Recordings from the 2023 Human Risk Management Conference

Each year, HRMCon brings together cybersecurity thought leaders and practitioners to present a half-day virtual conference geared toward continuously evolving the power of behavior change in mitigating risks.

Welcome to HRMCon 2023

Ashley Rose, Living Security CEO and Cofounder, opens the event by highlighting the importance of addressing human risk in the digital era and the benefits and risks brought by technological advancements such as A.I. Human judgment and behavior are the weakest link in security, so it’s critical to invest in a comprehensive human risk program, integrate cybersecurity into organizational culture, and promote accountability and shared responsibility. Welcome to HRMCon 2023.

It’s All Going To End In Tears…

Chris Roberts on A.I.: When we build A.I. systems in a managed, controlled, restricted environment they occasionally work as we want, they can hunt for the needle in the haystack faster, more efficiently, and effectively than we’ve ever been able to. But now we’ve let an ungated intelligence loose on the mass population with no instructions, controls, or safety in place. Let’s talk about what we CAN do to help humanity, what we SHOULD talk with our folks about, and what TO do when it all goes pear shaped.

Basement Trolls or Helpful Heroes? Improving the Image of Your Awareness Team

Is your security team seen as a group of trolls in the basement, unapproachable and unhelpful? It's time to change that perception. Sunette Runhaar, Insider Threat Awareness Lead at Uber, explores the often-overlooked topic of employee experience in security awareness programs. She delves into how internal processes can either help or hinder an organization's security culture, and shares insights on how to build trust between the security team and the workforce. Download the slides for this session here.

Humanizing Cybersecurity: The Role of Emotion in Driving Change

Ashley Chackman, Cybersecurity Specialist with Ciena, and doctoral candidate and cybersecurity expert Dustin S. Sachs share how cognitive bias, emotion, user experience, and behavioral science can drive real cybersecurity change in your teams. You'll leave with practical tactics to immediately put to work in your own cybersecurity practices.

Build an Awareness Team without Spending a Dime

Twice, Kathryn Glynn has created sustainable, 25-person Ambassador programs for zero dollars by tapping into the passion and skills of team members outside of the cybersecurity team. By giving team members the opportunity to contribute to the security of the company, they'll feel more invested in its success and more connected to the cybersecurity team. Download the slides for this session here. 

From Revolutionary to Routine: Building a Business Case for Cybersecurity Innovation

All cybersecurity technology was a ground-breaking innovation at one point: DLP, IPS, IDS, 2FA. How did cybersecurity professionals make the case for new technology in the past, and what can we learn from it? Hear how Rinki Sethi, CISO for bill.com, and Martijn Verbree, National Cyber Lead at KPMG Australia, have successfully convinced CISOs to adopt new technology and innovative solutions in the past, and how it informs innovation now.

Phishing Simulations On Trial: Necessary Training or Workplace Harassment?

Join us for the cybersecurity mock trial of the year, where we shine a spotlight on the age-old debate on whether phishing simulations are an effective tool for improving cybersecurity or if they do more harm than good. Our courtroom drama features a heated debate between plaintiff Charisse Castagnoli and defendant Jenny Hedderman, with Allan Alford as the judge presiding over the case, and Nicole Thibault as expert witness. Our judge listens to both sides of the argument and the jury makes the final decision.

HRMCon 2023 Closing Remarks

Summer Craze Fowler, Senior Vice President, Cyber Security & IT for Motional, sums up the conference. "We're focused on human risk management, but it's really not even just the risk management portion, but it's also the human management portion," said Summer. She highlights the valuable discussions on humanizing cybersecurity and empowering employees to become more aware of cybersecurity threats.

HRMCon 2023: Speakers

Drew-Rose
Drew Rose

Co-Founder and CSO

Living Security
With a Bachelors of Science in Cybersecurity and a CISSP, Drew has a passion for building security programs and reducing risk. He's worked with institutions in the government, private and public sectors. His specialty lies in understanding human behaviors and how emotions impact everyday decisions, and he uses this knowledge to help organizations craft security awareness programs with impact. Having spent 8 years in the military, Drew is a patriot and loves exploring his new home in Austin, Texas. He's also the creative mind behind many of the puzzles, games, and content for Living Security. 
Ashley-Rose
Ashley Rose

Co-Founder and CEO

Living Security

As the CEO and Co-founder of Living Security, Ashley Rose is the driving force behind Living Security’s push to lead the Human Risk Management industry. She has successfully raised more than $25 million in funding to scale the business, pivoted the company from solely in-person training to a fully digital platform, and has led the company to be named an industry leader in the Forrester Wave. She co-founded Living Security based on the philosophy that empowering people is the best approach to lasting security behavior changes and breach prevention. She is an industry thought leader, sharing her unique perspective on the evolution of cybersecurity with various publications including Forbes, TechRepublic, Darkreading, Security Magazine, CyberWire, and Cybersecurity Ventures.

Chris Roberts
Chris Roberts, a.k.a. Dr. Dark Web

CISO

Boom Supersonic

Chris is considered one of the world’s foremost experts on counter threat intelligence and vulnerability research within the Information Security industry. He’s the CISO for Boom Supersonic and works as an advisor for several entities worldwide. His most recent projects are focused within the aerospace, deception, identity, cryptography, Artificial Intelligence, and services sectors. Since the late 90s, Chris has been deeply involved with security R&D, consulting, and advisory services in his quest to protect and defend businesses and individuals against various types of attack. Over the years, he’s founded or worked with several folks specializing in OSINT/SIGINT/HUMINT research, intelligence gathering, cryptography, and deception technologies. These days he’s working on spreading the risk, maturity, collaboration, and communication word across the industry.

Allan-Alford
Allan Alford

CISO, Podcaster, President

Allan alford consulting

With 20+ years in information security, Allan has served as CISO five times in four industries, with a strong history in technology, manufacturing, telecommunications, litigation, and education. Allan parlayed an IT career into a product security career and then ultimately fused the two disciplines. This unique background means that Allan approaches the CISO role with a highly business-aligned focus and an understanding of an organization's greater goals, drivers, methods, and practices.

Allan has led security functions in companies from 5 to 50,000 employees and executes a risk-based approach to security, as well as compliance with many frameworks. Allan hosts The Cyber Ranch Podcast.

Charisse.Castagnoli
Charisse Castagnoli

eCommerce, Cyber, Privacy Attorney

Ashley.Chackman
Ashley Chackman

Ciena
Ashley is a driving force behind behavior change, occupying the role of lead for Security Training Awareness and Communication at Ciena. She spearheads the strategy and implementation of the global Security Awareness program. Drawing from her 10-year tenure in the technology and public sectors, Ashley has come to recognize the significance of helping people comprehend the “why” behind initiatives to inspire real change, rather than simply inundating them with technology or security tools. Presently, her focus lies in imparting advice and guidance to Human Risk leaders, equipping them with the skills to construct captivating communications using threat intelligence and emotion.
summerfowler
Summer Craze Fowler

Senior Vice President, Cyber Security & IT

Motional

Summer Craze Fowler is a seasoned C-Suite executive with over 20 years of experience in cyber security and risk management. She is adept at developing technical strategies and leading teams to achieve aggressive goals while also in hyper-growth mode.

Kathryn.Glynn
Kathryn Glynn

Sr. Information Security Awareness & Training Lead

Kimberly-Clark

Kathryn Glynn’s role at Kimberly-Clark is Sr. Information Security Awareness & Training Lead. Her undergrad is in Marketing and Information Technology and she holds a Masters Degree in Marketing. In her career she has held numerous positions that mix Marketing and IT together and for the past 7 years she has been in Information Security, specifically focusing on securing the human. In her role she helps team members to not fear cyber-attacks but to feel empowered knowing they have the right tools to fight against them. People are not the problem; they are the solution. Educated, empowered people are your company’s best defense. Kathryn is an expert in analyzing, designing, developing, and implementing adult learning curriculum in a variety of multimedia formats that encourage employee growth and retention.

Jenny.Hedderman
Jenny Hedderman

Risk Counsel

Comptroller of the Commonwealth of Massachusetts

Jenny W. Hedderman Esq. is Risk Counsel from the Office of the Comptroller in Massachusetts. Attorney Hedderman specializes in compliance, internal controls and risk management in the areas of statewide accounting, payroll, financial reporting, and statewide financial audits for the 154 state agencies. Her current focus is developing the Comptroller’s Statewide Risk Management program, including cybersecurity, internal controls and cybersecurity awareness to reduce fraud and cyber incidents. Recent projects include the CTR Cyber Center website (macomptroller.org/ctr-cyber/) providing cybersecurity content, Cybersecurity Tips of the Week, CTR Cyber 5 (5 minute videos) and other internal controls to improve financial responsibility and protection of data, assets, and resources across the Commonwealth. Attorney Hedderman is Chair of the State Records Conservation Board. Secretary of the Essex Co-Operative Farming Association Board, as well as Adjunct Professor in Business Law at Endicott College.

Sunette.Runhaar
Sunette Runhaar

Insider Threat Awareness Program Lead

Uber

Sunette is an information security awareness specialist and is currently the Insider Threat Awareness Program Lead at Uber. Under her leadership, the program plays a key role in Uber’s security resilience strategy, helping employees to recognise and prevent potential insider threats through a robust education and awareness program.

Before Sunette joined Uber, she spent several years at Tesla as the Information Security Education and Awareness Lead, where she built the company’s first global data security awareness program from the ground up. Sunette holds a Master of Science degree in Biochemistry from the University of Stellenbosch in her home country of South Africa.

Dustin.Sachs
Dustin Sachs, MBA, CISSP

Sr. Manager, Governance Risk and Compliance

World Fuel Services

As a dynamic Information Security and Risk Management Leader, he brings over 17 years of experience in managing cybersecurity projects and conducting incident response investigations. Throughout his career, he honed expertise in cybersecurity frameworks, threat detection, and risk management practices.

Currently pursuing his Doctoral degree at Colorado Technical University, his research focuses on cyber risk decision-making. His deep understanding of cybersecurity frameworks and compliance standards empowers him to apply principles of governance and compliance effectively to information security initiatives.

Rinki-Sethi
Rinki Sethi

CISO

Bill.com

Rinki Sethi is the current vice president and chief information security officer at BILL, where she leads global information technology functions. She is also responsible for leading efforts to protect BILL’s information and technology assets and advise the company’s continued innovations in the security space.

Sethi brings decades of security and technology leadership expertise, including her recent roles as VP and CISO at Twitter and Rubrik, Inc. She has been at the forefront of developing cutting-edge online security infrastructure at several Fortune 500 companies such as IBM, Palo Alto Networks, Intuit, eBay, walmart.com, and PG&E. Sethi also serves on the board of ForgeRock, a global digital identity leader, and Data-In-Use Encryption leader Vaultree. She advises many other startups and VCs.

Nicole_Thibault
Nicole Thibault

Principal Security Awareness

 

Nicole Thibault began a career in Security Awareness in 2013. Starting from the ground up (in so many ways) she built the foundation of a Security Awareness program at a large heath care corporation. Now, ten years later in the tech industry, Nicole helps shift the mindset of employees and contractors to know security isn't something to be feared, and employees should turn to security for issues and concerns. Building a culture of personnel who report phishing emails and odd computer behavior is the starting point to employee empowerment.

Martijn-Verbree
Martijn Verbree

Lead Partner, Cyber Security

KPMG Australia

Martijn specializes in cyber security, digital technology, and risk management. He has more than 20 years' experience leading large-scale cyber and technology risk transformations across the globe in financial services, large dotcoms, and critical national infrastructure. He's experienced in cyber risk strategy, implementation, and incident response for boards and the C-suite.

While on a career break from KPMG, Martijn set up and ran the European business for an Australian tech startup in London. During this time, Martijn gained hands-on experience in agile working, fast-paced digital transformation, and DevOps.

In January 2022, Martijn joined KPMG Australia. Previously, he was a partner in KPMG's London office, where he led the cyber security business for their largest corporate clients.

 

Our Clients

Verizon-Logo
LOGO-LexisNexis-500wide-FLAT2
Biogen_logo_logotype_symbol
1024px-Sony_logo.svg
rubrik-logo
EmberLogo-250
charles-schwab-corporation-logo-3D61351A91-seeklogo.com
1024px-HP_logo_2012.svg
Raymond_James_Financial_Logo
Northrop-Grumman-full-logo-2020
Target-Logo
de-logo-share
JPMorgan
LogMeIn
Eab_global_logo
Philips_logo_logotype_emblem
t-mobile-logo-ntm
Atlassian-horizontal-blue

Learn Why Organizations Choose Living Security

Living Security offers its Fortune 500 clients unforgettable, behavior-changing security awareness training, but we don't stop there. With Unify, our clients see their riskiest users, create action plans that target specific training and tools to those who actually need it, then measure the impact of their efforts to change human behavior and improve the organization's security profile. 

Connect With Living Security Team