@jerry I'd be pretty interested to know the directions and thoughts you have around behavioral economics/psychology & InfoSec.

I spend a lot of time thinking about the way folks act and think. Haven't had a lot of opportunity to put it into InfoSec (beyond working to sympathize and work with those who don't understand the insecurity of their work). Would definitely love to hear the discussion

@entreprelife certainly. I will tell you that my focus is more centered on IT, security people, and management, rather than end users. I’ve written a bit about it in the past: infosec.engineering/?s=Behavio

@jerry I'm interested in both. In the end, IT, Sec folks, and Management are all just different kinds of users. Trying their best and being manipulated and controlled by their subconscious influences as much as anyone else.

It's just their actions have a greater impact than most individuals, haha

@entreprelife exactly. The fact that we have so many breaches tells us a lot about people who design and run security programs. They are often unaware of risks because they are ignorant of various ways things can go wrong, or dramatically underestimate the likelihood or the impact of a compromise. All that seems obvious, but I am fascinated with why this is and how we improve the situation.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.