Compromising Positions - A Cyber Security Podcast – Details, episodes & analysis

Did you know the best way to bring down hackers is to punch them in the face? That if you don’t have a seven screen set up you’re a rogue amateur? Or that the best hackers have fins?

This Episode we are joined by Simon Painter a senior software engineer with nearly 20 years of experience in the industry and author of the book Functional Programming with C#.

In this episode, Hack The Movies! The Best And Worst Hacker Movies Part 2! Our regular programming has been hijacked to bring you a discussion on the best, and worst, hacker movies! In this episode we cover The Beekeeper (2024), Swordfish (2001), Jonny Mnemonic (1995), Paper Man (1971) and The Italian Job (1969).

So boot up that modem, turn off the lights and enter the deepest darkest web of hacker forums, and try not overload your memory bank, as we explore this sometimes brilliant and sometimes bonkers sub-genre!

Show Notes

A Developer Goes to The Movies! Simon’s fantastic history on how technology features in films

Paper Man (1971)

About SIMON PAINTER

With nearly 20 years of software engineering experience across various industries, Simon is a Senior Software Engineer at Talos360. Simon is also a Microsoft Most Valuable Professional (MVP) since 2023, an O'Reilly technical book author, and a public speaker at IT events worldwide.

His core competencies include C#, JavaScript, React.js, and Microsoft Azure, as well as ITIL and computer security.

LINKS FOR SIMON PaINTER

Simon’s Website

Simon’s Linkedin

Simon’s Book, Functional Programming with C#

We all know running a cybersecurity function is expensive and many of us have a hard time successfully negotiating the budgets we need to keep our organisation safe.

But what if we let you in on the secrets of successfully securing your cybersecurity budget?

This week we are joined by Scott Robertson, CFO of CreateFuture and he gives us the insights on what you should ask for when it comes to your next yearly budget, how to ask for it and crucially (because timing is everything when it comes to money!) when to ask for it!

Key Takeaways:

What Does a CFO do? A CFO is not just about managing financials but also safeguarding assets and ensuring future stability through effective risk management.

Time Your Requests Strategically: Discover the optimal timing to approach your CFO for budget increases and how to align your requests with the organisation's financial planning.

Quantify the Cost of Risk: Learn how to effectively communicate the potential financial impact of cyberattacks and the value of preventive measures.

Build Strong Relationships: Cultivate relationships with key stakeholders, including the CFO and other executives, to foster trust and support.

Prioritise and Justify: Identify critical security needs, prioritise investments, and present a compelling business case to secure the necessary budget.

This episode we are joined by the awesome Steve Trapps. Steve is the co-owner of Scrum Facilitators, an experienced Scrum Master, and a Professional Scrum Trainer with 20 years plus of experience in delivering complex products in many different business sectors.

This week we answer that age old question, Can Cybersecurity Teams Actually Do Scrum? To answer that, we do a deep dive into when you should and shouldn’t use scrum in your cybersecurity teams and of course, we will learn exactly what a scrum master does! 

Together we will explore how scrum can be used to foster better conversations, create transparency and help you achieve your goal; what it takes to be an A1 facilitator, like Steve, as well as how not to get caught up in the dogma of ‘the scrum guide’!

Key Takeaways:

What is Scrum? How do I become a Scrum Master? More than just overseeing daily stand ups and organising Jira tickets we unveil the multifaceted responsibilities of a Scrum Master, including coaching, mentoring, and facilitating effective teamwork.

Scrum for the Unknown, Not the Mundane: Scrum shines in situations with complexity and uncertainty, perfect for tackling emerging threats! But for routine tasks (BAU), consider alternative approaches.

Ditch the "Scrum Guide Says" Mindset: Focus on the purpose of Scrum - fostering conversations, transparency, and clear outcomes. Don't get bogged down in dogma!

How To Spot a Bad Meeting? Well you’re sweet for asking but…

Links to everything we discussed in this episode can be found in the show notes and if you liked the show, please do leave us a review.

Follow us on all good podcasting platforms and via our YouTube channel, and don't forget to share on LinkedIn and in your teams.

It really helps us spread the word and get high-quality guests, on future episodes. 

We hope you enjoyed this episode - See you next time, keep secure, and don’t forget to ask yourself, ‘Am I the compromising position here?’ 

Keywords: cybersecurity, agile, scrum, scrum master, coaching, facilitation, kanban

Show Notes

Visual Thinking: The Hidden Gifts of People Who Think in Pictures, Patterns and Abstractions by Temple Grandin

Radical Candor: How to Get What You Want by Saying What You Mean by Kim Scott

Creativity, Inc.: an inspiring look at how creativity can - and should - be harnessed for business success by the founder of Pixar by Ed Catmull

About Steve Trapps

Steve Trapps is the co-owner of Scrum Facilitators, an experienced Scrum Master, and a Professional Scrum Trainer with 20 years plus of experience in delivering complex products in many different business sectors. He started his career as a software developer, working for Nestle before working for Sky, building applications & websites for many of the English Premier League football teams. Previously being a developer, Steve has worked in various teams (Scrum and none Scrum) so he comes packed with real-life stories, from Start-Ups building the next social media network up to large corporations handling thousands of transactions a second. If you want to learn from someone who has been there, then Steve can share experiences to help you on your way. Steve focuses on helping individuals & teams reach their full potential through professional development coaching and professional training.

LINKS FOR Steve Trapps

Steve’s LinkedIn

Scrum Facilitators

This episode we are joined by the brilliant Stefan Gaillard, the co-founder and current chair of the Journal of Trial & Error, a journal dedicated to highlighting the importance of trial and error in scientific practice and scholarship.

Trial and error is part of the scientific method but most of us are risk averse because we are so afraid of failure or we take great lengths to cover up anyone finding out that we have failed. There is so much shame around admitting to failure, especially in cybersecurity when, lets face it, most of us will experience the failure of our security controls eventually. But to hide from failure, not only from ourselves but also our peers, means missing out on important learning opportunities. We need to change this! If we don’t think about failure more, we are doomed to keep failing.

This episode we explore the importance of removing the stigma from failure, the benefits AND the dangers of tech’s ‘fail-fast’ mentality, what it’s like to live in the information overload age and finally, the importance of trial and error. 

Key Takeaways:

Removing the Stigma of Failure:  Learn why it’s crucial to view failure as a stepping stone rather than a setback. Stefan discusses how changing our perception of failure can lead to more innovative solutions.

Blame the System, Not the Individual: Discover the importance of considering human factors in cybersecurity incidents. Stefan explains why blaming individuals is often counterproductive and how systemic changes can prevent future errors.

The Information Overload Age: We’ve left the "Information Age" behind and entered the era of "Information Overload." With so much data and misinformation circulating, how do we stay focused and make informed decisions? Stefan shares his thoughts on how to navigate this landscape while avoiding cognitive overload.

Fail Fast, Innovate Faster: What are the pros and cons of a "fail-fast" mentality in tech? Stefan takes us through the benefits of quick iteration and the dangers of overpromising, using examples from AI winters and the current AI hype cycle. Understanding when to abandon a product or pivot can be the difference between success and stagnation.

Changing your mind is part of progress. Don’t fear shifting narratives when presented with new facts.

Keywords: cybersecurity, trial and error, testing, failure, experimentation

Show Notes

The Journal of Trial and Error

The British Library’s Cybersecurity Incident Review

Countering the Cognitive, Linguistic, and Psychological Underpinnings Behind Susceptibility to Fake News: A Review of Current Literature With Special Focus on the Role of Age and Digital Literacy

Overpromising in science and technology: An evaluative conceptualization

Ten simple rules for failing successfully in academia

About Stefan Gaillard

Stefan Gaillard is the co-founder and current chair of the Journal of Trial & Error, a journal dedicated to highlighting the importance of trial and error in scientific practice and scholarship. For this work he was selected for the Forbes 30 Under 30 list of 2024. Besides chairing the journal, Gaillard is currently pursuing a PhD in ‘Philosophy and Science Studies’. His research focuses on overpromising – what is it, how can we recognize it and when does science fail to correct it? In addition, he is project coordinator at The New Utrecht School, an interdisciplinary platform for urgent discussions on the interaction between the health domain, the arts, and the sciences and humanities. The New Utrecht School and the Journal of Trial and Error are currently hosting a series of lunch lectures and publishing a special issue on ‘Scientific failure and uncertainty in the health domain’.

LINKS FOR Stefan Gaillard

Stefan’s LinkedIn

Stefan’s X Account

This episode we are joined by the wonderful Jamie Sherman, a cultural anthropologist and principal UX researcher at ESRI.

We explore how words like ‘security and privacy’ are slippery and that can lead to a lot of confusion and misunderstanding.

How to ask better questions to really understand how to protect the people and our customers in an organisation and how to create the perfect ‘sniff test’ in our organisations so people feel more able to trust their intuition rather than relying on crap passwords.

And Finally we unpack the importance of hiring more anthropologists in cybersecurity because not everybody does it like us.

Key Takeaways:

Anthropology in Cybersecurity: A Game-Changer
Anthropology isn’t just the study of ancient cultures—it’s about understanding how people make meaning in their lives today. Anthropologists, through methods like ethnography and participant observation, can uncover the human side of cybersecurity, ensuring that security measures align with real-world behaviours, not just technical protocols.

What does ‘Security’ actually mean? Words are Slippery We don’t always have a shared meaning for terms like “security” and “privacy.” Misunderstandings can lead us down the wrong path, creating a sense of betrayal. It’s essential to ask, “What is security to you?” and make security visible without overwhelming users with cognitive load.

Sniff the milk, is it off? Traditional security measures, like passwords and phishing awareness, often overload users with cognitive demands. But what if we focused on building intuition instead? We can help users develop a gut sense of when something feels wrong—an essential skill in a world where data is constantly on the move and always at risk by triggering the same responses when we sniff off milk!

Asking the Right Questions: Better questions lead to better security controls and a deeper understanding of user needs.

Links to everything we discussed in this episode can be found in the show notes and if you liked the show, please do leave us a review.

Follow us on all good podcasting platforms and via our YouTube channel, and don't forget to share on LinkedIn and in your teams.

It really helps us spread the word and get high-quality guests, on future episodes. 

We hope you enjoyed this episode - See you next time, keep secure, and don’t forget to ask yourself, ‘Am I the compromising position here?’ 

Show Notes

Pumping Iron - Give it a watch!

Over Half of Cybersecurity Professionals Engage in Risky Behaviours at Work - KnowBe4

Purity and Danger: An Analysis of Concepts of Pollution and Taboo - Mary Douglas

About Jamie Sherman

Jamie Sherman is a cultural anthropologist and principal UX researcher at ESRI. She holds a PhD in anthropology (Princeton, 2011) and has been in the technology and UX space since joining Intel Labs in 2012, where she worked on a range of existing and emerging technologies, including wearable tech, virtual reality, and content creation. Her most recent focus is on the use of data and analytics to do things, from making movies to making maps.

LINKS FOR Jamie Sherman

Jamie’s LinkedIn

Keywords: cybersecurity, anthropology, user behaviour, privacy, UX

This Episode we’re heading back into the vaults to bring you the unabridged version of our fantastic and extremely popular interview with Bec McKeown, a chartered psychologist with extensive experience in carrying out applied research for organisations including the UK Ministry of Defence and the founder and director of Mind Science, an independent organisation that works with cybersecurity professionals.

Ever wanted to know the psychology behind cybersecurity? Bec takes us an a fascinating journey into the mind as we get acquainted with a smorgasbord of psychological concepts to help you understand your cybersecurity posture - especially during a dreaded cybersecurity incident!

Key Takeaways:

The curse of knowledge: Understanding what it's like to not understand cybersecurity from a technical perspective can be an advantage in helping you communicate better. By putting yourself in the shoes of the listener, you can convey complex ideas in a way that is easy to understand and relatable

Microlearning: Nobody wants to sit in training for three hours! Microlearning helps by breaking up information into bite-sized chunks that are easy to digest. It's also important to account for different learning styles and provide information in various formats.

Amygdala hijacking: Cybercriminals leverage amygdala hijacking, which occurs when the amygdala activates the fight-or-flight response when there is no serious threat to a person's safety. It's essential to recognize the contextual cue that led you to act that way and develop strategies to deal with it before it happens.

Awareness does not equal change in behaviour: One size doesn't fit all, and quantitative is usually valued over qualitative, which needs to change.

Focus on Impact Skills, Not Just Technical Knowledge: Decision-making, communication, and collaboration are the foundational skills needed to navigate complex cyber threats.

Show Notes

Immersive Labs

Bec’s Article in Immersive Labs on Workforce Resiliency

Christian Hunt’s episode - Compromising Positions

Article on Theory X and Theory Y - Mind Tools

Influence by Robert Cialdini

Actionable Gamification - Yu-Kai Chou

Kirkpatrick Model - Mind Tools

Copywrite movies. Privacy is a Crime Video

The software Lianne used on her tabletop exercise to get anonymous responses: Mentimeter and Slido

About Bec McKeown

Bec McKeown CPsychol is the Founder and Director of Mind Science, an independent organisation that works with cyber security professionals. She helps businesses to advance the human aspect of system resilience, so a collaborative culture of innovative thinking and an agile threat response becomes the norm.

As a Chartered Psychologist with extensive experience of carrying out applied research for organisations including the UK Ministry of Defence, Bec has gained a unique perspective on the ways humans react in times of crisis. She works at both operational and strategic levels, with a focus on situational awareness, decision-making and problem-solving in complex environments.

LINKS FOR Bec McKeown

Bec’s LinkedIn

Mind Science LTD

We’re still on a summer break but in the meantime we are delighted to share with you an episode from friend of the show, Cyber Empathy which Lianne appeared on earlier this year. In this episode Lianne discussed how she hates the term ‘weakest link’ when talking about our colleagues, how the language that we use in cybersecurity can be incredibly harmful to our cybersecurity posture, and how she applies her skills as an anthropologist to her organisation.

Key Takeaways:

Why Anthropology and Cybersecurity Make for Good Bedfellows - Cybercriminals are most successful when they aim for the human element. Knowing what it means to be human continues to be very important for facing emerging cybersecurity threats!

When Was the Last Time You Gave a Gift? Lianne discusses how the giving of ‘gifts’ in your organisation might just lead people to bond with your message through the principle of reciprocity.

Trust Issues? In cybersecurity our whole schtick is trust issues, but does it have to be that way? If we trusted people a little more, could they help us in the fight against cybersecurity criminals?

Tell Me a Story - Storytelling is the crux of human existence and one of our main drivers of our evolution - and yet in cybersecurity, despite having exciting stories to tell, we instead drone on about MFA! Lets make cybersecurity interesting again through storytelling!

Show Notes

Full show notes can be found at the source on Cyber Empathy

About Andra Zaharia

Andra is a cybersecurity communication manager focused on organic growth and fighting infosec marketing cliches to make content that people actually enjoy. She is also the creator of the award-winning podcast Cyber Empathy where she shares stories of kindness, curiosity and connections that show how humans shape online security and privacy.

LINKS FOR Andra Zaharia

Andra’s Website

Andra’s Podcast

Andra’s LinkedIn

Thank you kindly to Cyber Empathy for giving us permission to share this episode!

Keywords:

cybersecurity, storytelling, trust, anthropology, empathy, reciprocity

We’re still on a summer break but in the meantime we are delighted to share with you an episode from friend of the show, The Modern.Net Show in which Jeff and Lianne we’re interviewed on. In this discussion we talked about how you protect your ass-ets, your SDLC, and how to overall improve cybersecurity practices within your organisation.

Jamie is a great interviewer and we are sure you’ll enjoy his show. And if you do, don’t forget to look him up and subscribe to his channel. We’ve put details of where to find him in the show notes. Enjoy!

Thank you kindly to The Modern.Net Show for giving us permission to share this episode!

Key Takeaways:

Herd Mentality - Cybercriminals are always going for the easiest target so even a bit of extra security can make you look unappetising and unappealing to a hacker.

Being Secure is Never the Primary User Goal - Security should be invisible but that can only be achieved if you think in a humancentric way or utilise the principles of user experience, behavioural science and psychology.

Your Cybersecurity Team is Likely to be Overwhelmed - So give them a hand. If you want the to loosen up a security control, do you research! Explain why you need a certain library, for example, and explain how you intend to manage the risks. Don’t expect the cybersecurity team to have the time to do all the research for you!

Product Security Might be the Answer to Good Security - Why a holistic approach is the best approach to securing the products you are building.

Links to everything we discussed in this episode can be found in the show notes and if you liked the show, please do leave us a review.

Follow us on all good podcasting platforms and via our YouTube channel, and don't forget to share on LinkedIn and in your teams.

It really helps us spread the word and get high-quality guests, on future episodes. 

We hope you enjoyed this episode - See you next time, keep secure, and don’t forget to ask yourself, ‘Am I the compromising position here?’ 

Show Notes

Full show notes can be found at the source on The Modern.Net Show

About Jamie Taylor

Jamie is a Microsoft MVP and seasoned technologist specializing in .NET, Python, Go, and bespoke software delivery. With over a decade of experience, Jamie brings a unique blend of technical expertise and strategic thinking to the table.

In 2023, he was honoured with the award for Most Visionary Software Development Managing Director, a recognition that underscores his commitment to innovation and leadership in the industry. His journey is marked by a dedication to translating complex technological landscapes into tangible business benefits. As the host of The Modern .NET Show, an award-winning podcast, he showcases his deep technical knowledge and communicates complex concepts in an accessible manner.

LINKS FOR Jamie Taylor

Jamie’s Website

Jamie’s Podcast

Jamie’s LinkedIn

Keywords: cybersecurity, SSDLC, AppSec, dev, product security, storytelling

Welcome to Compromising Positions!

The award-winning tech podcast that asks non-cybersecurity professionals what we in the industry can do to make their lives easier and help make our organisations more prepared to face ever-changing human-centric cyber threats! 

This Episode we’re heading back into the vaults to bring you the unabridged version of our fantastic and extremely popular interview with Christian Hunt, the founder of Human Risk. He's a Behavioural Science expert and author of the award-winning book 'Humanizing Rules'.

Key Takeaways:

The Importance of Designing Things for how People Actually Behave (as opposed to how we would like them to behave!)

Are Phishing Simulations Still Fit for Purpose? The ethics of phishing simulations and how to measure the success of cybersecurity awareness training

F*ck Your Rules! We go into how people really feel about rules they don’t respect and how you can stop them from rebelling against your cybersecurity controls!

Stop Treating Everyone Like A Master Criminal! Why a one-size-fits-all approach to suspicion will be causing more harm than good for your cybersecurity posture

I’m Only H.U.M.A.N(S) - Christian shares his H.U.M.A.N.S framework to use in your organisation today!

Links to everything we discussed in this episode can be found in the show notes and if you liked the show, please do leave us a review.

Follow us on all good podcasting platforms and via our YouTube channel, and don't forget to share on LinkedIn and in your teams.

It really helps us spread the word and get high-quality guests, on future episodes. 

We hope you enjoyed this episode - See you next time, keep secure, and don’t forget to ask yourself, ‘Am I the compromising position here?’ 

Keywords: cybersecurity, phishing, behavioural science, rules, compliance, h.u.m.a.n.s framework

Show Notes

Christian’s Book (highly recommended) - Humanizing Rules

About Christian Hunt

Christian is the founder of Human Risk, a Behavioural Science (BeSci) led Consulting and Training Firm specialising in Ethics & Compliance and the author of a book, ‘Humanizing Rules’. He was formerly Managing Director, Head of Behavioural Science at UBS. Christian joined the Firm in Compliance & Operational Risk Control, leading the function globally for UBS Asset Management. Before joining UBS, he was COO of the UK Prudential Regulation Authority, a subsidiary of the Bank of England responsible for regulating financial services.

LINKS FOR Christian Hunt

Christian’s Website

Christian’s Podcast

Christian’s LinkedIn

This Episode we are joined by Simon Painter a senior software engineer with nearly 20 years of experience in the industry and author of the book Functional Programming with C#.

In this episode, Hack The Planet! The Best And Worst Hacker Movies Reviewed! Our regular programming has been hijacked to bring you a discussion on the best, and worst, hacker movies! In this episode we cover greats like Hackers, Sneakers, Jurassic Park and War Games, and not so great movies like The Net!

So boot up that modem, turn off the lights and enter the deepest darkest web of hacker forums, and try not to accidentally trigger thermonuclear war, as we explore this sometimes brilliant and sometimes bonkers sub-genre!

Disclaimer! This podcast is for educational purposes only and is distributed without profit. This Episode may contain copyrighted material whose use has not been specifically authorised by the copyright owner. We believe our use of such material constitutes fair use for the purpose of review, commentary, and critique

We Talked About A Lot Of Films In This Episode - Here’s The List:

Hacker Movies

Hackers (1995)

Sneakers (1992)

The Net (1995)

The Net 2.0 (2006)

Jurassic Park (1993)

Jumping Jack Flash (1986)

Brazil (1985)

The Italian Job (1969)

War Games (1983)

Electric Dreams (1984)

Swordfish (2001)

Mr Robot (TV(2015))

Non-Hacker Movies

Amélie (2001)

Blade Runner (1982)

Blade Runner 2049 (2017)

Arrival (2016)

Dune Part 1 (2021)

The Zone of Interest (2023)

The Duke of Burgundy (2014)

Flux Gourmet (2022)

In Fabric (2018)

Short Circuit (1986)

Flight of the Navigator (1986)

Metropolis (1927)

Cliffhanger (1993)

Tough Guys Don't Dance (1987)

Cast Away (2000)

The Fugitive (1993)

Links to everything we discussed in this episode can be found in the show notes and if you liked the show, please do leave us a review.

Follow us on all good podcasting platforms and via our YouTube channel, and don't forget to share on LinkedIn and in your teams.

It really helps us spread the word and get high-quality guests, on future episodes. 

We hope you enjoyed this episode - See you next time, keep secure, and don’t forget to ask yourself, ‘Am I the compromising position here?’ 

Keywords: cybersecurity, movies, series end, hackers, war games, sneakers, film

SHOW NOTES

Simon’s Book, Functional Programming with C#

Read Simon’s Film Reviews on his website

The beautiful Leeds Cinema, The Hyde Park Picture House

ABOUT SIMON PAINTER

With nearly 20 years of software engineering experience across various industries, Simon is a Senior Software Developer at Müller UK & Ireland, one of the leading dairy companies in Europe. Simon is also a Microsoft Most Valuable Professional (MVP) since 2023, an O'Reilly technical book author, and a public speaker at IT events worldwide.

His core competencies include C#, JavaScript, React.js, and Microsoft Azure, as well as ITIL and computer security.

LINKS FOR SIMON PAINTER

Simon’s Website

Simon’s Linkedin