Author Interview: The Human Side of Cyber with Sarah Aalborg

Author Interview: The Human Side of Cyber with Sarah Aalborg

Exploring Cognitive Biases in Security Culture

Here at Security Blend Books, we recently had the pleasure of sitting down with Sarah Aalborg, the brilliant mind behind Secure By Choice. For those unfamiliar, Sarah’s book delves into the crucial area of cognitive biases and their profound impact on security culture and risk assessment within organizations.

As I discovered during our conversation, Sarah’s journey into this field was sparked by frustration with the gap between knowing what to do in security and actually implementing secure behaviours within organizations. Despite the implementation of technical solutions and comprehensive documentation, she observed a disconnect - leading her to explore the human aspects of cybersecurity.

This journey took her through change management and into the realm of cognitive biases and the subconscious brain, ultimately culminating in Secure By Choice - a book she felt compelled to write because nothing quite like it existed.

Watch the Full Interview

Key Takeaways from Our Interview

1. Understanding Our Own Biases

A fundamental challenge in security is that we are often unaware of how our subconscious biases influence our daily work. Sarah explained how reading Secure By Choice can provide that “aha moment,” helping individuals understand why certain beliefs and behaviors persist in security culture.

2. Practical Strategies for Security Awareness

We also discussed actionable ways to mitigate risks associated with these biases, and even leverage them to support security initiatives. For example:

  • Combating Optimism Bias: Recognizing our tendency to favor the most positive outcome and proactively countering it.

  • Leveraging Social Influence: Using the tendency to follow the majority to encourage security-positive behaviors.

  • The Reciprocity Effect: Small gestures of appreciation can foster a stronger security culture.

3. Overcoming Organizational Roadblocks

Sarah highlighted major obstacles organizations face when addressing cognitive biases, including:

  • The knowledge-to-action gap: Simply knowing about security risks doesn’t translate to secure actions. Annual e-learning programs alone are ineffective.

  • IT Security as Everyone’s Responsibility: Shifting the mindset that cybersecurity is solely the IT department’s concern and promoting broader organizational buy-in.

Back to blog

Leave a comment

Please note, comments need to be approved before they are published.