Humans are Awesome at Risk Management

We often model other humans as one-dimensional caricatures – because it’s efficient for our brain to do so; because it’s hard to think in a different mode than our own; because we don’t see ourselves as the villain in our own story. To be effective partners in our organizations, we have to understand not only how this affects other people, but how it affects ourselves; and then rewire our behavior to move past these caricatures and have dialogues that change behavior, not just reinforce stereotypes.

It’s a trope among security professionals that other humans – mere mundanes – don’t ‘get’ security, and make foolish decisions. But this is an easy out, and a fundamental attribution error. Everyone has different incentives, motivators, and even perceptions of the world. By understanding this — and how the human wetware has evolved over the the last fifty thousand years or so — we can redesign our security programs to better manipulate people.

This talk has gone through a lot of changes over the decade I’ve been giving it, and has shown up in a number of venues, including keynote stages on five different continents (I still need to collect Africa and Antartica). It has gone through five major iterations:

  • Managing Risk with Psychology / Herding Lizards (2012 – 2013)
  • Cognitive Injection (2013 – 2017)
  • The Impending Complexity Apocalypse (2018)
  • Humans are Awesome at Risk Management (2019 – 2020 )
  • Human Decision-Making in the Era of Coronavirus (2020 – 2021)
  • Understanding Decision Making (2021 – )

Reading List

I’ve formed my opinion about how the human brain works with the assistance of some great contributors. Some of them are humans I hang out with, but many of them are authors and researchers; in the interest of helping others come to the same, or better, understanding, here’s a short reading list:

  • Daniel Kahneman; Thinking, Fast and Slow
  • Gary Klein; Sources of Power
  • James Reason; Human Error
  • Atul Gawande; The Checklist Manifesto
  • Christopher Chabris and Daniel Simons; The Invisible Gorilla
  • Sam Peltzman; “The Effects of Automobile Safety Regulation”, Journal of Political Economy, 1975. (see also: The Peltzman Effect)
  • Tom Vanderbilt; Traffic

Related Content

Recorded Versions

Brilliant Labs 2021: Risk at the Margin
TacticalEdge 2020: Human Decision-Making in the Era of Coronavirus
Business of Software 2019: Humans are Awesome at Risk Management
RSAC 2019: Humans are Awesome at Risk Management (slides + audio)
HBS Digital Initiative 2018: Impending Complexity Apocalypse (13 min. version)
SourceBoston 2015: Cognitive Injection
ShowMeCon 2014
DerbyCon 2013: Cognitive Injection
SOURCE Boston 2013: Herding Lizards
RSAC 2013: Managing Risk with Psychology
SecZone 2012: Herding Lizards / Pastoreando Lagartos (first 3 minutes are in Spanish)