Security from a Human perspective

Recruitment / Security from a Human perspective

Matthew Wheeler

Matthew Wheeler
November 25, 2015

Security has always been a complex market to understand, having recruited into this sector for over 20 years I have spoken to many contacts over the years who are experts.

For me, the security market can be broken down into 3 simple categories:

  • Human

  • Network

  • Application

It's a very simplistic view I know, but keeps things relatively simple especially when bringing a new member into my team and getting them up to speed in terms of security overviews. 

Security from a Human perspective.

There are numerous routes to securing your Network or Applications, some far better than others. The ease of the process, although challenging from a technical perspective, is still relatively simple. You are telling a machine/programme what to do, giving it a layer of commands or checks to run with some verifications. It either does it or doesn’t do it. Humans are not machines, we have minds and make choices (all be it not the right one all the time). So no matter how much you educate people in security, make them aware of the risk, there is always a chance of human error.  

In a recent report from CompTIA, they described a simple experiment where they left 200 USB Sticks out in “high traffic” zones to see what would happen. All USB’s were picked up, they were preprogramed to ask the user to send an email to researchers of which 17% of people did. Now, bearing in mind that this is only the percentage of people who actually authorised the email to be sent, I’d bet a fairly large sum on the fact a very high number (if not 100%)  plugged them in to some form of network (be it home or corporate). If you start taking in to account the natural inquisitiveness that is inherent in all humans, the risks entailed just continue to increase.

So are Humans the weakest link in the 3 parts of Security weakness? From the above you would have thought so – but in my opinion it’s our unpredictability that makes us a slightly harder target than a router, or piece of software, that ultimately relies on a 1 or 0.

In the next blog, I’ll run through the Network side and Endpoint Security. I’ve included Endpoint in this area as it’s coming back strong, with smart devices and so many new ways to connect to the corporate network the risk is escalating.

To find out more about my take on the security market please contact Matthew Wheeler on 01628 857333 or

Back to Insights

What to read next