Cyber Empathy

How many accounts on different websites do you have?

Sharing our personal information online as a condition to access content has become a reflex. We hit the "I've read and agree to the terms and conditions" button without thinking about it. In fact, only a handful would notice if anything else is written in that box.

Yet things are starting to change; those worried about data privacy aren't only hackers anymore. The wave of awareness that questions what companies do with the personal information we share with them has started spreading to every corner of the cybersphere.

My guest, the brilliant and passionate Merry Marwig, is optimistic about the future of the data privacy landscape and believes it is already going through a positive transformation.

Merry is a Volunteer Advisor at The Plunk Foundation, a Privacy Consultant at DataGrail, and, as you'll see throughout our conversation, overly excited about data privacy tech.

Merry's thoughts on the evolution of data privacy programs stay firmly rooted in the reality of her research and data-driven approach, factors which also fuel the change seeping into people's perception over these issues, and the link between privacy and security.

With Merry’s help, you’ll also understand the emotional toll privacy harms have on you, me, and everyone else, and how ethical use of consumers' information can actually boost a company's growth, plus much more.

Episode highlights:

• How privacy and security are different, but related (1:20)
• The emotional toll of privacy harms (6:50)
• Understanding how our data gets resold online (15:10)
• Why now is the right time to do the right thing about data privacy (17:20)
• How younger generations see data privacy (24:40)
• Why privacy is part of our culture (29:30)
• How our understanding of privacy is deepening (38:50)
• Why even marketers are moving to privacy (46:40)

Connect with Merry:

• LinkedIn

Let's connect!

• Website
• LinkedIn
• Twitter

Javvad is a brilliant Security Awareness Advocate, Speaker, sharp industry commentator, and one of the most prolific bloggers in the community. His natural talent for making the cybersecurity industry's most technical and complicated matters easy to understand is a gift and an inspiration.

Join me as Javvad masterfully dissects the negativity and the rationalization bias, using brilliant analogies to explain the disconnect between cybersecurity specialists' expectations and people’s responses to digital challenges.

And, if you’re up for it, help us answer this question: how can we make cybersecurity fun for people?

PS: This is not my AI-generated voice, but rather my adapter-damaged one. I only noticed the terrible quality after the recording, so please bear with me - or just skip to Javvad's parts, which are flawless!

Episode Highlights:

• What we really need to be teaching people about cybersecurity (4:50)
• How to deal with the curse of knowledge (10:10)
• The best way to keep cybersecurity connected to people's realities (19:20)
• How to rebrand the cybersecurity team - and why we need this (24:10)
• The problem with rational thinking (28:30)
• Why cybersecurity is evolving beyond tech-focused conversations (38:50)

Resources:

• Book - Javvad Malik - 50 Ways To Survive & Thrive In Cybersecurity

Connect with Javvad:

• Website
• LinkedIn
• Twitter

Let's connect!

• Website
• LinkedIn
• Twitter

I’ve had dozens of conversations exploring the need for empathy and compassion in cybersecurity, from supporting victims of cybercrime to acknowledging the data we protect are not numbers on a screen but real people’s experiences.

Yet the transformation empathy is capable of goes way beyond cybersecurity. It seeps into the teams and companies we build, the relationships we influence through technology, it guides leadership, and so much more!

That’s why I’m delighted to open Season 5 of Cyber Empathy with a trailblazer in the community, known for his generosity, empathy, and honesty.

Vivek Ramachandran, Founder of SquareX, joins me to discuss the importance of optimism, perseverance, compassion, and vulnerability and their instrumental role in every aspect of his life.

Discover how Vivek's commitment to accessible education and his genuine desire to help others have shaped his career and inspired the entire offensive security community (and continues to do so).

Listen as Vivek recounts personal stories, including the astonishing support he received when transitioning a personal project into a full-time venture, and the profound impact of his empathetic approach on individuals and teams across the world.

This conversation sets the tone for this new season in which we’ll dive even deeper into the layers of our humanity and how they shape technology and the way we show up for ourselves and others.

Tune in to explore:

• Why people tend to give back when the opportunity arises (11:10)
• How to be kind, compassionate, and empathetic when it is challenging to be it (18:40)
• How to carve time for yourself when building a company and doing deep research in cybersecurity (25:00)
• How Vivek balances accountability, flexibility, and trust at SquareX (29:50)
• The role empathy plays in Vivek’s SquareX and other tech companies (37:50)

Connect with Vivek:

• LinkedIn
• Twitter
• SquareX's website

Let's connect!

• Website
• LinkedIn
• Twitter

Reality check: most cyberattacks and privacy infringements are not a result of sophisticated hacking done by malicious adversaries who want to hold your system hostage or steal all your data. They result from the victim falling into a criminal's trap by clicking on “interesting” malicious links or (re)using weak credentials all over their online accounts.

Most people who aren’t in tech won’t even know their device was attacked or their credentials stolen.

In fact, a majority of infringements on users' privacy and security are not noticeable at the moment they occur. You only perceive it later, when you get bombarded with unwanted emails, tracking-enabled newsletters, and targeted ads on your timeline, among others.

The good news is there are a few basic steps you can take to significantly bolster your security posture across all your devices and digital footprint.

If you are a business owner, this would substantially increase the protection of your business assets, including your clients’ valuable data. It’s also an opportunity to practice empathy towards those who are a critical part of your business. (We’ll show you how.)

Inspired by our experience in the field of cybersecurity, privacy, and the technology we use, we share some tips you can implement to increase your business’ safety.

In this episode, we break down common beliefs business owners have over the issues of privacy and cybersecurity. You’ll also learn how a password manager and two-factor authentication can reduce the risk of your accounts being illegally accessed. Additionally, we’ll explain why you should only collect the data you absolutely need from your clients.

In this episode, you will learn:

• Misconceptions many business owners have around privacy and cybersecurity (03:42)
• Three principles that will lead to a safer and more ethical behavior (08:55)
• Why you should get a password manager (13:16)
• The importance of two-factor authentication (15:01)
• Why you should avoid collecting more data than you need (24:21)

Resources:

• Fathom Analytics (Website analytics tool)
• Rose Wintle (Website)
• Authy (2-factor authentication tool)
• Easy Data Protection Guide
• No To Spy Pixels

Connect with Dave:

• Website
• LinkedIn
• Twitter

Connect with Andra:

• Website
• LinkedIn
• Twitter

Poor communication is a major roadblock in getting people to adopt cyber-safe habits. It also created a major disconnect between information security specialists and the people they serve.

For instance, threat-filled emails with a negative or sometimes threatening tone only confuse non-IT experts who need simple explanations and psychological safety to learn.

This makes empathy essential in the cybersecurity space because it’s a constant reminder that things which are quick and easy for technical specialists can be complex and unnecessary to people with a different background.

By revamping security training and communication, we can make people feel comfortable with digital security practices and appreciated for their continued efforts. This is the most effective way to encourage compliance with safety measures such as strong passwords and secure document handling.

Leading organizations and their leaders through this change takes a special kind of person.

Today, we're thrilled to welcome Ceri Jones, Head of Security Awareness & Community at Lego, to the podcast!

Ceri is a brilliant specialist who turns research from multiple fields into real-world tactics that build security-focused internal cultures. With over a decade of experience in people-focused security and awareness, Ceri is a true champion of positive security and language. She's a firm believer in fresh approaches to security awareness that “make security more approachable, conscious and considerate.“

Tune in to:

• discover why companies need to embrace positive language in their cybersecurity communications
• learn how heavy cognitive load affects people's response to security best practices, and
• get inspired by the positive changes happening in the exciting world of cybersecurity.

In this episode we cover:

• The power of positive language in cyber defense (05:09)
• A winning case of cyber-positivity straight from Ceri’s experience (12:35)
• The personal drive behind Ceri's journey in cybersecurity (18:07)
• The brain-drain effect on cyber safety measures (22:24)
• Positive changes shaping the future of cybersecurity (29:58)

Connect with Ceri:

• LinkedIn
• Twitter
• Medium

Let’s connect!

• Website
• LinkedIn
• Twitter