Yenni Tim
[UNSW Australia]
Dr Yenni Tim is an Assistant Professor at The University of New South Wales in Sydney, Australia.

She is a strong advocate for high impact research and education.

In the past six years, Yenni has conducted over 40 research studies with organisations and communities around the world to investigate both the enabling power and unintended consequences of technologies, and has since developed research interests in the fields of analytics and cybersecurity.

Her research on cybersecurity focuses on the human factors.

She works with industry experts to perform action design research to develop data-informed understanding and measures on cybersecurity awareness and behaviours. In her research, she also drives measurable changes through the design of behavioural interventions and proofs-of-concepts.

Using data and machine Psychology of Infosec learning to improve your phishing resilience and education program

Technical Level (3 being the highest score): 1

Many organizations have recognised the benefits of implementing security education and awareness programs around phishing however they can struggle with measuring education and awareness impact and making improvements.

Join us in this session to go beyond standard phishing simulation platform use and learn tips on how to use data and analytics to find meaningful relationships to better understand human behavior and phishing susceptibility.

First, we’ll show you how a large insurance company partnered with a university to analyze over two years of phishing simulation data with machine learning and data analytics techniques. We’ll also discuss what we learned about industry x university collaboration in security and the benefits and challenges for both parties in this collaboration.

Using the data and interviews with employees to understand human behavior we discovered some surprises along the way in how and why our employees are susceptible to phishing attacks. Based on this analysis, we developed a method to model and predict groups in our organization who would be susceptible to future simulations, so we could further develop targeted campaigns.

Wrapping up the session, we’ll cover lessons learned derived from both insiders’ and researchers’ perspectives, based on our experience in running monthly phishing simulations across three countries in two languages, to over 17,000 employees for over two years.

And finally, you’ll walk away with actionable insights and tips on what doesn't work in machine learning and phishing data analysis and how to improve your own organization’s resilience.

Secure your place now!