Whenever someone says humans are the weakest link in cybersecurity, besides educating through fear, they are crafting a narrative, creating a reality in people's heads, and making them feel helpless against cyber criminals.

My guest, Lianne Potter, feels utterly differently about how to educate people on cybersecurity. Instead of fear, she advocates for empowering them through trust, autonomy, and, above all things, reciprocity.

Lianne is a Cyber Anthropologist, Head of Security Operations at Asda, a published author, host of the Compromising Positions podcast, keynote speaker, and multi-award-winning cybersecurity specialist. She recently won Computing.com's Security Specialist of the Year award, and, in 2021, she was named one of the Security Leaders of the Year and Woman of the Year in the Enterprise category.

This conversation is yet another opportunity to discover the dedication, kindness, and thoughtfulness that brought Lianne all these well-deserved achievements.

Throughout our conversation, she brought her brilliant and unique vision of cybersecurity. We discussed cybersecurity's own microculture in the tech space, its rituals and habits, and how cybersecurity specialists can transform how they educate the people they serve.

Lianne proposed brilliant ideas like ritualizing protection, empowering people through trust and autonomy instead of micromanaging and fear, cultivating the' hero mentality, and more.

Episode highlights:

• The moment Lianne fell in love with cybersecurity (6:40)
• What makes cybersecurity's micro-culture so attractive (10:20)
• The 3 main traits of cybersecurity (14:30)
• Why reciprocity is crucial in cybersecurity (17:20)
• Why trust and autonomy are the biggest gifts cybersecurity can offer (20:00)
• Lianne’s experience with joining her first cybersecurity team (26:30)
• The importance of how we communicate things (37:10)
• Why educating through fear never works (42:00)

Resources Mentioned:

• Lianne on LinkedIn
• Lianne on Twitter / X
• The Compromising Positions podcast
• Lianne on Tom Eston’s Shared Security Podcast
• What is a Cyber Anthropologist? Lianne Potter on The Brainy Business Podcast
• Wearables, Shareables, Unbearables - The IoT and AI Tech Nobody Asked For but Cybercriminals Love!

Let's connect!

• Website
• LinkedIn
• Twitter

Joshua Corman is a security strategist, philosopher, and co-founder of I am The Cavalry, a collective of professionals from technology, law, and public policy who work to mitigate the impact software-enabled and always-connected devices have on public safety and human life.

We had a deeply moving conversation about Joshua's influential work in cybersecurity, the birth of I Am The Cavalry, and his experiences navigating tough life transitions.

Using his masterful ability to capture thoughts, feelings, and experiences, Joshua brings to life the essence of building genuine connections, fostering trust, and caring deeply for others - and the role these play in using cybersecurity for a worthy goal.

Episode Highlights:

• Joshua shares a valuable lesson a stranger taught him about empathy (3:10)
• About the feeling that gave birth to I Am The Cavalry (8:00)
• Why bother? Because we want to be safer sooner (15:40)
• There's nothing more intoxicating than having an impact, material progress, and tangible wins (22:40)
• What is the next wave of empathy in cybersecurity (28:20)
• You don't need to be famous to make the world better (36:40)

Resources Mentioned:

• I Am The Cavalry website
• I Am The Cavalry Twitter
• I Am The Cavalry - Hippocratic Oath for Connected Medical Devices
• Swimming with sharks - security in the Internet of Things: Joshua Corman at TEDx Naperville
• Jack Daniel's LinkedIn profile
• Beau Woods's website
• Claus Cramon Houmann's LinkedIn profile
• Cyber Summit 2020: Opening Remarks from Josh Corman
• 10 Years After…My Thoughts on Josh Corman's BSides Las Vegas 2023 Keynote
• Everclear - Heartspark Dollarsign
• BSides Las Vegas
• ShmooCon

Connect with Joshua:

• LinkedIn

Let's connect!

• Website
• LinkedIn
• Twitter

Javvad is a brilliant Security Awareness Advocate, Speaker, sharp industry commentator, and one of the most prolific bloggers in the community. His natural talent for making the cybersecurity industry's most technical and complicated matters easy to understand is a gift and an inspiration.

Join me as Javvad masterfully dissects the negativity and the rationalization bias, using brilliant analogies to explain the disconnect between cybersecurity specialists' expectations and people’s responses to digital challenges.

And, if you’re up for it, help us answer this question: how can we make cybersecurity fun for people?

PS: This is not my AI-generated voice, but rather my adapter-damaged one. I only noticed the terrible quality after the recording, so please bear with me - or just skip to Javvad's parts, which are flawless!

Episode Highlights:

• What we really need to be teaching people about cybersecurity (4:50)
• How to deal with the curse of knowledge (10:10)
• The best way to keep cybersecurity connected to people's realities (19:20)
• How to rebrand the cybersecurity team - and why we need this (24:10)
• The problem with rational thinking (28:30)
• Why cybersecurity is evolving beyond tech-focused conversations (38:50)

Resources:

• Book - Javvad Malik - 50 Ways To Survive & Thrive In Cybersecurity

Connect with Javvad:

• Website
• LinkedIn
• Twitter

Let's connect!

• Website
• LinkedIn
• Twitter

How many accounts on different websites do you have? 

Sharing our personal information online as a condition to access content has become a reflex. We hit the "I've read and agree to the terms and conditions" button without thinking about it. In fact, only a handful would notice if anything else is written in that box. 

Yet things are starting to change; those worried about data privacy aren't only hackers anymore. The wave of awareness that questions what companies do with the personal information we share with them has started spreading to every corner of the cybersphere.  

My guest, the brilliant and passionate Merry Marwig, is optimistic about the future of the data privacy landscape and believes it is already going through a positive transformation. 

Merry is a Volunteer Advisor at The Plunk Foundation, a Privacy Consultant at DataGrail, and, as you'll see throughout our conversation, overly excited about data privacy tech. 

Merry's thoughts on the evolution of data privacy programs stay firmly rooted in the reality of her research and data-driven approach, factors which also fuel the change seeping into people's perception over these issues, and the link between privacy and security. 

With Merry’s help, you’ll also understand the emotional toll privacy harms have on you, me, and everyone else, and how ethical use of consumers' information can actually boost a company's growth, plus much more.

Episode highlights:

• How privacy and security are different, but related (1:20)
• The emotional toll of privacy harms (6:50)
• Understanding how our data gets resold online (15:10)
• Why now is the right time to do the right thing about data privacy (17:20)
• How younger generations see data privacy (24:40)
• Why privacy is part of our culture (29:30)
• How our understanding of privacy is deepening (38:50)
• Why even marketers are moving to privacy (46:40)

Connect with Merry:

• LinkedIn

Let's connect!

• Website
• LinkedIn
• Twitter

If you boil cybersecurity down to its essence, you'll find a hacker doing their best to educate, communicate, and help people see the world the way they do: with curiosity and the innate desire to understand it and make it better. 

Yet what's the community reaction when a message fails to land as expected? It’s (still too) often victim-blaming, a sarcastic remark, or a vague piece of advice to do more of… something.

To our guest, Alyssa Miller, it all comes down to self-awareness and understanding that, frequently, impact is more important than intent. Being more aware of how and what we communicate may seem like a simple adjustment, but it is definitely the cornerstone of a more transparent, more thoughtful, and empathetic communication style in cybersecurity.    

As SVP and CISO, Alyssa is responsible for aligning strategic security initiatives with business line objectives to protect customers' data and privacy. She is also a lifelong hacker, RSA and TEDx speaker, and the Author of "Cybersecurity Career Guide," a book she wrote to address the disconnect between the perceived scarcity of specialists in cybersecurity and all those pounding on the door trying to figure out how to get into the industry. 

Throughout our conversation, you'll hear Alyssa's thoughts on the meaning of being a hacker, emotional intelligence, and self-awareness. She also talks about the importance of conferences in cybersecurity, why it is preferable to make friends instead of fans, her book, the lessons learned along the way, and much, much more. 

Listen to this episode to discover:

• When Alyssa started to see the world from an empathetic point of view (4:40)
• What changes she experienced and witnessed since the industry began discussing empathy (14:00)
• What (ethical) hackers actually do (18:50)
• Why it’s better to make friends than to make fans (24:20)
• What is a hacker? (31:30)
• How to get into cybersecurity (42:10)

Resources mentioned:

• Book: Alyssa Miller - Cybersecurity Career Guide
• IppSec - We think we know how to build differentiating skills in offsec
• Solving the Tech Skills Gap at Your Local Coffee Shop | Alyssa Miller | TEDxLSSC

I’ve had dozens of conversations exploring the need for empathy and compassion in cybersecurity, from supporting victims of cybercrime to acknowledging the data we protect are not numbers on a screen but real people’s experiences. 

Yet the transformation empathy is capable of goes way beyond cybersecurity. It seeps into the teams and companies we build, the relationships we influence through technology, it guides leadership, and so much more! 

That’s why I’m delighted to open Season 5 of Cyber Empathy with a trailblazer in the community, known for his generosity, empathy, and honesty. 

Vivek Ramachandran, Founder of SquareX, joins me to discuss the importance of optimism, perseverance, compassion, and vulnerability and their instrumental role in every aspect of his life. 

Discover how Vivek's commitment to accessible education and his genuine desire to help others have shaped his career and inspired the entire offensive security community (and continues to do so). 

Listen as Vivek recounts personal stories, including the astonishing support he received when transitioning a personal project into a full-time venture, and the profound impact of his empathetic approach on individuals and teams across the world.

This conversation sets the tone for this new season in which we’ll dive even deeper into the layers of our humanity and how they shape technology and the way we show up for ourselves and others.

Tune in to explore:

• Why people tend to give back when the opportunity arises (11:10)
• How to be kind, compassionate, and empathetic when it is challenging to be it (18:40)
• How to carve time for yourself when building a company and doing deep research in cybersecurity (25:00)
• How Vivek balances accountability, flexibility, and trust at SquareX (29:50)
• The role empathy plays in Vivek’s SquareX and other tech companies (37:50)

Connect with Vivek:

• LinkedIn
• Twitter
• SquareX's website

Let's connect!

• Website
• LinkedIn
• Twitter

The blame game is a strong reflex in cybersecurity for many people. Pointing fingers at the human error that caused the breach, complaining about the CEO who didn't invest enough resources or training in cybersecurity, and taking it out on the CISO are all common occurrences. And they don’t help anyone. 

Blaming harms everything that empathy in cybersecurity represents and works so hard to change in the industry: connection, trust, personal growth, and making meaningful progress.

But there’s hope! One of the most powerful solutions, actually born out of an empathetic approach to human connection: Nonviolent Communication. 

Today’s guest, Octavian Istrate, explains how this technique can end the blame game, change perspectives, and get people to open up. 

Octavian is a Certified Trainer with the US Center for Nonviolent Communication (CNVC) and a dedicated Association for Nonviolent Communication (ACNV) member. He discovered Nonviolent Communication in 2010, and 7 years into applying it to his personal life, he decided to share it with others through courses, workshops, and practice groups. In 2019, he became a Certified Trainer and turned his passion into a core part of his work. 

In this episode, we explore how Nonviolent Communication contributes to developing empathy in cybersecurity, what makes it a powerful tool for personal growth, and how it helps build healthier relationships. 

You'll hear Octavian's thoughts on emotional needs in the workplace, what drew him towards Nonviolent Communication, and how to use this approach to manage difficult situations. 

Additionally, Octavian talks about the changes he experienced as someone coming from a technical background, empathy blockers, and how he ended up becoming a change strategist. We even go through a real-life exercise on how to apply Nonviolent Communication!

Listen to this episode to learn:

• How Nonviolent Communication can remove blame from cybersecurity conversations and behaviors (4:10)
• What was going on in Octavian’s life when he learned about Nonviolent Communication (11:00)
• How to separate observation from judgment (14:20)
• What made Octavian decide to become a Nonviolent Communication trainer (28:00)
• A real-life exercise on Nonviolent Communication (37:50)
• How empathy blockers affect communication (48:20)

Resources from this episode:

• Book: Marshall B. Rosenberg - Nonviolent Communication: A Language of Life: Life-Changing Tools for Healthy Relationships (Nonviolent Communication Guides)
• Center for Nonviolent Communication's website
• Empathy Blockers

Connect with Octavian:

• Octavian’s website (Romanian)
• Octavian as a change strategist (Romanian)

Let's connect!

• Website
• LinkedIn
• Twitter