Episode 75

full
Published on:

9th Jul 2025

Human Risk Intelligence: Is Behavioural Data the New Defence?

How do we measure and manage the human element of cyber risk beyond technology and basic security training?

Welcome to Razorwire, where we uncover what really matters in cybersecurity. I’m James Rees and in this episode, talking about the world of human risk intelligence with Flavius Plesu, Founder and CEO of OutThink. We'll question whether staff really are the 'weakest link' and instead explore how understanding real human behaviour can turn your workforce into a formidable security asset.


For too long, information security has focused almost exclusively on technical controls, but sophisticated attacks today often exploit human decision-making more than any firewall. Flavius draws on his experience as a CISO and innovator, sharing first-hand insights into how organisations can predict, quantify and actively manage risk stemming from their staff. We discuss psychological profiling techniques that identify high-risk individuals, methods for engaging employees in security and balancing monitoring with trust when using behavioural analytics. If you want to future-proof your security posture, this episode is essential listening.


3 Key Talking Points:

  • Why traditional security awareness strategies fall short - and what truly effective human risk management looks like: Learn why measuring click rates and running generic training programmes leaves you blind to real human risk, and discover how behavioural science and crowdsourced intelligence can finally give you the visibility and control you need.
  • Real world examples of predicting and preventing insider threats - before damage is done: See exactly how banks and enterprises use psychographic segmentation and statistical models to identify risky patterns in their workforce, and understand the practical steps to transform your incident response from reactive to predictive.
  • Navigating the ethical line: how to balance security monitoring with employee privacy and trust: Master the delicate balance between effective security monitoring and employee rights, learning how transparency-driven design and GDPR-compliant approaches can turn potential resistance into active security partnership across your organisation.

Ready to rethink the human side of cyber risk? Tune in to this Razorwire episode and sharpen your defences from the inside out.



On Moving Beyond Traditional Training: 

"Something like 90% of users admitted to bypassing security controls… with full knowledge that they're introducing additional risk to the organisation. So the idea that training would be enough, just train them, they'll get it. It's a bit naive."

Flavius Plesu


Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen


In this episode, we covered the following topics:

  • The Evolution of Human Risk in Cybersecurity Learn how the industry's shift from purely technical controls to recognising human factors is reshaping security strategy and why this change is essential for modern organisations.
  • Defining Human Risk Intelligence Understand what human risk intelligence actually means and discover how organisations can quantify and predict human behaviour to strengthen their cybersecurity posture.
  • The Shortcomings of Traditional User Training Discover why legacy approaches like annual training and click-through tests fail to address real world human risk and what you should be doing instead.
  • Accidental vs. Malicious Insider Threats Explore the full spectrum of risky behaviours your organisation faces, from unintentional mistakes to deliberate attempts to circumvent controls, and how to address each type.
  • Behavioural Segmentation and Psychographics Learn how psychographic profiling and behavioural analysis can help you identify risk tendencies in your workforce and tailor security interventions accordingly.
  • Crowdsourced Security Intelligence See how to leverage collective workforce insight to detect risks that traditional security teams miss, turning your employees into valuable intelligence sources.
  • Storytelling in Incident Response Understand why analysing chains of behaviour, rather than isolated events, is crucial for predicting and preventing future security incidents.
  • Predictive Modelling for Proactive Security Discover how combining multiple risk indicators enables you to anticipate and prevent security breaches before they occur, moving from reactive to proactive security.
  • Balancing Security Monitoring with Privacy Navigate the ethical and practical challenges of user monitoring, particularly around GDPR compliance and maintaining employee trust.
  • Cultivating a Security-Conscious Culture Learn strategies for engaging users constructively, transforming them from compliance-focused participants to active partners in your organisation's security efforts.


Resources Mentioned


Connect with your host James Rees


Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.


Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.


Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com


All rights reserved. © Razorthorn Security LTD 2025

All Episodes Previous Episode

Listen for free

Show artwork for Razorwire Cyber Security

About the Podcast

Razorwire Cyber Security
Real conversations helping cybersecurity professionals sharpen their insights, strategy & leadership skills.
🔒 Cybersecurity is evolving — and so should you. Razorwire brings the open conversations that give you the edge.

Welcome to the Razorwire podcast — your resource for practical advice, expert insights, and real-world conversations on cybersecurity, information security (InfoSec), risk management, governance, security leadership, human factors, and industry trends.

Our mission is to help you build a stronger cybersecurity career while supporting a dynamic, agile community of professionals committed to continuous improvement.

Each episode brings you actionable advice and real experiences from your host, James Rees — an information security specialist with over 25 years of experience — and from a range of respected guests across the cybersecurity industry. Together, we explore everything from technical strategies and compliance challenges to security culture, communication skills, and leadership development.

James Rees is the founder of Razorthorn Security, providing expert consultancy and testing services to a wide range of organisations, including many Fortune 500 companies. His practical, no-nonsense approach helps organisations manage cyber risks effectively while strengthening resilience.

The Razorwire podcast is designed for cybersecurity professionals who want to stay ahead, sharpen their skills, and confidently respond to the challenges of today's evolving threat landscape. We believe collaboration is key to stronger security — and Razorwire gives you the conversations that help you achieve it.

For more information about us, or if you have questions you'd like discussed on the show, email podcast@razorthorn.com or visit www.razorthorn.com.