Why is the security industry so full of fail? We spend millions of dollars on firewalls, IPS, IDS, DLP, professional penetration tests and assessments, and vulnerability and compliance tools, and at the end of the day, the weakest link is the user and his or her inability to make the right choices. It's enough to make a security engineer cry.
The one thing you can depend upon in an enterprise is that many of your users, even with training, will still make the wrong choices. They will violate BYOD restrictions, click on links they shouldn't, respond to phishing scams, open documents without thinking, post too much information on Twitter and Facebook, use their pet's name as passwords, etc. But what if this isn't because users hate us or are too stupid? What if all our ignored policies and procedures regarding the best security practices have more to do with our failure to understand modern neuroscience and the human mind's resistance to change?
Humans are wired to be emotional beings. Emotions influence most of our decisions, good and bad. In failing to understand how this is at the root of user non-compliance, no matter how much money we spend on expensive hardware and software, we will fail to achieve the goal of good organizational security.
A New Model: Advancing Organizational Security Through Peacebuilding-1st draftMichele Chubirka
Why is the security industry so full of fail? We spend millions of dollars on firewalls, IPS, IDS, DLP, professional penetration tests and assessments, and vulnerability and compliance tools, and at the end of the day, the weakest link is the user and his or her inability to make the right choices. It's enough to make a security engineer cry.
The one thing you can depend upon in an enterprise is that many of your users, even with training, will still make the wrong choices. They will violate BYOD restrictions, click on links they shouldn't, respond to phishing scams, open documents without thinking, post too much information on Twitter and Facebook, use their pet's name as passwords, etc. But what if this isn't because users hate us or are too stupid? What if all our ignored policies and procedures regarding the best security practices have more to do with our failure to understand modern neuroscience and the human mind's resistance to change?
Humans are wired to be emotional beings. Emotions influence most of our decisions, good and bad. In failing to understand how this is at the root of user non-compliance, no matter how much money we spend on expensive hardware and software, we will fail to achieve the goal of good organizational security.
Security Is Like An Onion, That's Why It Makes You CryMichele Chubirka
Why is the security industry so full of fail? We spend millions of dollars on firewalls, IPS, IDS, DLP, professional penetration tests and assessments, vulnerability and compliance tools and at the end of the day, the weakest link is the user and his or her inability to make the right choices. It's enough to make a security engineer cry. The one thing you can depend upon in an enterprise is that many of our users, even with training, will still make the wrong choices. They still click on links they shouldn't, respond to phishing scams, open documents without thinking, post too much information on Twitter and Facebook, use their pet's name as passwords, etc'. But what if this isn't because users hate us or are too stupid? What if all our complaints about not being heard and our instructions regarding the best security practices have more to do with our failure to understand modern neuroscience and the human mind's resistance to change?
Self -Directed Neuroplasticity: Using the New Brain Research to Deepen Clinic...Rick Hanson
How mental activity sculpts neural structure; the benefits and pitfalls of integrating neuroscience and psychotherapy; the neural substrates of self-compassion; and how to activate the lateral networks of mindful awareness.
A New Model: Advancing Organizational Security Through Peacebuilding-1st draftMichele Chubirka
Why is the security industry so full of fail? We spend millions of dollars on firewalls, IPS, IDS, DLP, professional penetration tests and assessments, and vulnerability and compliance tools, and at the end of the day, the weakest link is the user and his or her inability to make the right choices. It's enough to make a security engineer cry.
The one thing you can depend upon in an enterprise is that many of your users, even with training, will still make the wrong choices. They will violate BYOD restrictions, click on links they shouldn't, respond to phishing scams, open documents without thinking, post too much information on Twitter and Facebook, use their pet's name as passwords, etc. But what if this isn't because users hate us or are too stupid? What if all our ignored policies and procedures regarding the best security practices have more to do with our failure to understand modern neuroscience and the human mind's resistance to change?
Humans are wired to be emotional beings. Emotions influence most of our decisions, good and bad. In failing to understand how this is at the root of user non-compliance, no matter how much money we spend on expensive hardware and software, we will fail to achieve the goal of good organizational security.
Security Is Like An Onion, That's Why It Makes You CryMichele Chubirka
Why is the security industry so full of fail? We spend millions of dollars on firewalls, IPS, IDS, DLP, professional penetration tests and assessments, vulnerability and compliance tools and at the end of the day, the weakest link is the user and his or her inability to make the right choices. It's enough to make a security engineer cry. The one thing you can depend upon in an enterprise is that many of our users, even with training, will still make the wrong choices. They still click on links they shouldn't, respond to phishing scams, open documents without thinking, post too much information on Twitter and Facebook, use their pet's name as passwords, etc'. But what if this isn't because users hate us or are too stupid? What if all our complaints about not being heard and our instructions regarding the best security practices have more to do with our failure to understand modern neuroscience and the human mind's resistance to change?
Self -Directed Neuroplasticity: Using the New Brain Research to Deepen Clinic...Rick Hanson
How mental activity sculpts neural structure; the benefits and pitfalls of integrating neuroscience and psychotherapy; the neural substrates of self-compassion; and how to activate the lateral networks of mindful awareness.
Los afectados del programa Emple@joven convocan una manifestación el próximo lunes 27 de abril a las 17:00 en la Plaza de la Constitución de la capital contra sus condiciones precarias de trabajo.
Shame is highly correlated to addiction, depression, violence, aggression, bullying, suicide, eating disorder. - Brene Brown
The Power of the Cross through the Spirit and the Word. Working to heal and restore families.
The Elijah Task, Free from Shame page 20-21
Synthesis and Study of Structural, Optical Properties of CoxZn1-xS Semiconduc...IOSR Journals
CoxZn1-xS (x=0-0.1) polycrystalline semiconductor compounds were synthesised by co-precipitation method and were characterised by X-ray diffraction (XRD), UV-absorption, EDAX, SEM and Fourier Transform Infrared (FTIR) studies. XRD studies have shown that these powders have polycrystalline nature with a gradual variation from hexagonal to cubic structure while x changing from 0 to 0.1. UV-abosrption studies revealed that the band gap of CoxZn1-xS (x=0-0.1) samples decreased with increase in cobalt concentration, owing to the enhancement of sp-d exchange interactions and typical d-d transitions. Chemical homogeneity and surface morphology studies were carried out by using EDAX and SEM. Fourier Transform Infrared (FTIR) spectroscopy also revealed that cobalt is induced into the lattice replacing Zinc
A New Model: Advancing Organizational Security Through PeacebuildingMichele Chubirka
Why is the security industry so full of fail? We spend millions of dollars on firewalls, IPS, IDS, DLP, professional penetration tests and assessments, vulnerability and compliance tools, but at the end of the day, the weakest link is the user and his or her inability to make the right choices. It's enough to make a security professional cry.
The one thing you can depend upon in an enterprise is that many of your users, even with training, will still make the wrong choices. They will violate BYOD restrictions, click on links they shouldn't, respond to phishing scams, open documents without thinking, post too much information on Twitter and Facebook, use their pet's name as passwords, etc. But what if this isn't because users hate us or are too stupid?
What if all our ignored policies and procedures regarding the best security practices have more to do with our failure to understand modern neuroscience and the human mind's resistance to change?
Humans are wired to be emotional beings. These emotions influence most of our decisions, both good and bad. In failing to understand how this is at the root of user non-compliance, no matter how much money we spend on expensive hardware and software, we will fail to achieve the goal of good organizational security. With a goal of understanding human behavior, the session will combine concepts from applied neuroscience with physical and interactive exercises based upon the principles of mindfulness and martial arts.
Humans Aren’t Computers: Effective Management Strategies for IT LeadersMichele Chubirka
IT leaders are expected to break down silos between different technology teams, get end users to understand and embrace policies, and forge productive relationships with their counterparts on the business side of the organization. This is harder than it sounds, because while people can behave rationally, they can also be governed by emotions such as frustration and fear of change. They can be driven by ego, a bad attitude, or simple ignorance. They can cause conflict that can disrupt professional relationships, drag down a team or even poison an entire department. Unfortunately for technical-minded leaders, there’s no Python script to program company-wide collaboration and harmony and get everyone to sing Kumbaya. We have to learn how to build healthy relationships with employees, drive engagement, and understand how to resolve conflicts using practical, effective strategies.
Los afectados del programa Emple@joven convocan una manifestación el próximo lunes 27 de abril a las 17:00 en la Plaza de la Constitución de la capital contra sus condiciones precarias de trabajo.
Shame is highly correlated to addiction, depression, violence, aggression, bullying, suicide, eating disorder. - Brene Brown
The Power of the Cross through the Spirit and the Word. Working to heal and restore families.
The Elijah Task, Free from Shame page 20-21
Synthesis and Study of Structural, Optical Properties of CoxZn1-xS Semiconduc...IOSR Journals
CoxZn1-xS (x=0-0.1) polycrystalline semiconductor compounds were synthesised by co-precipitation method and were characterised by X-ray diffraction (XRD), UV-absorption, EDAX, SEM and Fourier Transform Infrared (FTIR) studies. XRD studies have shown that these powders have polycrystalline nature with a gradual variation from hexagonal to cubic structure while x changing from 0 to 0.1. UV-abosrption studies revealed that the band gap of CoxZn1-xS (x=0-0.1) samples decreased with increase in cobalt concentration, owing to the enhancement of sp-d exchange interactions and typical d-d transitions. Chemical homogeneity and surface morphology studies were carried out by using EDAX and SEM. Fourier Transform Infrared (FTIR) spectroscopy also revealed that cobalt is induced into the lattice replacing Zinc
A New Model: Advancing Organizational Security Through PeacebuildingMichele Chubirka
Why is the security industry so full of fail? We spend millions of dollars on firewalls, IPS, IDS, DLP, professional penetration tests and assessments, vulnerability and compliance tools, but at the end of the day, the weakest link is the user and his or her inability to make the right choices. It's enough to make a security professional cry.
The one thing you can depend upon in an enterprise is that many of your users, even with training, will still make the wrong choices. They will violate BYOD restrictions, click on links they shouldn't, respond to phishing scams, open documents without thinking, post too much information on Twitter and Facebook, use their pet's name as passwords, etc. But what if this isn't because users hate us or are too stupid?
What if all our ignored policies and procedures regarding the best security practices have more to do with our failure to understand modern neuroscience and the human mind's resistance to change?
Humans are wired to be emotional beings. These emotions influence most of our decisions, both good and bad. In failing to understand how this is at the root of user non-compliance, no matter how much money we spend on expensive hardware and software, we will fail to achieve the goal of good organizational security. With a goal of understanding human behavior, the session will combine concepts from applied neuroscience with physical and interactive exercises based upon the principles of mindfulness and martial arts.
Humans Aren’t Computers: Effective Management Strategies for IT LeadersMichele Chubirka
IT leaders are expected to break down silos between different technology teams, get end users to understand and embrace policies, and forge productive relationships with their counterparts on the business side of the organization. This is harder than it sounds, because while people can behave rationally, they can also be governed by emotions such as frustration and fear of change. They can be driven by ego, a bad attitude, or simple ignorance. They can cause conflict that can disrupt professional relationships, drag down a team or even poison an entire department. Unfortunately for technical-minded leaders, there’s no Python script to program company-wide collaboration and harmony and get everyone to sing Kumbaya. We have to learn how to build healthy relationships with employees, drive engagement, and understand how to resolve conflicts using practical, effective strategies.
1. All of the following are common changes that occur in a.docxcorbing9ttj
1.
All of the following are common changes that occur in adulthood
except
midlife transitions.
divorce.
menopause.
D.
life reviews.
2.
Sabrina, Ali, and Jasmine are discussing the differences between central route processing and peripheral route processing. Jasmine believes that peripheral route processing is what results when a person thoughtfully considers the issues and arguments involved in a persuasive argument. Ali says central route processing is when a person is persuaded by factors irrelevant or extraneous to the issue. Sabrina insists they've both got the definitions mixed up. Who is correct?
Sabrina
Jasmine
Ali and Jasmine
Sabrina and Ali
3.
Prozac, Celexa, Zoloft, Paxil, and Lexapro are common drugs used to treat
depression.
psychosis.
obsessive compulsive disorder.
anxiety.
4.
Behavioral therapy would employ all of the following treatment techniques
except
aversive conditioning.
exposure treatment.
meditation.
systematic desensitization.
5.
What would be the best type of schedule to enforce a slow, steady response?
Fixed-ratio
Variable-ratio
Fixed-interval
Variable-interval
6.
The startle reflex occurs when
a baby's cheek is rubbed and he/she seeks to nurse.
a baby's toes fan out when his/her foot is stroked.
a baby flings out his/her arms and legs at a sudden noise.
a baby cries when he/she hears a stranger's voice.
7.
Bandura's Bobo Doll experiment demonstrated
obedience.
social identity.
ethnocentricity.
observational learning.
8.
According to Maslow, we pass through a hierarchy, and the _______ stage is where people meet their highest potential.
safety
esteem
love and belonging
self-actualization
9.
All of the following are valid methods of coping with stress
except
for
changing your goals.
learned helplessness.
eustress.
blue lining.
10.
According to the textbook, the worst parents are those who are
authoritarian.
authoritative.
permissive.
uninvolved.
11.
How often is the following statement
true?
To successfully conduct experimental research, it's important to have signed informed consents from participants.
The statement is always true.
The statement is true occasionally.
The statement is true most of the time.
The statement is false.
12.
Insomnia affects approximately _______ percent of people and nearly _______ million people suffer from sleep apnea.
20; 30
30; 10
10; 20
30; 20
13.
What are the purposes of dreams, according to Freud?
Neither
Both
Dreams for survival
Unconscious wish fulfillment
14.
According to the
DSM-IV-TR
and your text, several different mental disorders are currently recognized. Which symptoms and subcategories are correctly aligned?
Dissociative disorders: multiple personality disorder, dissociative amnesia, and dissociative fugue
Mood disorders: disorganized, paranoid, catatonic, and undifferentiated
Somatoform disorders: generalized anxiety, panic, obsessive compulsive disorder, and PTSD
Schizophrenia: hypochondriasis and conversion disorder
15.
.
1. Visual illusions (also called optical illusions) show that the br.pdfmohammedfootwear
1. Visual illusions (also called optical illusions) show that the brain can be readily fooled. (1
page)
a. What insights do visual illusions offer us regarding the workings of the brain?
b. How can these insights be extended to explain the brain’s role in decision making?
2. One of the most intriguing questions we face when studying how the brain functions in
making decisions is: What role does the unconscious brain play in decision making? (1-2 pages
total)
a. What are the strengths and limitations of the conscious brain in decision making?
b. How can the unconscious brain contribute to an individual’s decision making capability?
c. What do anecdotal accounts—such as those provided by Malcolm Gladwell in Blink—tell us
about the role of the unconscious brain in decision making?
d. What do experimental studies—such as those carried out by Wilson and Dijksterhuis—tell
us?
e. Based on the experimental studies reported in Framing Decisions, what are the merits of
making on-the-spot decisions vs. decisions after substantial deliberation (e.g, by sleeping on a
decision)?
3. Page 104 of Framing Decisions identifies four sets of questions decisions makers need to
address when making decisions of consequence in order to surface potential moral hazard
situations. Explain the rationale underlying each question. If you ask these questions when
deliberating on decisions of consequence, how can you improve the quality of your decision
making? (1-2 pages)
Solution
Answer-1
a. When you look at something, what you’re really seeing is the light that bounced off of it and
entered your eye, which converts the light into electrical impulses that your brain can turn into an
image you can use. The process that takes about a tenth of a second but your eyes receive a
constant stream of light, an incredible amount of information, so it’s really difficult for your
brain to try to focus on everything at once. It would be like trying to take a sip of water from a
firehose. So your brain takes shortcuts, simplifying what you see to help you concentrate on
what’s important, which helps compensate for your brain’s tenth-of-a-second processing lag.
This trait helped early humans survive encounters with fast predators – or at the very least avoid
running into obstacles like trees.
b. a sample of three decision errors. First, the default effectoccurs when people end up
“choosing” different options when allowed not to choose at all, i.e., when a lack of any active
selection returns the default. Impressively, countries that allow individuals to decline being a
potential organ donor have far greater donor pools than countries that allow individuals to
decline not being a potential donor (Johnson & Goldstein, 2003). Second, Dan reports that
physicians are more likely to pull a patient back from scheduled surgery when they discover that
they forgot to test the efficacy of one drug, than when they notice that they overlooked two
drugs. In the latter case, the physicians would need t.
Utilizing recent neuroscience research, this presentation builds awareness of 5 key factors which enable leaders to more effectively communicate in ways that build connection through the establishment of safety and respect.
Florida Mediator Helps You to Understand Your Client's Brain UWWM
What wacky, weird and mostly wonderful things are happening inside your client's brain during mediation? Longtime mediator Michelle Jernigan helps litigators to make sense of it all so they can better support and guide their clients.
This presentation explores neuroscience from critical perspectives. It expands brain-centred neuroscience by incorporating research findings from somatic psychology and contemporary genetics.
Social cognitive theory in mass communication - Prepared by Fiza Zia Ul HannanDr. Fiza Zia Ul Hannan
This theory refers to the cognitive capability to learn and adopt new knowledge in ways a human mind has not comprehended before. Its philosophical description deals with understanding of the psycho-social mechanisms, which affect human thought and action.
It was a combined effort with my classmates Shareefa Abdul-Ali and Md Khan. We answer the question: Does moral action depend on reasoning? We used as our main sources the Antonio Damasio and Sigmund Freud ideas to answer this questions. In addition, we gave our personal opinion on the matter
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
A New Model: Advancing Organizational Security Through Peacebuilding
1. A New Model: Advancing Organizational
Security Through Peacebuilding
2. Who Are We?
Michele Chubirka, aka "Mrs. Y.," is a recovering UNIX
engineer working in security. She is also the host of the
Healthy Paranoia podcast, the information security feed
of Packetpushers, and official nerd hunter. She likes
long walks in hubsites, traveling to security
conferences, and spending time in the Bat Cave.
Sincerely believes that every problem can be solved
with a "for" loop.
Joe Weston is a workshop facilitator, consultant, and
author of the book Mastering Respectful Confrontation.
He is also the founder of the Heartwalker Peace
Project, which creates opportunities for connection,
discussion, and creative collaboration.
5. A Language of Violence
The taxonomy of information security is borrowed from
the language of war.
How does this impact the way we interact with our user
community?
How does this affect the practitioners?
7. "The human brain hasn't had a hardware upgrade in about
100,000 years."
Daniel Goleman, Author of Emotional Intelligence
8. Users Aren’t Stupid
We spend millions of dollars on security products and
at the end of the day, the weakest link is the user.
Even with training, users make the wrong choices.
What if the problem isn’t about the user at all, but us?
9. Something isn’t working
We’re swimming in data, but we still can’t make
predictions about intrusions.
How can we realistically change user behavior?
12. Neuroscience 101
Limbic System: The interior of the cortex, includes the hippocampus and
amygdala. Supports emotion and long-term memory.
Prefrontal Cortex: Region responsible for planning, decision making and
moderating behavior.
Think of the limbic system to the prefrontal cortex as a horse is to a rider.
13. Demonstration: A Brain In the
Palm of Your Hand
Hold up your hand and make a fist.
This is a good representation of the brain and
spinal column.
The brain stem, limbic system and neocortex.
* These two slides are oversimplifications of a very complex
system.
14. The Threat Response: Step 1
Cortex receives input (externally or internally) from the
thalamus, a component of the limbic system.
15. The Threat Response: Step 2
Limbic system and prefrontal cortex (the executive or
evaluator of the brain) take in data simultaneously.
16. The Threat Response: Step 3
Amygdala, responsible for emotional response and
memory, acts as an alarm activating the fight/flight
hormonal response if threat is perceived.
17. The Threat Response: 4
Then the sympathetic nervous system sets up organs and
muscles for fight/flight response, inhibiting digestion and
the hypothalamus prompts the release of stress
hormones.
18. Emotional Contagion
The limbic system is an ―open loop,‖ influenced by
other people’s emotions, aka mirror neurons.
Mirror neurons activate when an animal performs an
action or when an animal observes the same action of
another animal.
They are thought to be the basis of empathy.
Also called emotional contagion.
19. Negativity
The brain has a negativity bias because the limbic
system is quicker than the prefrontal cortex at
perceiving and analyzing potential threats.
Traumatic experiences are ―stickier‖ than positive,
happy experiences, i.e. harder to un-map.
20. No Escape From Threat
Most of us are in a permanent state of cortisol overload
due to the constant stressors of modern life and the
fact that stress hormones stay in the body for hours.
This decreases intellectual capacity, memory capacity
and lowers impulse control.
Stress makes you stupid.
21. Amygdala Hijack
Key indicator: intense and immediate emotional reaction,
followed by the understanding that it was inappropriate.
I thought that stick on the ground was a snake!
I don’t like you or I’m bored, so I won’t cooperate or listen to
what you have to say.
That guy who cut me off in traffic was trying to kill me!
Why were you so insulting to me in that email yesterday?
(studies show there’s a negativity bias in email.)
Other examples?
22. Thin Slicing: Warren Harding
Syndrome
Human beings make quick decisions based on intuition.
Think ―love at first sight‖ or a ―gut reaction.‖
This is sometimes called ―Thin Slicing.‖
One example is ―Warren Harding Syndrome.‖ A
mediocre presidential candidate, Americans voted for
him , because he was tall, good looking and charming.
24. Thin Slicing: Bedside Manner
The likelihood of a doctor being sued has little to do
with the number of errors made.
In an analysis of malpractice lawsuits, there was no
correlation between the number of mistakes by doctors
and how many lawsuits were filed against them.
25. Malpractice?
In studies, psychologists were able to predict which
doctors would be sued more by analyzing the amount
of time spent with patients and if the tone of their voices
sounded ―concerned.‖
Patients file lawsuits because of how they are treated.
26. The Power of Mirror Neurons
Marie Dasborough observed two groups:
One group was given negative feedback accompanied
by positive emotional signs, nods and smiles.
Another was provided positive feedback that was
delivered using negative emotional cues, frowns and
narrowed eyes.
27. Entrainment
Those who received the positive feedback
accompanied by negative emotional signs reported that
they felt worse than participants who received negative
feedback given with positive emotional cues.
The delivery was more important than the message.
Your emotions and actions will be mirrored by those
around you.
This is similar to a phenomenon known in physics as
entrainment.
28. Is Efficiency Overrated?
Study conducted by Gillian M. Sandstrom and
Elizabeth W. Dunn of the University of British Columbia.
Participants who ―smiled, made eye contact, and talked
with the cashier‖ at a coffee shop reported higher
satisfaction and moods than those who avoided
interaction.
Small, unimportant interactions with others can create a
feeling of connection according to researchers.
29. There’s No Mr. Spock
Neurologist, Dr. Antonio Damasio, had a patient who
had been a successful corporate lawyer.
A tumor was discovered in his prefrontal lobes and the
surgeon who removed it inadvertently severed the
circuit between this area and his amygdala.
30. Somatic Marker
There was no obvious damage to his cognitive abilities,
but his life fell apart.
It was discovered that he couldn’t make decisions
when presented with the simplest choices.
He no longer had any feelings regarding these options,
no preferences.
This is the basis for Damasio’s Somatic Marker
Hypothesis, in which it is proposed that emotions assist
with complex decision-making.
31. It is a gross
misconception that
reason can be
completely separated
from emotion.
32. You’re the Threat
The WAY we present information is just as important as
WHAT we present.
In the first few minutes we interact with someone, we’re
being assessed for our potential to provide reward or
punishment.
Could I have some carrot with that stick?
33. It’s Tribal
As humans, we’re constantly trying to maximize
pleasure or minimize pain.
That black, unwashed t-shirt and body art may feel like
a personal statement, but it can impact and even
alienate those we’re trying to convince.
Are you a member of their tribe?
34. Social Connections Matter
Anthropologist Robin Dunbar found that a species’
brain size—size of its neocortex, the outermost layer—
is linked to the size of its social group.
We have big brains in order to socialize.
35. We’re Wired To Be Social
In the brain’s non-active moments, when not involved in
a specific task, it reverts to a configuration called the
―default network.‖
According to researcher, Matthew Lieberman, this
appears to resemble another configuration, the social
thinking brain, which is empathetic.
―The default network directs us to think about other
people’s minds—their thoughts, feelings, and goals.‖
37. Training That Works
The Dynamic Feedback Loop
In the 1960s, Stanford University psychologist Albert
Bandura determined that giving individuals a clear goal
and a method of evaluating progress increased the
likelihood that they would achieve it.
38. Feedback Loops
Where are they used?
Personal training, leadership coaching, digital speeding
signs.
In Garden Grove, California, the use of digital
speeding signs reduced speeds on an average of 10%.
This was more effective than police ticketing.
39. Let’s Have Some Fun
Draw the letter ―e‖ in the air in front of
you.
*This is a decade-old method social scientists use to measure
perspective-taking – the ability to put yourself in someone else’s
shoes.
40. Communication That Works
• Interaction based on the core competencies of
Emotional Intelligence, such as self-awareness, selfregulation, empathy, and motivation.
• Social engineers already use some of these skills to
create emotional and social affinity with a target. It’s
called pseudo-empathy.
• Conflict resolution methods such as those based on
Non Violent Communication (NVC) and Restorative
Practices.
41. Self Awareness Exercise
It’s called ―labeling‖
Think of it like putting yourself in debug mode.
Process emotions or sensations you experience in real
time.
Let’s try it.
Say to yourself, ―Right now, I’m experiencing….‖
47. Respect
If you want respect, you have to give it.
How do we disrespect our users?
Sophos study said only 4% of IT staff trust their users.
What percentage of users trust US?
48. ―How To Break a Terrorist‖
Two tragedies to Abu Ghraib.
The human cruelty
The obvious failure of humiliation and violence in
gathering intelligence.
Interrogator, Matthew Alexander, discovered that building
rapport with prisoners was the most efficient way to get
information and stop terrorism in Iraq.
49. ―The quickest way to get most (but not all) captives talking
is to be nice to them.‖
Mark Bowden, author of Black Hawk Down
50. Motivation
Study sponsored by the Federal Reserve Bank found
three main factors motivate people in their work.
Autonomy
Mastery
Purpose
If we want security ―wins‖ we have to include everyone as
partners in a cooperative process.
51. Neuroplasticity: You Can
Change Your Brain
It is no longer believed that the brain becomes static
after childhood.
The brain is always changing. This is caused by
physiological, environmental and behavioral factors.
A study found increased cortical gyrification with more
years of mindfulness practice.
Higher gyrification usually correlates to intelligence.
60. “Water is fluid, soft, and yielding. But water will wear away
rock, which is rigid and cannot yield. As a rule, whatever
is fluid, soft, and yielding will overcome whatever is rigid
and hard. This is another paradox: what is soft is strong.”
Lao Tzu
67. 5 Steps of Clear
Communication
1. Contact with yourself
2. Contact with other
3. Desire/Impulse
4. Act of communication
5. Received message
68. Key Takeaways
Bad trumps good in the human brain.
You can’t turn your emotions off or leave them at home. It’s
like wearing a bad toupee. You aren’t fooling anyone.
If the limbic system is an open loop, we’re all responsible for
the quality of the emotional landscape.
Stress makes you stupid, by shutting down blood flow to the
critical pre-frontal lobes. If you set off a stress response in
someone, you minimize the chance of having a rational
dialogue with them.
Confrontation isn’t always negative. Resistance to change
can be a valuable source of feedback.
69. Cyber Peace
Peaceful doesn’t mean passive.
Peace isn’t the absence of war or conflict.
Violence isn’t always physical. There are subtle ways to
commit harm against another.
Let’s stop blaming the victims and work in partnership
with our users to empower each other in our mutual goal
of enterprise security.
70. ―If you use government to show them the Way and punishment to keep them
true, the people will grow evasive and lose all remorse. But if you use integrity
to show them the Way and Ritual to keep them true, they’ll cultivate remorse
and always see deeply into things.‖
From ―The Analects‖ of Confucius 5th century B.C.E.
71. Where Can You Find Us?
Michele Chubirka, spending quality time in kernel mode.
http://www.healthyparanoia.net
Twitter @MrsYisWhy
Google+ MrsYisWhy
networksecurityprincess@gmail.com
Joe Weston, writing and teaching workshops.
http://www.respectfulconfrontation.com/
72. A" en%on'Tutorial'A" endees!'
A" en%on'Tutorial'A" endees!'
Attention Tutorial Attendees!
Please'don’t'forget'to'fill'out'your'Tutorial'Surveys.'
A" en%on'Tutorial'A" endees!'
Please don’t forget to fill out your Tutorial Surveys.
Please'don’t'forget'to'fill'out'your'Tutorial'Surveys.'
Please'don’t'forget'to'fill'out'your'Tutorial'Surveys.'
Your feedback is very important to us and helps us shape
the future
of the LISA training program.
Please visit www.usenix.org/lisa13/training/survey and fill
out the appropriate surveys.
Thanks for your help!
'
''
73. References
Chubirka, Michele. "Is Cyber Security a Form of Violence." Web log post. Packetpushers. Packetpushers, 31 Jan. 2012. Web.
Esfahani Smith, Emily. "Social Connection Makes a Better Brain." The Atlantic 29 Oct. 2013: n. pag. Print.
Goleman, Daniel, and Richard Boyatzis. "Social Intelligence and the Biology of Leadership." Harvard Business Review Sept. 2008: 74-81.
Print.
Goleman, Daniel. Working with Emotional Intelligence. New York: Bantam, 1998. Print.
Hanson, Rick, and Richard Mendius. Buddha's Brain: The Practical Neuroscience of Happiness, Love & Wisdom. Oakland, CA: New
Harbinger Publications, 2009. Print.
Kryder, Suzanne. The Mind to Lead. N.p.: NeuroLeap, 2011. Print.
Luders, Eileen, Florian Kurth, Emeran A. Mayer, Arthur W. Toga, Katherine L. Narr, and Christian Gaser. "The Unique Brain Anatomy of
Meditation Practitioners: Alterations in Cortical Gyrification." Frontiers in Human Neuroscience 6.34 (2012): 1-9. Print.
O'Connell, Andrew. "HBR Blog Network / The Daily Stat." Harvard Business Review. Harvard Business Review, 30 Oct. 2013. Web. 02 Nov.
2013.
Pink, Daniel H. Drive: The Surprising Truth about What Motivates Us. New York, NY: Riverhead, 2009. Print.
Pink, Daniel. "Why Bosses Need to Show Their Soft Side." The Telegraph 17 July 2011: n. pag. Print.
Rosenberg, Marshall B. Nonviolent Communication: A Language of Life. Encinitas, CA: PuddleDancer, 2003. Print.
Siegel, Daniel J. The Mindful Brain: Reflection and Attunement in the Cultivation of Well-being. New York: W.W. Norton, 2007. Print.
Weston, Joe. Mastering Respectful Confrontation: A Guide to Personal Freedom and Empowered, Collaborative Engagement. Emeryville,
CA: Heartwalker, 2011. Print.
Zehr, Howard. The Little Book of Restorative Justice. Intercourse, PA: Good, 2002. Print.
Editor's Notes
I’d like you to rewrite this in your language.
What’s on the side of an LA police car? Protect and serve.