Practical advice, expert perspectives, and applied guides on building security culture, managing human risk, and running effective Champions programmes.
This is Part 3 of a four-part series. Parts 1 and 2 established why people behave insecurely despite knowing better, and mapped the cognitive biases that attackers exploit. This article translates that understanding into practical intervention design using the EAST framework and choice architecture. Part 4 addresses measurement and programme maturity.
Read article →This is Part 2 of a four-part series. Part 1 introduced dual process theory and the knowledge-behaviour gap. This article maps specific cognitive biases to the attack techniques that exploit them, and examines how the same biases affect security professionals as well as the users they protect. Parts 3 and 4 cover intervention design and measurement.
Read article →This is Part 1 of a four-part series on behavioural science for cybersecurity practitioners. It introduces the foundational theory that explains why people behave insecurely despite knowing better, and why the security industry's default response has been so persistently ineffective. Parts 2, 3 and 4 cover cognitive biases, intervention design, and measurement, respectively
Read article →Start your Security Champions programme with CyBehave Heroes.