In this episode, Michael Fortune joins Chris Hadnagy and Ryan MacDougall. Michael is the Security Behaviours Team Manager for British Telecom (BT) UK. Michael has been with BT for an amazing 22 years, where he is currently BT’s expert on security behavior, insider threat behavior, and social engineering, and helps guides the business around these risks. With over 160 thousand employees across the globe in his charge, Michael helps run a team of experts who support and drive security programs for the company. July 19, 2021

Download

Ep. 150 – Security Awareness Series – Getting Senior Management Buy-In With Michael Fortune

View on iTunes

Get Involved

Got a great idea for an upcoming podcast? Send us a quick message on the contact form!

Enjoy the Outtro Music? Thanks to Clutch for allowing us to use Emily Dickinson as our new SEPodcast Theme Music

And check out a schedule for all our training at Social-Engineer, LLC.

Check out the Innocent Lives Foundation to help unmask online child predators.

Show Notes

Ep. 150

In this episode, Michael Fortune joins Chris Hadnagy and Ryan MacDougall. Michael is the Security Behaviours Team Manager for British Telecom (BT) UK. Michael has been with BT for an amazing 22 years, where he is currently BT’s expert on security behavior, insider threat behavior, and social engineering, and helps guides the business around these risks. With over 160 thousand employees across the globe in his charge, Michael helps run a team of experts who support and drive security programs for the company.  July 19, 2021

00:00 – Intro 

CLUTCH

03:37 – Michael Fortune Intro

05:22 – Michael’s Path – how has your background in psychology helped with cyber and information security?

06:10 – Have you been able to use psychological principles in education?

07:27 – How do you keep education engaging for 160,000 people?

10:07 – Top-down approach

12:51 – You are essentially performing an SE gig in order to get an SE gig

14:03 – What’s your ruleset?

15:59 – Senior Management Buy-In – people are afraid of doing that so they don’t do it.  How do you approach that?

 19:08 – Where is the ethical line in using social engineering to get buy-in?

21:21 – Explaining to upper management the repercussions of not doing this training

22:52 – Were your CISO and Director of Protections always on board or did you have to convince them? 

25:56 – What have you learned from your hundreds of thousands of SMishing attacks under your belt?

29:18 – Advice about getting buy-in from the top down can work for any size company

30:30 – When you talk about personalizing the sessions that you do, do you personalize to the department? 

33:05 – Following through with a good program

36:24 – The idea is to get people to do it

36:38 – What colleagues do you respect most in the industry? 

  • Steve Benton – Deputy CISO at BT 
  • Chris Hadnagy

39:22 – What are some action steps that corporations should start doing right now?

42:00 – Experience is everything

42:40 –

Book Recommendations 

44:48 – You need patience because a human being is different and complex

45:13 – Michael Fortune on the internet: [email protected]

BACK TO PODCASTS