Rating: 5 out of 5 stars
5/5
Ebook101 pages1 hour
7 Rules to Influence Behaviour and Win at Cyber Security Awareness
By Chirag Joshi
Rating: 5 out of 5 stars
5/5
()
About this ebook
Cyber Security explained in non-cyber language.
Get ready to have everything you thought you knew about Cyber Security Awareness challenged.
Fight back against the scourge of scams, data breaches, and cyber crime by addressing the human factor.
Using humour, real-world anecdotes, and experiences, this book introduces seven simple rules to communicate cyber security concepts effectively and get the most value from your cyber awareness initiatives. Since one of the rules is "Don't Be Boring," this proven process is presented in an entertaining manner without relying on scary numbers, boring hoodie-wearing hacker pictures, or techie jargon!
Additionally, this book addresses the "What" and "Why" of cyber security awareness in layman's terms, homing in on the fundamental objective of cyber awareness—how to influence user behaviour and get people to integrate secure practices into their daily lives.It draws wisdom from several global bodies of knowledge in the technology domain and incorporates relevant teachings from outside the traditional cyber areas, such as behavioural psychology, neuroscience, and public health campaigns.
This book is for everyone, regardless of their prior cyber security experience. This includes cyber security and IT professionals, change managers, consultants, communication specialists, senior executives, as well as those new to the world of cyber security.
What Will This Book Do for You?
- If you're new to cyber security, it will help you understand and communicate the topic better. It will also give you a clear, jargon-free action plan and resources to jump start your own security awareness efforts.
- If you're an experienced cyber security professional, it will challenge your existing assumptions and provide a better way to increase the effectiveness of your cyber awareness programs.
- It will empower you to influence user behaviour and subsequently reduce cyber incidents caused by the human factor.
- It will enable you to avoid common mistakes that make cyber security awareness programs ineffective.
- It will help make you a more engaging leader and presenter.
- Most importantly, it won't waste your time with boring content (yes, that's one of the rules!).
About the Author:
Chirag's ambitious goal is simple - enable human progress through technology. To accomplish this, he wants to help build a world where there is trust in digital systems, protection against cyber threats and a safe environment online for communication, commerce and engagement. He is especially passionate about safety of children and vulnerable sections of society online. This goal has served as a driver that has led Chirag to become a sought-after public speaker and advocate at various industry-leading conferences and events. During the course of his career spanning over a decade in multiple countries, he has built, implemented and successfully managed cyber security, risk management and security awareness programs. The success of these programs were a result of unyielding focus on business priorities, pragmatic approach to cyber threats and most importantly, effective stakeholder engagement. As a leader holding senior positions in organizations, Chirag excels at the art of translating business and technical speak in a manner that optimizes value. Chirag's academic qualifications include Master's degree in Telecommunications Management and Bachelor's degree in Electronics and Telecommunications Engineering. He holds multiple certifications including Certified Information Security Manager, Certified Information Systems Auditor and Certified in Risk and Information Systems Control.
Author
Chirag Joshi
Chirag’s ambitious goal is simple—to enable human progress through technology. To accomplish this, he wants to help build a world where there is trust in digital systems, protection against cyber threats, and a safe environment online for communication, commerce, and engagement. He is especially passionate about the safety of children and vulnerable sections of society online. This goal has served as a motivation that has led Chirag to become a sought-after speaker and advocate at various industry-leading conferences and events across multiple countries. Chirag has extensive experience working directly with the C-suite executives to implement cyber security awareness training programs. During the course of his career spanning over a decade across multiple sectors, he has built, implemented, and successfully managed cyber security, risk management, and compliance programs. As a leader holding senior positions in organizations, Chirag excels at the art of translating business and technical speak in a manner that optimizes value. Chirag has also conducted several successful cyber training and awareness sessions for non-technical audiences in diverse industries such as finance, energy, healthcare, and higher education. Chirag’s academic qualifications include a master’s degree in telecommunications management and a bachelor’s degree in electronics and telecommunications. He holds multiple certifications, including Certified Information Security Manager, Certified Information Systems Auditor, and Certified in Risk and Information Systems Control.
Related to 7 Rules to Influence Behaviour and Win at Cyber Security Awareness
Related ebooks
The Language of Cybersecurity Cybersecurity Program Development for Business: The Essential Planning Guide Rating: 0 out of 5 stars0 ratings7 Rules To Become Exceptional At Cyber Security Rating: 5 out of 5 stars5/5Building a Life and Career in Security Rating: 5 out of 5 stars5/5Building an Effective Cybersecurity Program, 2nd Edition Rating: 0 out of 5 stars0 ratingsHow to Define and Build an Effective Cyber Threat Intelligence Capability Rating: 4 out of 5 stars4/5Build a Security Culture Rating: 0 out of 5 stars0 ratingsCybersecurity ABCs: Delivering awareness, behaviours and culture change Rating: 0 out of 5 stars0 ratingsInformation Security A Practical Guide: Bridging the gap between IT and management Rating: 5 out of 5 stars5/5Professional Penetration Testing: Volume 1: Creating and Learning in a Hacking Lab Rating: 4 out of 5 stars4/5Infosec Management Fundamentals Rating: 5 out of 5 stars5/5Beginner's Guide to Information Security Rating: 0 out of 5 stars0 ratingsTargeted Cyber Attacks: Multi-staged Attacks Driven by Exploits and Malware Rating: 5 out of 5 stars5/5Fundamentals of Information Security Rating: 0 out of 5 stars0 ratingsManaging Information Security Breaches: Studies from real life Rating: 0 out of 5 stars0 ratingsOnline Danger: How to Protect Yourself and Your Loved Ones from the Evil Side of the Internet Rating: 4 out of 5 stars4/5Cyber Essentials: A Pocket Guide Rating: 5 out of 5 stars5/5Cyber Security: Essential principles to secure your organisation Rating: 0 out of 5 stars0 ratingsThe Cybersecurity Playbook: How Every Leader and Employee Can Contribute to a Culture of Security Rating: 0 out of 5 stars0 ratingsLandscape of Cybersecurity Threats and Forensic Inquiry Rating: 0 out of 5 stars0 ratingsThe Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks Rating: 0 out of 5 stars0 ratingsCybersecurity: The Hacker Proof Guide To Cybersecurity, Internet Safety, Cybercrime, & Preventing Attacks Rating: 0 out of 5 stars0 ratingsThe Cybersecurity Mindset: A Virtual and Transformational Thinking Mode Rating: 0 out of 5 stars0 ratingsThe Psychology of Information Security: Resolving conflicts between security compliance and human behaviour Rating: 5 out of 5 stars5/5NIST Cybersecurity Framework: A pocket guide Rating: 0 out of 5 stars0 ratingsBuilding an Information Security Awareness Program: Defending Against Social Engineering and Technical Threats Rating: 0 out of 5 stars0 ratingsIntroduction to US Cybersecurity Careers Rating: 3 out of 5 stars3/5Security+ Boot Camp Study Guide Rating: 5 out of 5 stars5/5
Internet & Web For You
Podcasting For Dummies Rating: 4 out of 5 stars4/5No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State Rating: 4 out of 5 stars4/5Get Rich or Lie Trying: Ambition and Deceit in the New Influencer Economy Rating: 0 out of 5 stars0 ratingsCoding For Dummies Rating: 5 out of 5 stars5/5Coding All-in-One For Dummies Rating: 4 out of 5 stars4/5How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5The Logo Brainstorm Book: A Comprehensive Guide for Exploring Design Directions Rating: 4 out of 5 stars4/5Grokking Algorithms: An illustrated guide for programmers and other curious people Rating: 4 out of 5 stars4/5How to Disappear and Live Off the Grid: A CIA Insider's Guide Rating: 0 out of 5 stars0 ratingsSocial Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5The Internet Is Not What You Think It Is: A History, a Philosophy, a Warning Rating: 4 out of 5 stars4/5Six Figure Blogging Blueprint Rating: 5 out of 5 stars5/5How To Start A Podcast Rating: 4 out of 5 stars4/5More Porn - Faster!: 50 Tips & Tools for Faster and More Efficient Porn Browsing Rating: 3 out of 5 stars3/5The Beginner's Affiliate Marketing Blueprint Rating: 4 out of 5 stars4/5How To Make Money Blogging: How I Replaced My Day-Job With My Blog and How You Can Start A Blog Today Rating: 4 out of 5 stars4/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5Stop Asking Questions: How to Lead High-Impact Interviews and Learn Anything from Anyone Rating: 5 out of 5 stars5/5The Gothic Novel Collection Rating: 5 out of 5 stars5/5Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Rating: 4 out of 5 stars4/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5How To Start A Profitable Authority Blog In Under One Hour Rating: 5 out of 5 stars5/5The $1,000,000 Web Designer Guide: A Practical Guide for Wealth and Freedom as an Online Freelancer Rating: 5 out of 5 stars5/5
Related podcast episodes
Is enhanced hardware security the answer to ransomware? [CyberWire-X] 100% found this document usefulcybersecurity maturity model certification (CMMC) (noun) [Word Notes] 0% found this document usefulBig breaches (and how to avoid them): with Neil Daswani 0% found this document usefulCybersecurity and Hacking with Kevin Mitnick 0% found this document usefulBonus: Afternoon Cyber Tea: IoT-Based Infrastructures 0% found this document usefulCybersecurity Trends and Practices 0% found this document usefulCyberWire Pro Interview Selects: Jaclyn Miller from NTT, Ltd. 0% found this document usefulSocial Engineering works because we're human. 0% found this document usefulWhy container security is important - Part 1: Wes Widner joins me to discuss container security. 0% found this document usefulMITRE ATT&CK (noun) [Word Notes] 0% found this document usefulStorytelling and Cybersecurity Awareness 0% found this document usefulSecurity Trends in 2023 and Beyond 0% found this document useful
Related articles
“Vulnerability Hunters Tend To Be Cut From A Different Cloth. They Are Naturally In Quisitive” PC Pro MagazineArticle
“Vulnerability Hunters Tend To Be Cut From A Different Cloth. They Are Naturally In Quisitive”
Jan 6, 2022
7 min readHow to Protect Your Small Business Against a Cyber Attack EntrepreneurArticle
How to Protect Your Small Business Against a Cyber Attack
Feb 1, 2013
8 min readArtificial Intelligence: The Next Step for Cybersecurity Cannabis & Tech TodayArticle
Artificial Intelligence: The Next Step for Cybersecurity
Apr 1, 2019
3 min readEverything You May Have Wanted to Know About Ethical/Whitehat Hackers TechfastlyArticle
Everything You May Have Wanted to Know About Ethical/Whitehat Hackers
Oct 21, 2020
5 min readWhy Is Cybersecurity So Important? TechfastlyArticle
Why Is Cybersecurity So Important?
Oct 21, 2020
3 min readCyber Security IS A SHARED RESPONSIBILITY AT THE C-LEVEL Inc.Article
Cyber Security IS A SHARED RESPONSIBILITY AT THE C-LEVEL
Sep 21, 2016
Data breaches can have far-reaching repercussions; protecting against them is a companywide mandate
2 min readCybersecurity: It Might Be The Small Stuff That Gets You NZBusiness and ManagementArticle
Cybersecurity: It Might Be The Small Stuff That Gets You
Jan 16, 2020
2 min readAct, Don't React: A Leader's Guide to Cybersecurity Rotman ManagementArticle
Act, Don't React: A Leader's Guide to Cybersecurity
Sep 1, 2019
9 min readLook Internally For New Cyber Security Employees NZBusiness and ManagementArticle
Look Internally For New Cyber Security Employees
May 27, 2019
2 min readHacker Distributions Linux FormatArticle
Hacker Distributions
Nov 17, 2020
1 min readFor Cybersecurity Companies, It's Time to Shine EntrepreneurArticle
For Cybersecurity Companies, It's Time to Shine
Dec 1, 2015
2 min readCOVID-19 and Cybersecurity Beijing ReviewArticle
COVID-19 and Cybersecurity
Jun 4, 2020
4 min readVulnerability Assessments PC Pro MagazineArticle
Vulnerability Assessments
Jan 7, 2021
3 min readWhy Leaders Need To Take A Risk-based Approach To Data Security NZBusiness and ManagementArticle
Why Leaders Need To Take A Risk-based Approach To Data Security
Jul 21, 2021
5 min readCybersecurity Firm Fireeye Says Was Hacked By Nation State TechLife NewsArticle
Cybersecurity Firm Fireeye Says Was Hacked By Nation State
Dec 12, 2020
3 min readUnder Cyber Attack Owner DriverArticle
Under Cyber Attack
Apr 16, 2020
9 min readCyber Safe Facility ManagementArticle
Cyber Safe
Dec 23, 2018
4 min readWhat Should You Know About Cloud Security Solutions? HWM SingaporeArticle
What Should You Know About Cloud Security Solutions?
Apr 9, 2021
3 min readFive Lessons Of Cybersecurity The Public Sector Can Offer The European Business ReviewArticle
Five Lessons Of Cybersecurity The Public Sector Can Offer
Jun 1, 2022
15 min readStaying Safe In The Cloud NZBusiness and ManagementArticle
Staying Safe In The Cloud
Jul 22, 2019
4 min readHacker’s Manual Maximum PCArticle
Hacker’s Manual
Mar 2, 2021
1 min readKRACK Wi-Fi Attack Threatens All Networks: How To Stay Safe And What You Need To Know MacWorldArticle
KRACK Wi-Fi Attack Threatens All Networks: How To Stay Safe And What You Need To Know
Nov 29, 2017
5 min readEntrepreneur Inspires Youth To Follow Cybersecurity Career Path NZBusiness and ManagementArticle
Entrepreneur Inspires Youth To Follow Cybersecurity Career Path
Jul 21, 2021
1 min readTop Eight Cybersecurity Predictions For 2022-23 NZBusiness and ManagementArticle
Top Eight Cybersecurity Predictions For 2022-23
Jul 20, 2022
3 min readWeb App Security Linux FormatArticle
Web App Security
Jun 29, 2021
8 min readThe Weakest Link Facility ManagementArticle
The Weakest Link
Jun 24, 2018
7 min readBuilding a Cybersecurity Fence Residential Tech TodayArticle
Building a Cybersecurity Fence
Jan 30, 2019
4 min readA 'Worst Nightmare' Cyberattack: The Untold Story Of The SolarWinds Hack NPRArticle
A 'Worst Nightmare' Cyberattack: The Untold Story Of The SolarWinds Hack
Apr 16, 2021
20 min read“Someone Who Under Takes A Ransomware Attack Isn’t A Hacker, They’re An Attacker” PC Pro MagazineArticle
“Someone Who Under Takes A Ransomware Attack Isn’t A Hacker, They’re An Attacker”
Aug 12, 2021
If you’ve ever attended an infosec or cybersecurity event, you will no doubt have noticed the preponderance of “Hacking is NOT a Crime” stickers. In 2018, some 500 such stickers were handed out at the DEF CON 26 event, the following year 5,000 were d
7 min readWhat If? RECOIL OFFGRIDArticle
What If?
Aug 10, 2021
16 min read
Reviews for 7 Rules to Influence Behaviour and Win at Cyber Security Awareness
Rating: 5 out of 5 stars
5/5
4 ratings1 review
- Rating: 5 out of 5 stars5/5Nice simple yet impactful approach to influence others to understand security
Book preview
7 Rules to Influence Behaviour and Win at Cyber Security Awareness - Chirag Joshi
For my father, Deepak, who made me the man I am today. For my wife, Urvi, without whose love and support this book wouldn’t be possible. For my mother, Hema, my brother, Sunny, and sister-in-law, Sharada, whose encouragement and enthusiasm keep me going. For my grandparents, whom I can never thank enough for everything they sacrificed for me.
––––––––
A special thanks to Dan Jones for his mentorship and to Paul De Araujo and Sameer Karamchandani for their friendship and support of this book.
Table of Contents
1. What Will This Book Do for You?
2. Introduction
3. Cyber Security and the Human Factor
4. Rule 1: Stop Relying on Bad News
5. Rule 2: Don’t Be Boring
6. Rule 3: Be SMART in Your Approach
7. Rule 4: One Size Barely Fits Anyone
8. Rule 5: Harness the Power of Allies
9. Rule 6: Be Persistent and Consistent
10. Rule 7: Get the Support of Senior Leadership
11. Coda
12. References and Additional Resources
13. About the Author
1 What Will This Book Do for You?
If you’re new to cyber security, it will help you understand and communicate the topic better. It will also give you a clear, jargon-free action plan and resources to jump-start your own security awareness efforts.
If you’re an experienced cyber security professional, it will challenge your existing assumptions and provide a better way to increase the effectiveness of your cyber awareness programs.
It will empower you to influence user behaviour and subsequently reduce cyber incidents caused by the human factor.
It will enable you to avoid common mistakes that make cyber security awareness programs ineffective.
It will help make you a more engaging leader and presenter.
Most importantly, it won’t waste your time with boring content (yes, that’s one of the rules!).
2 Introduction
I distinctly remember the scene like it happened yesterday, although it has been a few years now. I walked into a room full of mostly hard-nosed, seasoned, technical IT professionals where I was invited to speak on the importance of following good security processes and standards. I know the topic sounds boring—it is quite dry, and presenting it to a group of people who probably have heard it all before made it even more challenging. This was aggravated by the fact that technical IT people generally have a low opinion of management types in suits telling them how to do their jobs better. In their minds, they feel these people don’t have a true understanding of their roles and day-to-day challenges they face.
However, the good news for me is that I like tough environments. There are very few things that match the thrill that comes with winning over a difficult crowd through your public speaking and presentations. Also, I was determined to make my presentation useful to the audience, and thereby ensure the teachings from it had a higher likelihood of being applied.
Now, a lot of IT personnel are familiar with the negative connotations associated with use of the word cowboy
in their job’s context. This word implies a cavalier attitude towards following established standards and processes and bypassing them in order to get their jobs done faster. From personal experience working with numerous IT teams over the years, I know they don’t like this description of them. In their minds, they are doing the best they can under the circumstances, which can include aggressive and urgent timelines to deliver outcomes, often with limited resources.
To get attention and engagement from this tough crowd, I started my presentation with a real-life picture of me from Facebook wearing a cowboy hat, boots, and singing karaoke to Johnny Cash’s classics. Being an avid country music fan and a pretty good country dancer, if I do say so myself, I have lots of such stories and pictures. Starting my presentation with that image and implying, tongue in cheek, that I am one of the cowboys
got a lot of chuckles from the attendees and instantly eased the atmosphere in the room. I followed that up with my customary introductory slide that had my name and senior cyber security job title, accompanied by a lot of initials that indicate the various industry certifications I hold. I then made a comment with a slightly sarcastic smile on my face: Hope you understand that my title and all the initials following it just mean I’m a really smart guy.
The way I said it made the audience start laughing. They knew I wasn’t going to be just another cyber presenter in a suit and that I was willing to make light of all the assumed self-importance of senior leaders who think they are automatically owed respect due to their titles and qualifications. From there on, it was easy. I had the audience interested, engaged, and totally involved with my overall message on security processes and standards. In fact, I had several audience members walk up to me after the presentation to say how much they’d enjoyed the talk and discussed ways in which they’d apply the principles I shared. All said and done, I consider this presentation a success!
Now, this wasn’t the first time I had adopted a laid-back and humorous approach tailored for the audience in the room. All through my years doing public speaking and presentations on cyber security, I have used similar tailored approaches, be it presenting to a group of accountants in Colorado, USA or to a group of executives at a conference in Sydney, Australia.
At a high level, my approach to awareness is all about knowing what to communicate, how to communicate, who to communicate to, and when to communicate. Over my career, I’m fortunate to have had the opportunity to work with people in different countries with various backgrounds. Through my years of professional experience, public presentations, and learning from both successes and failures, I have perfected a process that works effectively for creating winning cyber security awareness programs.
Now let’s look at some points that make a strong case on the need for cyber security awareness. On a nearly daily basis, when you read news about cyber-attacks—causing millions of personal records to be leaked, businesses to suffer crippling damages to
Enjoying the preview?
Page 1 of 1