Security Awareness Programs & Computer-Based Training , Training & Security Leadership , Video

Moving From Cybersecurity Awareness to a Security Culture

KnowBe4's Javvad Malik on a User-Centric Approach to Designing Security
Javvad Malik, lead security awareness advocate, KnowBe4

Establishing a robust security culture extends beyond tech-based solutions, underscoring the importance of clear and consistent messaging, said Javvad Malik, lead security awareness advocate at KnowBe4. Employees should hear a relevant message to embrace good security practices and principles of cyber hygiene, he said.

See Also: How to Strengthen Your Organisation's Last Line of Defense: Your Human Firewall

Often, security professionals overlook the human element in data breaches. Users need to not only use technologies including multifactor authentication but also understand how bad actors use social engineering to steal credentials.

"We start at awareness, and then we go to behavior, and then we go to culture," Malik said. "A good culture is where people are taking good risk decisions. They're conscious of the decisions, and the behaviors that they exhibit are within the tolerance levels of their organization."

In this interview with Information Security Media Group at Black Hat Europe 2023, Malik also discussed:

  • How to measure the effectiveness of a security program;
  • The importance of taking user behaviors into consideration when designing security programs;
  • Overcoming the challenges of building and maintaining a security culture.

Malik has held leadership roles in information security, risk management and IT advisory. He is the co-founder of Security BSides London and advocates for security awareness. His expertise spans technology research, community outreach and strategic advisory services.


About the Author

Anna Delaney

Anna Delaney

Director, ISMG Productions

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.