Same words, different worlds

Dear renegades, mavericks, and deviants,

The human side of cybersecurity is a problem. As in, what it actually means. 

…Because it’s such a multifaceted kaleidoscope of issues.

I know I’m not reinventing the wheel here (by which I mean I know you’re already aware of this) but after I gave a talk recently, three – smart – people chatted to me about the “human side” of cybersecurity, and it really brought it to light.

• One meant developer practices
• One meant culture and leadership
• One meant everyday user behavior

You see it, right?

The words are the same, yet the meanings are worlds apart.

'The people bit' is a security discipline in its own right, and is relevant to so many different industries. 

But we’re in danger of talking past each other. 

The “human side” (or indeed “human factors”, or “the human aspect” ...the people bit) is useful as a direction, but opaque as shorthand. Because, depending on your angle, it can mean so many different things (six, to my mind). 

The human side can mean: 

1. Observed behavior – i.e. what people actually do. (Password reuse, MFA, data handling, reporting, safe AI use.)
2. Context and conditions – why they do it. (Culture, incentives, friction, workload, psychological safety, peer norms.)
3. Management responses – how we address it. (Programs, policy, campaigns, automation, measurement, feedback loops.)
4. Human–tech and AI – where people and intelligent systems meet. (Roles, oversight, prompt hygiene, guardrails, trust.)
5. Security workforce, security and risk expertise, and leadership – the people doing the work. (Capacity, skills, team health, collaboration, resilience.)
6. Governance, ethics, and accountability – ownership and trust. (Who decides, what is transparent, where privacy lines sit.)

None of these domains is the “right” (or indeed “wrong”) classification – all of them are very much human aspects of cybersecurity. My point is that we can easily be at cross purposes, without even realizing it. And that’s not productive.

When you talk about human factors/the human aspect/the human side - what do you mean?

I’ve put my full thinking on this in a short blog. It spells out the six domains, common blind spots, where CybSafe sits, and ways to keep your conversations productive.

If you want to map your current priorities across the six domains, book time with me and we’ll chart a course.

— Oz A

Oz Alashe

CEO and Founder, CybSafe

What did you think of today's email?

Your feedback helps me create better emails for you!

Was this email forwarded to you? Sign up here.