkedIn: Back to Episodes