Podcasts
8th Layer Insights
Ep 21
8th Layer Insights 8.9.22
Ep 21 | 8.9.22

Cyber Mindfulness

Show Notes
Transcript

Perry Carpenter: Hi. I'm Perry Carpenter, and you're listening to "8th Layer Insights."

Perry Carpenter: Mindfulness - that's a word you've probably been hearing a lot these days. We live in a world that feels more fast-paced and stressful than ever before. On top of that, a global pandemic, political and social strife and economic uncertainties have only made things worse. Let's face it - we're all a bit anxious and stressed out. In the context we usually hear about it, mindfulness is about mental wellness. We are encouraged to slow down and focus on the present moment - to be more aware of our thoughts and emotions, which can then lead to better self-regulation and self-care and to reduce stress and improve our overall well-being. All of that makes sense from a self-care and well-being perspective. In fact, when someone says the term mindfulness, the pictures that immediately come into your mind might be TikTok influencers in yoga poses. And that's not a completely inaccurate description, but it's not fully accurate, either. So what is it? What is mindfulness, and what is the connection between mindfulness and cybersecurity? To help us explore those questions, I've invited four guests. You'll hear from Anna Collard, Yvonne and Jasmine Eskenzi and Michael Davis. Let's dive in. 

Anna Collard: Distraction, multitasking, being cognitively overloaded is sort of a side effect of our modern life. 

Yvonne Eskenzi: We're living in this instant society - this kind of, you know, now, now, now society - where the pressure is on us constantly. 

Jasmine Eskenzi: And when we look at cybersecurity, it is such a fast-paced industry, and people are having alert fatigue on a daily basis. 

Michael Davis: Finding one's own voice in the context of life in general is probably the best part about mindfulness. It's that we slow down enough to hear our own voice. 

Anna Collard: It's really talking about reflecting and observing things and not just reacting to impulses - reacting to emotions. 

Yvonne Eskenzi: We need people to be able to think clearly. 

Michael Davis: We have to listen with our third ear. 

Perry Carpenter: On today's show, we explore the concept of mindfulness - what it is, how it relates to cybersecurity, and how you can begin to use mindfulness to reduce human risk in your organization. Welcome to "8th Layer Insights." This podcast is a multidisciplinary exploration into the complexities of human nature and how those complexities impact everything from why we think the things that we think to why we do the things that we do, and how we can all make better decisions every day. This is "8th Layer Insights," Season 3, Episode 1. I'm Perry Carpenter. 

Perry Carpenter: And welcome to Season 3 of "8th Layer Insights." I hope you enjoyed the bonus episodes we released between seasons, but now it's time to get back to work. Back to the full swing of things - nose to the grindstone. Wait (sniffing) - incense? That smell seems to be coming from Carl's office. Let me go check on him. Carl? 

(SOUNDBITE OF FOOTSTEPS) 

Perry Carpenter: Carl? 

(SOUNDBITE OF KNOCKING) 

Perry Carpenter: Carl, what's going on? 

(SOUNDBITE OF TEXT TONE) 

Perry Carpenter: Carl - again with the texts. 

Perry Carpenter: He says, (reading) sorry, am I late for recording? I was just finishing my yoga practice. 

Perry Carpenter: Yeah, you're late. I already got started and just realized that - oh. 

Perry Carpenter: (Reading) Sorry for being late. It took me way longer than I expected to get these yoga pants on. 

Perry Carpenter: What? 

Perry Carpenter: (Reading) Seriously, I think they were, like, two sizes too small. You should see. 

Perry Carpenter: No, no, that's OK. You finish up and get changed, and I'll see you in a few. Carl again. 

Perry Carpenter: (Reading) Just one word - ouch. Chafing. OMG, I have never had this kind of chafing before. 

Perry Carpenter: That doesn't sound good. 

Perry Carpenter: (Reading) Do you think urgent care is still open? 

Perry Carpenter: This guy. Probably so. Go take care of yourself. I'll cover the recording stuff for today. 

Perry Carpenter: Well, we hope that Carl is OK for the rest of today and that he doesn't have any permanent damage from trying on yoga pants that are too small. But let's get back to it. Where were we? Oh. Oh, yeah - mindfulness. In the intro to this show, I always say that this podcast explores why we think the things that we think and do the things that we do. But let's take that phrase and put it on its side. Let's explore how we think the things that we think and perhaps discover alternate ways of doing the things that we do. That's where the concept of mindfulness comes in. Now, I've been hearing people talk about the connection between mindfulness and cybersecurity for a few years now, but I have not done a ton of personal research into it. So for today's show, I wanted to contact a few guides to help us out. Let me introduce you to one of them. 

Anna Collard: Hi. My name is Anna Collard, and I'm an evangelist for KnowBe4 in Africa. 

Perry Carpenter: I know you're quite passionate about mindfulness. So for you, when somebody uses the word mindfulness, what does that bring to mind? 

Anna Collard: Mindfulness - if we just look at it as a word semantically, it really just means reflecting or thinking about our thoughts. Unfortunately, a lot of people have religious connotations with it. Obviously, it's been also used a lot recently in the holistic health world, which is - it's a good thing. But, technically, it really just means to reflect or observe what's going on in the moment. 

Perry Carpenter: OK. So before we go much further, I want to introduce another guest so that we can start to have a discussion about how mindfulness can influence our interactions with technology and security. 

Michael Davis: My name is Mike Davis, and I run a cybersecurity company based in mindfulness. And the concept of mindfulness for this company - and my personal journey through mindfulness - is really just finding our digital why. It's mostly built around pausing, reflecting, but also just thinking about how we show up in tech. There's a certain balance in how we think and how we creatively attach to technology through mindfulness. So when we can pause enough to slow down, I think that's the best way to really kind of dig into what the benefits of mindfulness are. But more importantly, how do we better represent ourselves online, particularly when the online community is so full of the unknown? So mindfulness, relative to the concept, within cybersecurity, is on the back of safeties - on the back of reducing cyber carelessness, having better access to digital agency, and just being less distracted relative to tech. 

Perry Carpenter: So mindfulness carries with it the idea of being in the present moment. That sounds suspiciously like the concept of awareness that we commonly talk about. And it also reminds me of a short mental game that I included back in Episode 2 of Season 1. For those of you new to the show, here it is. 

(SOUNDBITE OF ARCHIVED BROADCAST) 

Perry Carpenter: We'll be talking a lot about mental processes today. And so before we go too much further, let's do a couple mental stretching exercises just to get ourselves ready. Try this with me. Try to say the word white five times, as fast as you can. All right? Go now. 

(SOUNDBITE OF TIMER TICKING AND BELL RINGING) 

Perry Carpenter: OK. Nice try, but I think you can do it faster and maybe even louder. Wherever you are, say white five times now. 

(SOUNDBITE OF TIMER TICKING AND BELL RINGING) 

Perry Carpenter: Great. Now answer this question - what do cows drink? 

(SOUNDBITE OF TIMER TICKING AND BELL RINGING) 

Perry Carpenter: You answered milk, didn't you? That's OK. Most people do. But even right now, you're realizing that was wrong because, of course, cows don't drink milk. They produce milk. Cows drink water. 

(SOUNDBITE OF COW MOOING) 

Perry Carpenter: And you may have even realized it as you were thinking it or as you were saying it - simultaneously thinking, this can't be right. But you felt the mental tug in that direction, and you couldn't resist it. There are some very good reasons why that is so. The first reason is because I set a frame. And what framing does is it sets context around a mental process or a way that somebody views the world. And so the framing here started with white. 

(SOUNDBITE OF BELL) 

Perry Carpenter: I was wanting you to think in the categories of white. And then the other main thing at play here was the idea of rushing you. 

(SOUNDBITE OF BELL) 

Perry Carpenter: Rushing you into it was to engage a very fast style of thinking, where you're likely to take shortcuts. You're very unlikely to think methodically or logically about something. Now you're in fast thinking mode, and your frame is white. So your natural tendency is to go into an associative mode of thinking where you look for an association to map to that answer. So you're thinking of white, and you're thinking of types of drinks - and then also, within frame and within the association, was the idea of a cow. 

(SOUNDBITE OF BELL) 

Perry Carpenter: And milk is the common association because of the context of white and the context of cow. So all of this framing and the pressure of the speed all come together to basically force your mind to pick milk. Got milk? 

(SOUNDBITE OF COW MOOING) 

Perry Carpenter: So mindfulness - being in the present moment - would help us not get stuck in these kinds of frames. Mindfulness is a mindset and a set of practices aimed at helping us slow down. And that's important. 

Perry Carpenter: When you think about mindfulness, you've been looking at it in relation to cybersecurity. So what's the connection there for you? 

Michael Davis: Simply put, the connection between mindfulness and cybersecurity is it's a meta experience - not Meta, the Facebook company, but meta in terms of meta-analysis. It's the meta of getting out of your own way and getting out of the real perspective in the moment and stepping outside of yourself to observe yourself. And I think that's - the real connection between mindfulness and cybersecurity is that we get a chance to really reflect from outside and to reduce carelessness and be less distracted and to better define our digital why. 

Anna Collard: So when we apply mindfulness as a stress-reducing technology or technique, and we then look at cybersecurity and the link between people being stressed, people being distracted, people being not in the moment and being more prone to human error or, for example, clicking on things that they shouldn't be clicking on, then mindfulness comes in as a - as like a - as a control, really, to help people to not just react to social engineering attacks that may invoke an emotion, for example, or to not just mindlessly click on things when we are distracted. 

Anna Collard: And I need to actually tell you a little story about that. What happened to me a couple of months ago is that - and I've been in cybersecurity for 20 years. I really should know better. But a couple of months ago, I was sitting in an Uber car because I had to pick up my own car from the service. And I was speaking to the driver, and it was after hours, and the area was a bit dodgy, so he dropped me off at the workshop. And I was looking around to see if there were any, you know, characters - looking around while speaking to the driver, while packing my bag and checking my email at the same time. In that moment, I did get an Uber-branded phishing email - well, phishing simulation email. And I don't know what happened. It was a very obvious email that I would never click on. It's verify your... 

Perry Carpenter: Right. 

Anna Collard: ...Account details. But in that moment, I clicked on it. And then I had to take training that I developed myself. And what was really interesting is that our IT department sent out - the security team - they sent out a survey. They said, what were you doing when this happened? Where were you? And I said, this is really interesting data 'cause I'd like to see what happens to other people within our own company, where we evangelized security... 

Perry Carpenter: Right. 

Anna Collard: ...Awareness - where we are being trained ruthlessly all the time, yet we still have people that fall for it, including myself. And what is interesting in the data is that 53% of our internal people fail phishing tests when they are distracted and multitasking. And that's exactly what happened to me as well. And the fact that the context was really perfect... 

Perry Carpenter: Right. 

Anna Collard: ...I think that's just a lucky coincidence for the security guys (laughter). 

Perry Carpenter: That's a key thing, though, is because in a lot of those phishing attacks, like Uber, there's a couple things that make those work. One is just familiarity with the brand. But then, of course, the distraction piece that you had is - I might absently do it. But then the other is that, at some point, there are going to be people that are in the right context. You're sitting in an Uber, and then so things just click in a different way. 

Anna Collard: Yeah. And then I looked into it a bit deeper, and I found other publicly released survey data. In fact, there was a survey done by Tessian - I think it was in 2020 - that said that 47% of the cases where people fall for phishing emails, distraction is the reason. And then 41% - again, distraction is the reason when they send out emails to people that they shouldn't send it. So it really - distraction, multitasking, being cognitively overloaded is a side effect of our modern life. And it also - and this comes where - now to link to the mindfulness point - it's when we are not mindful. So mindfulness - really talking about reflecting and being more in your sort of cognitive - the frontal lobe of your brain or of your being and observing things, and not just reacting to impulses, reacting to emotions. 

Anna Collard: From a social engineering point of view, that's exactly what they're trying to get us to do - is to hijack our critical thinking by invoking emotion such as a low-grade form of fear, urgency - all the techniques that are being used there. And if we are able to remind ourselves more often to actually take a breather, get back into the moment, not just react, but observe more - and I know it's difficult, particularly if a million things are going on at the same time, but that's really where mindfulness practice - and when I say practice, it's easy to be super mindful when you meditate or you're in a yoga class. But the practice of it means that you should take that approach into your daily life. 

Michael Davis: There's a certain balance in how we think and how we creatively attach to technology through mindfulness. So when we can pause enough to slow down, I think that's the best way to really kind of dig into what the benefits of mindfulness are. But more importantly, how do we better represent ourselves online, particularly when the online community is so full of the unknown? So mindfulness, relative to the concept within cybersecurity, is on the back of safety. It's on the back of reducing cyber carelessness, having better access to digital agency and just being less distracted relative to tech. 

Anna Collard: Before I have a meeting, before I open my emails, before I respond to people, can I take a deep breath, observe what's going on within me? What types of emotions am I feeling? Hey, I'm feeling a little bit anxious. That's a warning sign, right? Hey, that person might come across as angry. This is triggering. Don't just react. Breathe, and then observe what's going on. And, yes, that's a technique that you would find in anger management class, but it should also be a technique that we should teach people in an anti-social-engineering class or a security class. 

Michael Davis: Nonspecific cybersecurity stories that tap into mindfulness are based in really finding one's own voice. And I think finding one's own voice in the context of life in general is probably the best part about mindfulness. It's that we slow down enough to hear our own voice - the voice that represents my authentic self. That's what mindfulness has given me in general. Regardless of tech, it has given me that level of confidence to slow down and ask the question - who am I right now? 

Anna Collard: And in fact, there's been some research that was done in 2017 by a group - Michael Dinger from the University of South Carolina, Jason Bennett Thatcher - and they've done a review - or they published a report called "Training to Mitigate Phishing Attacks Using Mindfulness Techniques," where they showed that training using a mindfulness approach rather than a more sort of traditional rule-based training approach showed improved resistance to phishing attacks. 

Michael Davis: Slowing down enough allows us to have a really different perspective, particularly when we're tired. I think we all know what it feels like when we're tired and we're making decisions, or you're taking a long drive and you need to sleep, but you're - you push through it anyway. And somehow, in that drive, you end up at exit 42 and you don't know how you got there. 

Perry Carpenter: Welcome back. As I was talking to Anna and Michael, something kept standing out to me. Now, maybe this is because they're both cybersecurity professionals, but I suspect not. And the reason is is that I also spent quite a bit of time looking at materials and watching videos about mindfulness from people who have nothing to do with cybersecurity. What's the thing that stood out? It's actually pretty simple. It's that mindfulness, as a core concept, isn't this foreign metaphysical concept. 

Perry Carpenter: Sure, like a lot of things, the concept can be used and applied in many contexts, but that core concept is very, very similar to the very intentional focusing-on-the-present-moment mindset that we hope employees adopt to suss out phishing attacks and to, well, be mindful of the threats all around them. If you're familiar with Daniel Kahneman's System 1 and System 2 thinking model, there's definitely a linkage between mindfulness and finding ways to intentionally enter System 2. I've talked about Systems 1 and 2 on other episodes, so we don't need to do a deep dive here. But I do think you might appreciate hearing - or listening again - to this quick example that I gave all the way back in Season 1, Episode 2 of the show. 

(SOUNDBITE OF ARCHIVED BROADCAST) 

Perry Carpenter: We'll start with the work of behavioral economist Daniel Kahneman. In Kahneman's work, "Thinking Fast and Slow," he describes two types of thinking - System 1 and System 2. System 1 is very fast. It's emotion-driven. It takes shortcuts. And it's great, but taking shortcuts means that our minds are constantly making assumptions, and that can lead to errors. So System 1 is fast, but it's error-prone. And System 1 is driven by heightened emotion or just relaxing into a decision and doing what feels right at the time - what comes in the moment. 

Perry Carpenter: System 2 is much slower. It's more methodical. It takes effort, and we don't often like the mental process of putting in the effort, but it leads to better, more reliable results. Now, the problem with all of this is that System 1 accounts for about 95% of our thinking and actions, and System 2 accounts for only 5% of our thinking. Think about that - about 95% of our thoughts and actions are governed by emotion and taking shortcuts and can have the tendency to be error-prone. That's not a good ratio. Here's an example that just about everybody can relate to. 

Perry Carpenter: So imagine yourself sitting at your desk - maybe you're drinking your morning coffee and scribbling down a few notes to remember later that day, and you set your pen down for a minute to focus on something else. And then, out of the corner of your eye, you notice your pen rolling towards the edge of the desk, about to plummet to the floor. And at that point, without any conscious thought or effort, your hand shoots out with ninja-like reflexes to snatch the pen from the precipice - I mean, these reflexes you didn't even know you had, but other people would certainly be impressed with if they saw. But there's just one problem with that. While in ninja-reflex mode, you accidently swept away your coffee cup, causing a huge mess. 

Unidentified Person #2: Oh, man. 

Perry Carpenter: Seriously - coffee everywhere, ruining the next five to 10 minutes of your life... 

Unidentified Person #2: (Screaming). 

Perry Carpenter: ...All because your mind never logically assessed the situation. It saw a stimulus, and it reacted by taking a shortcut. 

Perry Carpenter: So we know that intentionally moving into System 2 and finding ways to stay there at critical moments is hard. Our minds love being in shortcut mode and making fast in-the-moment decisions that can lead us astray. So how can we adopt mindfulness in practical ways? And what are some of the methods and tools that will help us do that? And what's the payoff? To help us explore those questions, let's bring in two more guests. 

Perry Carpenter: Meet Yvonne and Jasmine Eskenzi. I wanted to speak to them because they recently developed a mobile app all based around mindfulness and ways to boost mood and productivity. The app is called The Zensory. And this is not a product pitch for that app, but I wanted to talk to them to talk about the application of the science that they were researching and what the science tells us about how we can help our people become more focused and productive - and, as a result of all of that, less susceptible to human risk. 

Yvonne Eskenzi: I'm Yvonne Eskenzi, the founder of The Zensory. 

Jasmine Eskenzi: And I'm Jasmine Eskenzi, the co-founder of The Zensory. 

Perry Carpenter: I'm hearing - in that name, I'm hearing Zen and sensory, so I'm assuming that this has something to do with mindfulness. Tell me a little bit about - I guess, it's a mobile app. Is that correct? Can you give me, like, that elevator-pitch version of what The Zensory is? 

Jasmine Eskenzi: So we're using the latest neuroscience to tap into the power of your senses, your body and your mind to help you live and work at your best. The Zensory is the first-ever immersive sense-hacking platform designed to super boost your mood to increase focus, performance and recalibration. 

Perry Carpenter: So as we think about the purpose of an app like this, you talked about performance and things that go along with that. Can you unpack that a little bit? Talk about what you're really trying to achieve with the app and then anything around the science. You know, what makes this something that actually helps people achieve that? 

Yvonne Eskenzi: OK. So I think - Jasmine and I came to this whole Zensory idea - I'd been in cybersecurity for 26 years, Perry - I don't know if that's longer than you, but it's a very long time. And the idea - you know, I have seen so many people burning out. And my daughter - Jasmine, here - is a whole generation younger than me, obviously - and was finding exactly the same. Weren't you, Jasmine? 

Jasmine Eskenzi: Mmm hmm. Exactly. 

Yvonne Eskenzi: And I think we both came together and thought, what is going on out there? This is just no good. We've got to do something. We've got to bring our - and we both have totally different experiences. Mine was cybersecurity, and Jasmine was the health tech sector and had done quite a lot of work into longevity and life expectancy and stuff like that. And we, just from our own experiences, were seeing so many awful stories. And I - obviously, I also run Eskenzi PR, which is a cybersecurity PR agency. And for many of my clients, we were doing lots and lots of research into stress levels amongst the CISO and IT security sector. And, you know, we're finding figures like 80% of CISOs are under a huge amount of stress. You know, lots of - 10% of CISOs have actually left their last role just because they couldn't hack it. It was just too much. 

Yvonne Eskenzi: And so more and more and more, we were seeing this kind of, like, depletion of humans. And we are so - we're living in this instant society - this kind of, you know, now, now, now society, where the pressure's on us constantly. And certainly, in cybersecurity, you know, you - you've got to be alert, and you've got so many different things coming in and kind of hitting you all the time. And actually, you know, it's kind of this fatigue. It's this kind of, like, I can't cope anymore. And that's really where we came to the idea of The Zensory - that we needed to find somewhere, you know, your - almost your pocket retreat, where you could kind of get into and actually focus. And that's where it all comes down to. And actually, we got so many distractions when we were at home that this whole destructive environment was causing us big, big problems. 

Yvonne Eskenzi: And of course, when you are actually stressed, your amygdala - that's your flight and your fight part of your brain - is so swollen, and your prefrontal cortex - which is your thinking, focus part - is atrophied. And there was - an awful lot of research went into this, and we found that our job should be, with The Zensory, to try and get your focus brain, your frontal cortex, to be the big part - not this amygdala, this flight and fright. And that's what we're trying to achieve with The Zensory. And we decided we needed to hack into your senses and try and use your own innate tools of your body to try and help you to get into the right space. And Jasmine's kind of got together with a number of different composers and musicians to really use binaural beats. 

Jasmine Eskenzi: Yeah. So I think, from my side, with experience in the health tech space - working with the Parliamentary Group for Longevity, assessing how we can actually help people in the U.K. to live longer - lifestyle is a fundamental pillar of this. And as well, from speaking to so many people within the health tech space, it became clear that most doctors have such a small amount of time to see patients. And, again, it's become a prescriptive environment. We've become such a prescriptive society. And I think we're looking more - we want to be looking more from a preventative angle. How can we prevent people getting to the stage of burnout? How can we prevent people getting to the stage of anxiety that's crippling them on a daily basis? So our ethos is we want to put less into our bodies and learn how we can get more out of them. 

Jasmine Eskenzi: So then we started looking at sense hacking - this concept of sense hacking. So we spoke with professor Charles Spence from Oxford University, and he's actually said that sense hacking is one of the most powerful and underutilized ways to improve our social, cognitive and emotional well-being. And this is fascinating because I think, you know, we're in a society of quick fixes. We want to feel energized; we'll have a cup of coffee. We've got a headache; we'll take painkillers. But actually, the more we delved into the research, we were seeing that there are certain types of music that can reduce pain. From the work that we've been doing with some of the binaural beats, the calming music, the low frequencies, the naturescapes - this was actually helping people with chronic pain conditions that were actually coming to us, and we were interviewing people. So that was helping them with their chronic pain. So, you know, there's a lot around music therapy that's coming out. 

Jasmine Eskenzi: Again, when you look at breathing - breathing is a very powerful tool to activate the parasympathetic nervous system. So if you're looking to calm yourselves down, you know, starting to have a longer exhalation of breath already is going to calm you down and, as Yvonne mentioned, enable you to think more clearly and to activate the prefrontal cortex. So there are the most brilliant hacks that we can be using as human beings on a daily basis to optimize our performance. So as mentioned, I was - I started composing music with a friend of mine using binaural beat frequencies as the foundation for the music. And how this works is you create two different tones in either ear. So you can have 100 hertz in the left ear and 105 hertz in the right ear, creating a five-hertz resonance. The brain then will create that five hertz, which will then be in a certain frequency wave. So that will kind of work along those kind of lines. 

Jasmine Eskenzi: So you have, you know, theta waves for creativity, alpha waves for relaxation, beta waves for productivity and gamma waves for memory processing and rapid insight. And we've actually embedded that within the music, then written music in that same key on top of the binaural beats and added naturescapes, which then add an extra element of calming people down. And then, on top of that, we were looking at ways you can use movement, such as posture, as well. I was speaking to a neurobiologist as well about how posture in itself can trigger the way that you're feeling massively in terms of giving you a sense of shifting anxiety from the chest into the lower back. So you can actually kind of - again, just through way you sitting and spinal movements, can shift this - the way that you're feeling. And, again, smell - the sense of smell goes straight to the hippocampus, and it's a hugely powerful sense for triggering memory. 

Jasmine Eskenzi: So there's so much we can be doing to actually hack into the average, you know, working day just through using our senses, which are completely free, and each of us has a sense that will be particularly heightened for us. Mine is auditory. Yvonne's is very much visual. And, again, we all have certain senses. So there's this real exciting movement that's coming about how we can hack into our bodies. This is phenomenally exciting and... 

Perry Carpenter: Yeah. 

Jasmine Eskenzi: ...This is what we're striving to achieve with what we're doing. 

Yvonne Eskenzi: And I think the essence, Perry, is that you cannot focus - you can't work if you're highly strung and that you're (inaudible) all over the place and you're feeling stressed, you know? And I think that's why we decided to build a focus app to actually use all these different methods - as Jasmine said, music and breathing, movement, smell - all of those things that our brains kind of respond to to try and help you get you into the zone. 

Michael Davis: I think the incorporation of a mindfulness approach to cybersecurity is often controversial because everyone always assumes - at least the majority of my friends and colleagues - always assumes that we're going to go to the server room and get in the lotus position and, you know, and repeat some mantra for an hour. I think the one thing that I will take as soon as possible would just to - look at policies that are tapped into cybersecurity organizations and then find ways to incorporate mindfulness solutions in policy. And I know that's a long-winded way of saying, let's start with the foundation of the company - the foundation of how we show up to work. Because I think once you have a policy in place - and maybe you have an institution that works really aggressively and, you know, constantly go, go, go, go - to start to slow down can be very challenging and can be very - can be daunting for a lot of organizations. 

Michael Davis: So I think if you slowly start to incorporate mindfulness-based solutions into the policy - into the fabric of the organization, where it becomes a natural inclination to think a certain way, it's like a slower - it's like moving a carrier versus moving a towboat because, ultimately, the carrier takes a lot longer to turn, where you could probably institute a little quicker in many ways by just starting slow, but steady type of injections into their - into an organization's policies. I think another way is focused in - CEOs, CTOs and the C-suite folks need to come down and speak to their employee base in this realm and not - again, not the kind of lotus position in the server room, but the idea of having a - how do we show up to work? And sometimes, bosses and supervisors are so disconnected from that space. So mindfulness in that regard, particularly in cybersecurity - I think when you can show up differently - give employees a sense of how humans interact on a conscious level, I believe that might be the best - one of the better solutions to start ASAP. 

Perry Carpenter: I know you've been thinking about this for years now. So if you were given a project, and somebody said, we want you to implement a mindfulness approach to cybersecurity or cybersecurity training or the way that we implement tools or something else, and you've got the next year to 18 months to do that, what would be your first few steps? 

Anna Collard: Oh, the first step would be to - and it's actually funny because I'm busy with the production of a - like, a content course on that topic in particular. So it explains in nonspiritual, technical terms why there is a benefit to people in doing mindfulness approaches without even using the term mindfulness - that we literally... 

Perry Carpenter: Oh, OK. 

Anna Collard: ...Just keep it very clinical - and explaining the link to productivity and being safer online, literally... 

Perry Carpenter: Yeah. 

Anna Collard: ...So it would be keeping it in that realm. So I think what I would do - if I had to roll this out within an organization, I would work with my HR department in coming up in a communications campaign that combines the mental drive that a lot of organizations are currently driving anyway because of remote working and burnout syndrome and all the reasons that we know - all leftovers from the pandemic. So I would work with the HR department to come up with - and, obviously, finding out what's in place already. A lot of companies already have great, you know, offerings and perks in place, and see what is there already that we can reuse as part of the campaign, but then make it a proper cyber wellness - whatever it might be - campaign. And you - starting with awareness, a sort of - what I mean - awareness is like the education part of it, and then also providing the users with tools that will help them to incorporate those techniques into their daily lives and into their personal lives by equipping them with apps - with tools that allow them to - with us, I mean, obviously, we don't expect them to meditate for an hour every day. If they want to, that's great. Give them little techniques or tools or apps that allow them to do a five-minute one or, hey, here's a one-minute stress-reducing breathing exercise... 

Perry Carpenter: Right. 

Anna Collard: ...You can do. That's what I would do. And then also offer - where that's possible - but offer access to extra wellness, like free yoga classes and things like that. 

Perry Carpenter: OK, cool. And then if you are thinking about specific behaviors to target around wellness - or maybe there's a different way to ask the question. So I'm thinking behaviors, but what I'm trying to get at is, essentially, something that I can use as a barometer to know if this is working - something like a - am I seeing people be phished less? Am I seeing people use better passwords? Would there be some kind of metric that you could attach to it to know if you're being effective? 

Anna Collard: Yeah, that's interesting. I think it would have to be a combination, like with anything in security awareness - a combination of phish-prone percentage - that we can roll it out to different segments of the population and then have a comparative value. But then also use surveys and self-assessment tools. Do you feel better? Do you feel more in the moment? Ask actual questions about that - maybe workshop-type reviews. 

Perry Carpenter: Well, it looks like we're almost out of time today, so I'm going to give Jasmine Eskenzi the last word, and then I'll be back to wrap up with a few closing thoughts. 

Jasmine Eskenzi: And when we look at cybersecurity, as we've mentioned, it is such a fast-paced industry, and people are having alert fatigue on a daily basis. The threat landscape is expanding at an unprecedented rate, and we need people to be at their best. We need people to be able to think clearly, to be in control and to be calm so they can react from this place of a common mindset. 

Perry Carpenter: So at the end of the day, I think mindfulness really comes down to intention - helping ourselves and our employees intentionally focus on the task at hand to calmly and logically process situations and to make better decisions. That sounds really beneficial from a security perspective. I mean, after all, we've been trying to promote security awareness for a long time. And when you think about it, there are actually two sides of security awareness. One side is knowing what types of threats and situations to be on the lookout for, and organizations promote that kind of security awareness by providing information. But the other side of that coin is an aware mindset - an alertness - a way of processing all the information and situations around us and reacting in the best possible way for the best possible outcome and ultimately for the health and well-being of ourselves, our organizations and our society. 

Perry Carpenter: And with that, thanks so much for listening. And thank you to my guests - Anna Collard, Michael Davis, and Jasmine and Yvonne Eskenzi. I've loaded up the show notes with more information about today's guests as well as all the relevant links and references to the information that we covered today. So be sure to check those out. If you've been enjoying "8th Layer Insights" and you want to know how you can help make the show successful, there are, as always, two big ways you can do so, and both are still super important. 

Perry Carpenter: First, if you haven't yet, go ahead and take just a couple seconds to give us five stars and to leave a short review on Apple Podcasts or Spotify or any other podcast platform that allows you to do so. That helps other people who stumble on the show have the confidence that this show is worth their most valuable resource - their time. And the second big way that you can help is by telling someone else about the show. Word-of-mouth referrals are priceless. They are the lifeblood of helping people find good podcasts. And if you haven't yet, please go ahead and subscribe or follow wherever you like to get your podcasts. If you want to connect with me, feel free to do so. You can find my contact information at the very bottom of the show notes for this episode. 

Perry Carpenter: This show was written, recorded, sound-designed and edited by me, Perry Carpenter. Artwork for "8th Layer Insights" is designed by Chris Machowski at ransomwear.net - that's W-E-A-R - and Mia Rune at miarune.com. The "8th Layer Insights" theme song was composed and performed by Marcos Moscat. Until next time, I'm Perry Carpenter signing off.

8th Layer Insights
Podcast Info
HOST(S):
Perry Carpenter
Perry Carpenter currently serves as Chief Evangelist and Strategy Officer for KnowBe4, the world's most popular security awareness and simulated phishing platform. He's an award-winning author, security researcher, and behavior science enthusiast. Previously, Perry led security awareness, security culture management, and anti-phishing behavior management research at Gartner, in addition to covering areas of IAM strategy, CISO Program Management mentoring, and Technology Service Provider success strategies.
Schedule: Tuesdays (biweekly)
Creator: Perry Carpenter
ADVERTISEMENT
KnowBe4
KnowBe4

What really makes a “strong” password? And why are your end-users tortured with them in the first place? How do hackers crack your passwords with ease? And what can/should you do about your authentication methods? Password complexity, length, and rotation requirements are the bane of your end-user experience and literally the cause of thousands of data breaches. But it doesn't have to be that way! Join Roger Grimes, KnowBe4's Data-Driven Defense Evangelist, for a live webinar to find out what your password policy should be and learn about the common mistakes organizations make when creating password policy. Register today.