The human element of security is one of the most difficult to predict and therefore to secure. Additionally, one of our biggest challenges is building a security awareness program for those who may have never been subjected to one by understanding the aversion to buying into the security program. We have great written resources and guidance from things like NIST 800-53, but it’s much more challenging to overcome the sociological elements of the human factor that prevent success of security-aware cultures, such as aversion to technology, fear, uncertainty, doubt, and simply non-malicious human error. As security professionals, we may lose sight of the fact that the professionals we support also have other jobs. So learning and focusing on security controls can be stressful and daunting.

Incorporating change management methodologies rooted in the psychology of human behavior, such as ADKAR (Awareness, Desire, Knowledge, Ability, and Reinforcement), can assist us as security professionals in facilitating more impactful cultural change through understanding why employees we support act and react the way they do and what other environmental or social factors may influence their decision-making and thought processes. It can also help us gain buy-in from our leadership, nudging from the bottom up, while leading by example from the top down.

The ADKAR change model has been proven to help individuals understand and accept change so companies can successfully innovate and become more efficient. As security professionals, we have to be conscious that security program costs contribute to the rising costs of healthcare, goods, and services. And we often have to find unique and strategic ways to ingrain ownership of security functions within other departments to augment our limited resources. Building a security ambassador program using these change facilitation concepts will help drive cost-effective ownership of the security program throughout the entire organization, creating a deeper business resilience, reducing risk, and truly leading by example—proving we are stronger together.
Register
Speakers
speaker photo
Krista Arndt
Associate CISO, St. Luke's University Health Network

Krista Arndt is the Associate CISO at SLUHN. As the ACISO, Krista is responsible for managing the security program's day to day operational effectiveness. Krista has been working in information security in various capacities for more than 15 years. In her previous roles, Krista assisted with developing and leading security programs in national healthcare, crypto, finance, and the Department of Defense. She currently holds her CISM and CRISC certifications and NHRA competition driver's license.
 
Krista is an active member of ISACA, serves as InfraGard Philadelphia Chapter’s Healthcare Sector Chief, serves on Neumann University's Business Advisory Council, and is Marketing Committee Chair for Women in CyberSecurity (WiCyS) Delaware Valley Affiliate. Through this service, Krista's mission is to give back to her community by providing mentorship and support for aspiring cybersecurity professionals, especially for women who wish to enter the field.
 
When off the clock, Krista takes her affinity for overcoming challenges to the garage and the race track, where she enjoys building and improving her own race car, competing as a driver in national drag racing events with her family, and using her racing as a forum to advocate for neurodiversity awareness and inclusion.