Now, more than ever, it is important for organizations to embrace a new approach to security awareness training. In this presentation, we present a new field of "Psychological Security" to update the way people are trained to recognize technological manipulation.
9. New Fields are
often a Synthesis;
combining 2
distinct knowledge
domains.
Old Field +
New Knowledge
Insights =
A New Synthetic Field
10. What are some of the
latest psychological
insights that could lead to
a new field?
11. A brief listing of scientific phenomena.
Blindsight: The “unconscious” ability to see once a
person becomes blind.
Serial Position Effect: The ability to only recall the
first and last thing is a list of 4 or more items.
Fundamental Attribution Error: The inability to
describe another’s behavior from one’s own
personal characteristics.
McGurk Effect: When someone watches a dubbed
video different from the voice, so that the audience
makes up a new third understanding of the
presentation.
Apophenia (Patternicity / Agenticity): The
phenomena of recognizing patterns in chaos or
assumptions of patterns.
Template Matching Patterns: The foremost going
theory that we only recognized patterns based upon
inherited narratives or previous experience.
13. What if InfoSec solutions
are training the wrong
part of the brain?
14. Cognitive
Security: CogSec
High Resolution work and
training engaging the deals with
increasing complexity and
multiple variables.
This is where security
professionals live and learn.
Example: This presentation.
15. PsySec
Focused on the ability for
individuals to recognize and
respond to security threats and
manipulation.
16. An early PsySec Manifesto
1. Psychographics > Demographics
2. Culture eats compliance for breakfast.
3. Feedback, Feedback, Feedback
4. Security is too important to take
seriously.
5. Stories Matter.
6. Brains are not computers.
7. Don’t make it easy a.k.a. Build
games.
17. Psychographics. Training should be based
upon your people’s
interests, opinions,
conceptual focus, and
motivations.
*Not synonymous with
Myers-Briggs, DISC,
Strengthsfinder, or Enneagram.*
18. Culture. Training should be owned
by all levels of the
organizations and
unconscious by every
member.
*Yes, this means security lives in
the mission and vision of all
organizational levels.*
19. Feedback. Training should include
feedback and multiple and
ongoing reinforcement.
*The greater the distance between
training and reinforcement
diminishes the training’s
effectiveness.*
20. Importance. Training should be
self-aware, own its faults,
and disarming
(non-punitive).
*Seriousness and fear-based
training counteracts effective
training recognition.*
21. Stories. Training should be based
upon narrative structures
and mirror best practice
content delivery.
*Think memes, YouTube, Netflix,
and widely (not critic) acclaimed
content. Also, think game-based
narratives and stories like Candy
Crush or Angry Birds.*
22. Brains. Training should be aimed
to engage the subcognitive
elements.
*Security folks see and experience
the world differently; do not select
or endorse training that is effective
for you or you prefer without larger
considerations. *
23. Ease. Training should be
challenging and aim at
growth.
*All purpose of training is lost if
becomes a theatrical act by
members if there is experience
discontinuity between professed
importance and challenge.*
24. This is only the beginning.
Will you build with us?
26. Contact Us For more information, please contact
us at:
hello@hooksecurity.co
Or follow us on LinkedIn:
https://www.linkedin.com/company/
hooksecurity/