Sign up to save your podcasts
Or
Share Human Risk Intelligence: Is Behavioural Data the New Defence?
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Human Risk Intelligence: Is Behavioural Data the New Defence?
How do we measure and manage the human element of cyber risk beyond technology and basic security training?
In this episode, we covered the following topics:
Resources Mentioned
Connect with your host James Rees
Welcome to Razorwire, where we uncover what really matters in cybersecurity. I’m James Rees and in this episode, talking about the world of human risk intelligence with Flavius Plesu, Founder and CEO of OutThink. We'll question whether staff really are the 'weakest link' and instead explore how understanding real human behaviour can turn your workforce into a formidable security asset.
For too long, information security has focused almost exclusively on technical controls, but sophisticated attacks today often exploit human decision-making more than any firewall. Flavius draws on his experience as a CISO and innovator, sharing first-hand insights into how organisations can predict, quantify and actively manage risk stemming from their staff. We discuss psychological profiling techniques that identify high-risk individuals, methods for engaging employees in security and balancing monitoring with trust when using behavioural analytics. If you want to future-proof your security posture, this episode is essential listening.
3 Key Talking Points:
- Why traditional security awareness strategies fall short - and what truly effective human risk management looks like: Learn why measuring click rates and running generic training programmes leaves you blind to real human risk, and discover how behavioural science and crowdsourced intelligence can finally give you the visibility and control you need.
- Real world examples of predicting and preventing insider threats - before damage is done: See exactly how banks and enterprises use psychographic segmentation and statistical models to identify risky patterns in their workforce, and understand the practical steps to transform your incident response from reactive to predictive.
- Navigating the ethical line: how to balance security monitoring with employee privacy and trust: Master the delicate balance between effective security monitoring and employee rights, learning how transparency-driven design and GDPR-compliant approaches can turn potential resistance into active security partnership across your organisation.
Ready to rethink the human side of cyber risk? Tune in to this Razorwire episode and sharpen your defences from the inside out.
On Moving Beyond Traditional Training:
"Something like 90% of users admitted to bypassing security controls… with full knowledge that they're introducing additional risk to the organisation. So the idea that training would be enough, just train them, they'll get it. It's a bit naive."
Flavius Plesu
Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen
In this episode, we covered the following topics:
- The Evolution of Human Risk in Cybersecurity Learn how the industry's shift from purely technical controls to recognising human factors is reshaping security strategy and why this change is essential for modern organisations.
- Defining Human Risk Intelligence Understand what human risk intelligence actually means and discover how organisations can quantify and predict human behaviour to strengthen their cybersecurity posture.
- The Shortcomings of Traditional User Training Discover why legacy approaches like annual training and click-through tests fail to address real world human risk and what you should be doing instead.
- Accidental vs. Malicious Insider Threats Explore the full spectrum of risky behaviours your organisation faces, from unintentional mistakes to deliberate attempts to circumvent controls, and how to address each type.
- Behavioural Segmentation and Psychographics Learn how psychographic profiling and behavioural analysis can help you identify risk tendencies in your workforce and tailor security interventions accordingly.
- Crowdsourced Security Intelligence See how to leverage collective workforce insight to detect risks that traditional security teams miss, turning your employees into valuable intelligence sources.
- Storytelling in Incident Response Understand why analysing chains of behaviour, rather than isolated events, is crucial for predicting and preventing future security incidents.
- Predictive Modelling for Proactive Security Discover how combining multiple risk indicators enables you to anticipate and prevent security breaches before they occur, moving from reactive to proactive security.
- Balancing Security Monitoring with Privacy Navigate the ethical and practical challenges of user monitoring, particularly around GDPR compliance and maintaining employee trust.
- Cultivating a Security-Conscious Culture Learn strategies for engaging users constructively, transforming them from compliance-focused participants to active partners in your organisation's security efforts.
Resources Mentioned
- OutThink
- Gartner
- UCL (University College London)
- PhishMe
- SANS
- Bitdefender
- AVG
- IBM Watson
- LimeWire
- PCI DSS
- Microsoft Graph API
- The Cyber Sentinels Handbook
Connect with your host James Rees
Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.
Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.
With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.
For more information about us or if you have any questions you would like us to discuss email [email protected].
If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.
Linkedin: Razorthorn Security
Youtube: Razorthorn Security
Twitter: @RazorThornLTD
Website: www.razorthorn.com
All rights reserved. © Razorthorn Security LTD 2025
View all episodes
By Razorthorn SecurityHow do we measure and manage the human element of cyber risk beyond technology and basic security training?
In this episode, we covered the following topics:
Resources Mentioned
Connect with your host James Rees
Welcome to Razorwire, where we uncover what really matters in cybersecurity. I’m James Rees and in this episode, talking about the world of human risk intelligence with Flavius Plesu, Founder and CEO of OutThink. We'll question whether staff really are the 'weakest link' and instead explore how understanding real human behaviour can turn your workforce into a formidable security asset.
For too long, information security has focused almost exclusively on technical controls, but sophisticated attacks today often exploit human decision-making more than any firewall. Flavius draws on his experience as a CISO and innovator, sharing first-hand insights into how organisations can predict, quantify and actively manage risk stemming from their staff. We discuss psychological profiling techniques that identify high-risk individuals, methods for engaging employees in security and balancing monitoring with trust when using behavioural analytics. If you want to future-proof your security posture, this episode is essential listening.
3 Key Talking Points:
- Why traditional security awareness strategies fall short - and what truly effective human risk management looks like: Learn why measuring click rates and running generic training programmes leaves you blind to real human risk, and discover how behavioural science and crowdsourced intelligence can finally give you the visibility and control you need.
- Real world examples of predicting and preventing insider threats - before damage is done: See exactly how banks and enterprises use psychographic segmentation and statistical models to identify risky patterns in their workforce, and understand the practical steps to transform your incident response from reactive to predictive.
- Navigating the ethical line: how to balance security monitoring with employee privacy and trust: Master the delicate balance between effective security monitoring and employee rights, learning how transparency-driven design and GDPR-compliant approaches can turn potential resistance into active security partnership across your organisation.
Ready to rethink the human side of cyber risk? Tune in to this Razorwire episode and sharpen your defences from the inside out.
On Moving Beyond Traditional Training:
"Something like 90% of users admitted to bypassing security controls… with full knowledge that they're introducing additional risk to the organisation. So the idea that training would be enough, just train them, they'll get it. It's a bit naive."
Flavius Plesu
Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen
In this episode, we covered the following topics:
- The Evolution of Human Risk in Cybersecurity Learn how the industry's shift from purely technical controls to recognising human factors is reshaping security strategy and why this change is essential for modern organisations.
- Defining Human Risk Intelligence Understand what human risk intelligence actually means and discover how organisations can quantify and predict human behaviour to strengthen their cybersecurity posture.
- The Shortcomings of Traditional User Training Discover why legacy approaches like annual training and click-through tests fail to address real world human risk and what you should be doing instead.
- Accidental vs. Malicious Insider Threats Explore the full spectrum of risky behaviours your organisation faces, from unintentional mistakes to deliberate attempts to circumvent controls, and how to address each type.
- Behavioural Segmentation and Psychographics Learn how psychographic profiling and behavioural analysis can help you identify risk tendencies in your workforce and tailor security interventions accordingly.
- Crowdsourced Security Intelligence See how to leverage collective workforce insight to detect risks that traditional security teams miss, turning your employees into valuable intelligence sources.
- Storytelling in Incident Response Understand why analysing chains of behaviour, rather than isolated events, is crucial for predicting and preventing future security incidents.
- Predictive Modelling for Proactive Security Discover how combining multiple risk indicators enables you to anticipate and prevent security breaches before they occur, moving from reactive to proactive security.
- Balancing Security Monitoring with Privacy Navigate the ethical and practical challenges of user monitoring, particularly around GDPR compliance and maintaining employee trust.
- Cultivating a Security-Conscious Culture Learn strategies for engaging users constructively, transforming them from compliance-focused participants to active partners in your organisation's security efforts.
Resources Mentioned
- OutThink
- Gartner
- UCL (University College London)
- PhishMe
- SANS
- Bitdefender
- AVG
- IBM Watson
- LimeWire
- PCI DSS
- Microsoft Graph API
- The Cyber Sentinels Handbook
Connect with your host James Rees
Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.
Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.
With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.
For more information about us or if you have any questions you would like us to discuss email [email protected].
If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.
Linkedin: Razorthorn Security
Youtube: Razorthorn Security
Twitter: @RazorThornLTD
Website: www.razorthorn.com
All rights reserved. © Razorthorn Security LTD 2025