The human element in cyber resilience: Lessons from the intelligence community

While cyber threats grow in complexity, there is no shortage in the attacks focused on exploiting human vulnerabilities - a gap in many organisations’ cyber defences.

This session combines proven techniques from counterintelligence and human risk management to offer cyber security and risk leaders actionable ways to bolster resilience against human-centric cyber threats. Drawing from over a decade of experience as an Intelligence Officer and specialised training in influence and human source handling, attendees will understand how threat actors use social engineering, insider manipulation, and pretexting to exploit organisational weak points and how intelligence-based strategies can turn these vulnerabilities into sources of resilience.

Key focuses for this talk will include:

- Identifying psychological vulnerabilities.

Just as intelligence operations begin by understanding target psychology, we’ll discuss how to assess and anticipate areas where your workforce may be vulnerable to cyber manipulation. This involves practical steps to identify potential gaps in security awareness, employee sentiment, and communication patterns, creating a foundation for effective defence.

- Building resilience through cultural shift.

Cyber resilience isn’t just about stopping threats; it’s about embedding a culture that anticipates them and responds quickly when the worst day does come. Using lessons from counterintelligence, I’ll demonstrate strategies for reshaping corporate culture to foster vigilance and secure behaviours, from the C-suite down to the frontline. By embedding these behaviours, leaders can develop a proactive culture that reduces susceptibility to social engineering and insider threats.

- Operationalising insider threat programs.

We have seen that insider risks are often overlooked or addressed reactively. This segment provides an intelligence-informed framework for setting up active insider threat processes, empowering leaders to flag and respond to potential risks before they evolve into security incidents.

Who should attend?

This session is geared toward cyber security leaders and risk professionals. They will be presented with a tactics to identify and manage human-centric risks, transforming employees from potential vulnerabilities into cyber champions and key defenders of the organisation's assets.