A Successful Security Strategy Is All About Relationships. Here’s How to Build Them.
Security efforts are not limited to security teams. High impact strategies need to engage everyone from employees to the board of execs, DevOps teams and IT. Learn how how to become not just an effective partner but a trusted advisor across an organization.
Your Legacy Phishing Solution Isn’t Enough to Protect Your Organization
CISO Josh Yavor explains why legacy phishing solutions aren't effective in preventing successful attacks, and what you can do about it.
9 Things I’ve Learned Writing Phishing Emails
Ethical hacker, Craig Hays, explains why copywriting, timing, and context are all essential "ingredients" in crafting a phishing attack.
Employee Burnout Will Probably Cause Your Next Data Breach
Understanding how stress impacts cybersecurity behaviors could significantly reduce the chances of people’s mistakes compromising company’s security.
Stateful Machine Learning is Our Best (And Only) Bet
Traditional machine learning methods that are used to detect threats at the machine layer aren’t equipped to account for the complexities of human relationships and behaviors across businesses over time. There is no concept of “state” — the additional variable that makes human-layer security problems so complex.
How Easy Is It to Phish?
You don't have to be tech savvy to become a "hacker". This blog outlines how to create a phishing campaign, and was designed to help security leaders protect their organizations.

Explore Human Layer Security.

Learn About Our Mission
Explore Me
Read More
Human Layer Security Logo

Human Layer Security is an online magazine about the changing world of cybersecurity.

We bring security, business, compliance, and risk leaders together, and are creating a community of industry trailblazers who want to share new ideas and best practices.

People are the focus here, and we welcome contributions related to social engineering, security culture, training, and insider threats. Read more

Human Layer Security Champions

Our Contributors

  • Josh Yavor

    Chief Information Security Officer, Tessian
    Josh is CISO at Tessian, leading information security, threat intelligence, and security research. Most recently he served as CISO for Cisco Secure and led cloud security for Duo Security, with earlier stops at Facebook, Oculus, and iSEC Partners. Josh is an aspiring woodworker and recovering middle school teacher.
  • Dr. Karen Renaud

    Chancellor's Fellow, The University of Strathclyde
    Dr Karen Renaud is an esteemed Professor and Computing Scientist from Abertay University whose research focuses on all aspects of Human-Centred Security and Privacy. She's especially interested in the interplay between users and security in the context of societal and industrial use, and her goal is to improve the boundary where humans and cybersecurity meet.
  • Bobby Ford

    CSO at Hewlett Packard Enterprise
    Bobby Ford is the Senior Vice President and CSO at HP and former CISO at Unilever and has held senior security leadership titles at organizations across industries, including government, consumer goods, healthcare, and now technology. And, having secured organizations with hundreds of thousands of employees, he truly knows how to implement successful security strategies at the enterprise level.
  • Tim Sadler

    Co-Founder and Chief Executive Officer, Tessian
    Tim is the CEO and co-founder of Human Layer Security company Tessian. He leads the company to achieve its mission of securing the human layer and empowering people to do their best work, without security getting in the way. Since 2013, Tim has raised $127m from leading VC funds and grown the company across the UK and US.
  • Jenny Radcliffe

    Social Engineer and Podcast Host
    Jenny Radcliffe is a world-renowned social engineer and podcast host who was recognized as one of the Top 25 Women in Cyber in 2020 by IT Security Guru. She's a go-to guest expert on the human element of security, and is a sought after keynote speaker on all things related to scams, cons, and hacks.
  • James McQuiggan

    Security Awareness Advocate at KnowBe4
    James is a Security Awareness Advocate at KnowBe4, where he trains and engages with employees and security leaders about the importance of security awareness training. He also teaches Identify Security at a collegiate level and is the Education Director for the Florida Cyber Alliance.
  • Jeff Hancock

    Professor of Communication, Stanford University
    Jeff Hancock is the Harry and Norman Chandler Professor of Communication at Stanford University. He's well-known for his research on how people use deception with technology, and his work has been published in over 80 journals.
  • Dr. Eric Cole

    Cybersecurity Consultant
    Dr Eric Cole is a former CIA hacker, and an industry-recognized expert with over 20 years of hands-on experience. He provides cybersecurity consulting services and has been an advisor to clients including the Obama family, Bill and Melinda Gates, and many Fortune 500 companies.
  • Craig Hays

    Ethical Hacker
    A self-confessed security architect by day, bug-bounty hunter by night, Craig is an ethical hacker, and an expert on phishing, psychology and persuasion. He’s the curator of the Bug Bounty Toolkit and the OSINT Toolkit, has his own website (and newsletter), and is a regular contributor to Medium.
  • Charles Brook

    Threat Intelligence Specialist, Tessian
    Charles is a Threat Intelligence Specialist with a strong background in providing threat analytics for managed security services. He also has experience working with threat monitoring teams to build security-focused use-cases aimed at monitoring network data for indicators of compromise, and is passionate about tracking security trends.
  • Ed Bishop

    Co-Founder and Chief Technology Officer, Tessian
    Ed is the Chief Technology Officer and co-founder of Human Layer Security company Tessian. He is responsible for leading the engineering, product and data science teams. Following a career in M&A, Ed co-founded the company and built the early platform which uses machine learning to protect people from risks on email like data exfiltration, accidental data loss and phishing.
  • Dr. Marc Dupuis

    Assistant Professor, The University of Washington Bothell
    Dr Marc Dupuis is an Assistant Professor within the Computing and Software Systems Division at the University of Washington Bothell. He also specializes in the human factors of cybersecurity, primarily examining psychological traits and their relationship to the cybersecurity and privacy behavior of individuals.
Have Something to Say?

Get in Touch

Share Your Tips and Hot Takes!
We know the #1 source of information for security leaders and practitioners is... other security leaders and practitioners. That's why all of our content is crowd-sourced from the security community. We want to hear from you!