The Human Side of Cybersecurity: Q3 To The Point Podcast Recap

Cybersecurity is often discussed as a technical challenge, but it’s a human one too. In recent episodes of our To The Point Cybersecurity podcast, we were joined by brilliant guests who described how and why the future of cybersecurity hinges on people and processes.

Strengthening the human element is often the best way to strengthen cybersecurity, whether that means understanding cognitive biases, fostering operational cultures that think like adversaries, or building bridges between technologists and policymakers.

Here's a quick overview of some of our most relevant episodes from Q3 of this year:

Breaking Down the Human Side of Advanced Cyber Attacks and Social Engineering with Margaret Cunningham - Ep. 337 and Ep. 338

Technical Director for Security and AI Strategy at Darktrace Dr. Margaret Cunningham is passionate about the ever-evolving intersection of people and technology. Voice spoofing and deep fakes, which leverage accessible personal data and psychological cues, can increasingly be carried out with zero technical skills on the side of the bad actor. This makes a strong defense posture more important than ever. But, in Dr. Cunningham’s words, “just as you wouldn’t use a chainsaw to slice a piece of bread, we need to make sure the tools being chosen for security actually work for the humans using them.”

Cunningham also detailed the importance of anomaly-based behavioral analytics, tensions around data collection ethics, and the crucial role that transparency, process redesign and human-centric security play in defending against modern threats like Scattered Spider.

In part two, Dr. Cunningham shared actionable insights on how to meaningfully assess the performance of security teams, including not just focusing on what goes wrong and moving beyond the need to boil the ocean. Additionally, she discussed how to maintain human expertise amid automation. Many AI natives over-trust the technology, while experienced professionals harbor outsized skepticism; a dynamic that requires careful calibration.

Pen Testing to Red Teaming: Greg Hatcher Explores Cyber Maturity and Defending Against AI Attacks - Ep. 331

Co-founder of White Knight Labs, Greg Hatcher, draws a sharp line between humans and technology, contrasting short, tool-heavy pen tests and “low-and-slow” red teaming built around business impact. He described how his team starts with reconnaissance and social engineering—clipboards, hard hats, convincing vendor pretexts—then pursue persistence: cloning badges, testing physical entry, and mapping how an adversary could quietly harm revenue, brand, or operations. The point isn’t noise; it’s realism, rooted in disciplined leadership and an adversary mindset that exploits human trust.

Hatcher also detailed what it looks like for bad actors to run insider-threat assessments that embed a “new hire” with standard access to pursue real objectives like accessing PHI/PII, moving dollars, or adding backdoors to a CI/CD pipeline—revealing control gaps without theatrics. With supply-chain compromises and insecure LLM agents bypassing traditional defenses, he argues compliance is the floor, not the ceiling: adopt flexible AI policies, enforce tight RBAC, and tailor defenses to your crown jewels. Speak to executives in dollars and brand, then build culture and muscle memory to match.

Closing Cybersecurity Blind Spots: Civic Engagement and Policy Innovations with Betsy Cooper - Ep. 336

Founding director of the Aspen Policy Academy, Betsy Cooper, offers insights on engaging with legislators, including putting the bottom line up front. Many policymakers lack deep cyber knowledge, so experts need to step up by identifying local security gaps (e.g., utilities without multifactor authentication). Despite the rapid pace of change, the basic skills that must be taught, from communication styles to how the government is structured, remain the same, with examples pertaining to new technology built over them.

Cooper also covered how AI is reshaping the threat landscape, what roles individuals and small businesses can play in shaping policy, and why now, more than ever, everyone’s voice matters in the digital conversation.  

Overall, these episodes remind us that the future of cybersecurity depends not only on the sophistication of our tools but on our collective ability to align human judgment, organizational culture, and ethical leadership.

To stay on top of all kinds of cybersecurity trends, tune into new episodes each week. They’re published every Tuesday. You can always listen to all the episodes on Forcepoint.com.

Or better yet, subscribe today wherever you get your podcasts via the links below:

• Apple Podcasts
• Spotify
• Stitcher
• Google Podcasts