Security That Sticks: Shaping Human Behavior – Nicole Jiang, Rinki Sethi – BSW #418
As the Verizon Data Breach Investigations Report has stated year after year, most breaches start with human error. We've invested a lot in Security Awareness and Training and Phishing solutions, but yet human error is still the top risk. How do we actually reduce human risk?
Rinki Sethi, CSO at Upwind Security, and Nicole Jiang, CEO of Fable Security, share why human risk management is the next frontier for security—and how platforms like Fable Security deliver personalized nudges that help employees build safer habits and stay ahead of threats. Solving human risk starts by changing human behavior. Learn how advancements in Artificial Intelligence (AI) and the application of adtech principles (targeted, personalized, A/B-tested messages delivered when they’re most relevant) are delivering faster, more effective behavior change that lasts.
Segment Resources: Five must-haves of modern human risk management: https://fablesecurity.com/ebook-five-must-haves/ Starter RFP for modern human risk management: https://fablesecurity.com/starter-rfp-for-modern-hrm/
This segment is sponsored by Fable Security. Visit https://securityweekly.com/fable to learn more about them!
In the leadership and communications segment, Inside the CISO Mind: How Security Leaders Choose Solutions, 2026 Leadership Strategy: Mastering Agility and Anticipation for Better Decisions, The Most Human, Strategic, Sought-After Tool in Leadership, and more!
Nicole Jiang is the co-founder and CEO of Fable Security, the human risk platform that shapes employee behavior in real time. She was previously a founding team member and Head of Product at Abnormal Security, where she scaled the company from pre-revenue to a $5B valuation. Earlier in her career, Nicole held product and engineering roles at Mixpanel, Microsoft, Palantir Technologies, and Pixlee, building products across AI, SaaS, and security. She holds an engineering degree from the University of Waterloo.
Rinki Sethi is the CSO at Upwind Security, where she leads global Information Security and Technology functions while driving strategy across marketing, go-to-market, and customer engagement. She previously served as CISO at Rubrik, Twitter, and BILL, and held leadership roles at PG&E, eBay, Intuit, and Palo Alto Networks. Beyond her executive roles, Rinki advises startups and serves on boards including ForgeRock. She is also a strong advocate for diversity and mentorship in cybersecurity, actively supporting organizations like Women in Cybersecurity.
Don't miss InfoSec World 2025 — October 27 to 29 at Disney’s Coronado Springs Resort! Cybersecurity pros, workshops before and after, and endless networking. Save 25% with code ISW25-SW at securityweekly.com/ISW2025!
Matt Alderman
- How New CEOs Can Build a Strong Alliance with Their Board Chair
Boards select CEOs for their vision and abilities. But once you step into the top job, your task is to turn the directors’ belief in you into operational reality. This starts with building better alignment with your chair. You can do so in eight ways: establish shared values and cultural norms early; deepen your agreement on strategic direction; clearly define roles and responsibilities; understand your respective leadership styles and motivators; establish robust communication protocols; create transparent decision-making and escalation processes; commit to regular performance feedback discussions; and consider creating a CEO-board charter.
- Inside the CISO Mind: How Security Leaders Choose Solutions
The cybersecurity market has never been more crowded. Every week, a new company claims to solve the latest threat, while others quietly vanish or are absorbed. The vast majority of these companies are targeting the same role within their ideal customers: the Chief Information Security Officer, or CISO. For them, this abundance doesn’t mean choice but noise. Meanwhile, CISOs themselves operate under intense pressure: limited bandwidth, career risk, burnout, and the enormous cost of switching solutions if they make the wrong call.
- Cyber resilience: Moving beyond prevention to boost security
Companies can’t prevent every cyber incident and so being able to minimize the impact is just as, or even more, important as preventing incidents from happening in the first place. The focus shouldn’t be: "How do we stop every attack?", but rather: "How do we survive any attack?"
This is cyber resilience in practice: an organization’s ability to minimize the impact of a significant cyber incident on its primary goals and objectives.
- Agility vs. Anticipation: 2026 Leadership Strategies for Smarter Decisions
We don’t live in an either/or world. We live in a both/and world.
This truth applies to how we lead, how we innovate, and most importantly, how we make decisions. Agile leadership is essential today, but as I’ve said before, agility alone is not enough.
It’s time to thrive better in a world of constant disruption. Leaders of today must combine business agility with something even more powerful: Anticipatory decision-making.
- Why Clear Leadership Beats Cutting-Edge Productivity Tools
Strong leadership, not technology, is the real driver of team performance and organizational success.
- The Most Human, Strategic, Sought-After Tool in Leadership
Where do you sit on the AI spectrum? Excited, anxious, or somewhere in between? Whether you’re drafting emails with ChatGPT or wondering if automation will replace half your team, one thing is clear: technology is accelerating faster than most organizations can keep up. And while the conversation around artificial intelligence dominates the headlines, there’s a quieter truth emerging in the workplace: The skills that matter most right now aren’t technical. They’re human.
