OWASP Global AppSec US 2021
Attending this event?
Back To Schedule
Thursday, November 11 • 11:00am - 12:00pm
How to build a security mindset

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Our security knowledge increases, our tools improve, but breaches still happen.

Studies show that 95% of security breaches are caused by human errors. One strategy to eliminate them might be to automate everything―to use smart technologies. But full automation remains an unrealized desideratum.

Another strategy is to build a security mindset. And here we have a challenge: how do we encourage people to do something that requires effort, that demands a change in behavior?

Recently, I participated in several activities through which I learned about the Maori way of educating people and managing change through storytelling and mutual teaching. It inspired in me the idea that this approach could be effective for educating people about security.

I lead cyber security work at a small company that is rapidly scaling and must significantly improve its security practices. Policies, guides, and traditional learning approaches haven’t changed behaviors by much, and awareness fades quickly after a course or a conversation.

I decided to test a new approach by using insights from the Maori culture of New Zealand to help to change the employees’ security mindset.

Here I share what I did and how it worked out. With these same practices, you may be able to achieve similar positive changes in your own workplace.

avatar for Anna Lezhikova

Anna Lezhikova

Anna is a Lead DevSecOps engineer from Wellington, New Zealand. She worked with a wide range of technologies in various big and small companies and found that the key factor in everything was humans, not machines. In free time she raises kids, plants and communities.

Thursday November 11, 2021 11:00am - 12:00pm PST
Feedback form isn't open yet.

Attendees (3)