Rachel Tobac, SocialProof Security - A Cyber Hero by CaptainCyber
In two words, who are you?
I would say I am hacking people.
So what does this mean, hacking people?
Basically what I do is I use the human element, element of security and the vulnerability is that we have in human beings and I try and gain access to systems, data and money by going through the human element of security. I exploit human weakness.
How to address the human factor in cybersecurity ?
I see it more like human beings. They're your first line of defense. If you can train them, if they understand what you do as attackers, they can think like an attacker and protect themselves, their company and their families. So I don't think of them as a weak link. I think of them as an important element of security. And actually that first barrier to entry.
What's the best way to engage people?
People don't learn when they're scared, they learn when they're interested and curious and excited. So it's much better to work with a reinforcement model rather than a punishment model. And so we have to help people understand it and continuously educate them in a fun, interesting, exciting way, not just a slap on the wrist when things go wrong.
What does diversity bring to cybersecurity?
Diversity is one of the most important things that we need to include within the cybersecurity framework because attackers are very diverse. So we need the defenders to be just as diverse.
People feel aware but also declare unhealthy practices. Why this?
It's their responsibility to make sure their employees understand it and that it makes sense to them.
And that means you have to come in and do that education in a fun, curious, insightful way that's exciting to them. And not just, hey, you're reusing passwords. That's bad. “Hey, don't do this. Don't click that”. People don't learn that way. They learn whatever. They're having fun and they're trying it and they're thinking like an attacker.
How can we ensure the global citizen becomes a cyber hero?
I think a cyber hero is somebody who is able to understand the threats and report them. If you can do that, you can really save the people in your organization. They haven't learned that yet at the company and they click it. Well, if you already reported it and your I.T. team already blocked it, then you just saved your best friend. That's a very best thing that you could do to be a cyber hero. You have just saved all of your colleagues. So pretty much every holiday now is me sitting down with my family and friends and making sure they're safe.