Our focus at Pythia Cyber is behavioral cybersecurity. We bring the best in behavioral science and organizational behavior practice to the realm of cybersecurity. As part of the mission, we have developed three assessments of cybersecurity talent -- front-line, manager, leader -- for the purpose of assessing talents related to effective cybersecurity performance. Talent assessment is entirely a 'normal course of business' in the behavioral science and organizational behavior realms. Using a pre-hire assessment process means that you will find that some people have talent, maybe a lot of it, to be effective in these roles. There will also be people who score low on these assessments. Cybersecurity is a technologist domain. Talent assessment is a behavioral science domain. These are different domains, and that creates a need to create dialog and bridges between the two domains to capitalize on the synergy to be gained through their overlap.  First let's ask why we wish to cre...

This is the fourth of four related articles. The others are here: one  |  two  |  three  | four. Pythia Cyber was formed to seek a very particular Holy Grail: improving cybersecurity by combining behavioral science with information technology. It was clear to us that human behavior plays a huge role in cybersecurity failures and therefore deserves a large percentage of the time, energy and focus that the technology gets. Changing individual habits is hard. Changing organizational culture is exponentially harder. One effective way to change culture is through hiring. The problem is that hiring can be effective in either degrading or upgrading your culture, which is why hiring is so fraught. The problem isn't just hiring though: new people need to be integrated into your team and then kept engaged. Internally, we call these three phases Find, Manage and Retain but we bow to convention and call them externally "Talent Acquisition & Upskilling" (TAU for short). ...

This is the third of four related articles. The others are here: one  |  two  |  t hree |  four . Pythia Cyber was formed to seek a very particular Holy Grail: improving cybersecurity by combining behavioral science with information technology. It was clear to us that human behavior plays a huge role in cybersecurity failures and therefore deserves a large percentage of the time, energy and focus that the technology gets. Changing individual habits is hard. Changing organizational culture is exponentially harder. One effective way to change culture is through hiring. The problem is that hiring can be effective in either degrading or upgrading your culture, which is why hiring is so fraught. The problem isn't just hiring though: new people need to be integrated into your team and then kept engaged. Internally, we call these three phases Find, Manage and Retain but we bow to convention and call them externally "Talent Acquisition & Upskilling" (TAU for sh...

This is the second of four related articles. The others are here: one  | two |  three |   four . Pythia Cyber was formed to seek a very particular Holy Grail: improving cybersecurity by combining behavioral science with information technology. It was clear to us that human behavior plays a huge role in cybersecurity failures and therefore deserves a large percentage of the time, energy and focus that the technology gets. Changing individual habits is hard. Changing organizational culture is exponentially harder. One effective way to change culture is through hiring. The problem is that hiring can be effective in either degrading or upgrading your culture, which is why hiring is so fraught. The problem isn't just hiring though: new people need to be integrated into your team and then kept engaged. Internally, we call these three phases Find, Manage and Retain but we bow to convention and call them externally "Talent Acquisition & Upskilling" (TAU for short). In o...

This is the first of four related articles. The others   The others are here: one |  two  | three  | four . Pythia Cyber was formed to seek a very particular Holy Grail: improving cybersecurity by combining behavioral science with information technology. It was clear to us that human behavior plays a huge role in cybersecurity failures and therefore deserves a large percentage of the time, energy and focus that the technology gets. Alas, aside from scolding users about clicking on links in emails (which is sadly an important function these days) we see precious little attention being paid to human behavior in the typical corporate cybersecurity program. We know this because we have looked: we have trained an AI to analyze public statements about cybersecurity to see what management claims to focus on. We can see why it is tempting to assume that by "human behavior" we mean "those naive users who don't understand the threat environment." I too prefer to assume th...

Many people in developed countries, particularly in the US, feel they have a right (of sorts) to being happy. Or at the very least they feel they should be happy. Even when someone tells you that you have a right "to the pursuit of happiness" it feels like it's all upside. Over at The Growth Equation, Steve and Brad are there to tell you differently. Brad, author of the best-seller The Way of Excellence , and Steve's new blog post is "Struggle, joy, and the meaning of life." They particularly focused on Olympic Gold medalist Alysa Liu. Their next post was about Olympic Gold medalist Connor Hellebuyck. Both are must-reads. Their analysis of Liu, which is entirely consistent with their other wiring, centers on the 'the totality of the journey.' Here is how they put it: Alysa Liu worked hard, struggled, and sacrificed. She endured monster training sessions. She put in thousands of hours. She fell on ice more times than you could imagine. Anyone who tell...