Logotype
Back

Hackers x Humans: EP 3 - Human Risk Management with Oz Alashe

January 13, 2026
Ross Lazerowitz
Ross Lazerowitz
Co-Founder and CEO
Hackers x Humans: EP 3 - Human Risk Management with Oz Alashe

Listen on: Spotify and Apple Podcasts

In this episode of Hackers & Humans, I sat down with Oz Alashe MBE, CEO and founder of CybSafe, former UK Special Forces Lieutenant Colonel, and chair of the UK government's Cyber Resilience Expert Advisory Group. We tackled one of the most confusing and contentious topics in cybersecurity right now: Human Risk Management (HRM).

The goal was simple: by the end of our conversation, we wanted a clear, single-sentence definition of HRM. No vendor washing. No buzzwords. Just clarity and simple ways to get started.

We covered the evolution from security awareness training to behavior-driven risk reduction, why nudges work (and when they don't), and how to avoid turning your security program into a power trip that wastes everyone's time.

Watch (or listen) to the full episode to hear us break down:

  • What HRM actually is — and why it's fundamentally different from security awareness training
  • The behaviors that matter most — from phishing and password hygiene to GenAI misuse
  • Why training doesn't equal behavior change — doctors smoke, speeders take awareness courses, and your users will still click links
  • The science of nudges — what they are (hint: not just notifications), when they work, and how they can become "sludge"
  • Common mistakes organizations make — like treating phishing simulations as a power trip or forcing training on people mid-workday
  • How to get started with HRM — beginning with the end in mind and working backward from risk outcomes
  • Why "workforce security" is just another term — and why fixating on labels misses the point

Oz also shared insights from CybSafe's peer-reviewed academic research on HRM, which identified three schools of thought in the industry: those who see it as rebranded security awareness, those who view it as awareness-plus-integrations, and those (like CybSafe) who believe it's a fundamentally different, data-driven approach focused on measurable behavior change.

If you're trying to move beyond checkbox training and actually reduce human-driven risk in your organization, this conversation is a must-listen.

Resources mentioned in this episode:

Chapters

00:13 Introduction to Oz Alashe and Human Risk Management

04:18 Defining HRM: Data, Behaviors, and Real-Time Interventions

09:18 Why You Can't Just Block Everything

15:33 The Science of Nudges vs. Sludge

21:44 Common Deployment Mistakes and War Stories

27:27 Getting Started: Behaviors, Metrics, and Risk Appetite

34:45 Free Resources and the Security Behavior Database

36:31 Workforce Security and the Great Terminology Debate

41:01 Where to Find CybSafe and Connect with Oz

See Mirage in Action?

Discover how Mirage exposes your actual human risk, tests defenses, and drives staff training with modern, realistic attack scenarios, long before adversaries seize the opportunity to breach you.

Get a demo