GO PHISH
WE ‘ GO PHISHING ’ WITH ANNYBELL VILLARROEL , SECURITY AWARENESS & CULTURE MANAGER AT AUTH0 , WHO TELLS US ABOUT LIFE INSIDE AND
OUTSIDE THE OFFICE .
wWhat would you describe as your
most memorable achievement in the cybersecurity industry ?
I would say , creating the right kind of vulnerability . At our last company offsite , I gave a talk about how I was almost scammed by someone
pretending to be my phone company . When I put myself out there , it allowed others to be vulnerable and talk about their experiences too . In security , we ’ re often perceived as perfect people who know everything . I want to demystify that we ’ re people too , because it allows us to make people feel safe , connect with them on an emotional level , and ultimately build a security-conscious mindset that protects the business .
What first made you think of a career in cybersecurity ?
Growing up at a dangerous time in Venezuela , I was always in tune with physical security . When I came to Spain and took a job in developer support , I felt a lot of responsibility for keeping our customers safe too . I started to study security and take Pluralsight courses . At some point , I saw a really good phishing email and suggested a phishing test for employees , which had a 50 % success rate . I was offered a position in the security team to help train employees part-time , then proposed that culture and awareness could be a full-time role , which would not have been possible without the support of our leadership . All of this has contributed to my personal purpose to help people live more secure lives .
What style of management philosophy do you employ with your current position ?
When dealing with people , especially when it comes to security awareness , we have to focus on emotion , not rationality . Instead of asking employees to do something because there ’ s a consequence , we can show them
Instead of asking employees to do something because there ’ s a consequence , we can show them the benefit to doing it . the benefit to doing it . Speaking their language , building relationships , and having a win-win mentality builds trust . And I believe trust is more powerful than any technology or policy at mitigating human risk .
What do you think is the current hot cybersecurity talking point ?
I ’ m hearing a lot about insider threat , which refers to a security risk that comes from within a company like a current or former employee . Often these talks assume that people are the weakest link in the cybersecurity chain . What we don ’ t talk about enough is that www . intelligentciso . com
71