Why do well-meaning employees still ignore security rules? In this topic, we explore the psychology and usability challenges that explain why users make the decisions they do when it comes to cyber security. Despite training, policies, and best intentions, compliance isn’t always guaranteed, especially when security measures clash with productivity or convenience. You’ll uncover the subtle forces that shape behaviour in the workplace, from poorly communicated policies to systems that are too cumbersome to follow. We'll examine how usability, clarity, and motivation influence whether people comply, or consciously cut corners. Drawing on real-world examples, you'll gain insight into the push-and-pull between security and usability, and how to design better strategies that drive the right behaviours. By the end of this module, you’ll be able to identify why people don’t comply, and how to reframe your organisation’s approach to turn compliance into a shared goal, not a forced obligation.

Traditional security awareness training often falls short, overloaded with rules, poorly contextualised, and quickly forgotten. In this topic, we challenge the status quo and explore how to reimagine cyber training to genuinely influence behaviour and embed a culture of security across the workforce. You’ll examine how engaging content, meaningful delivery, and psychologically informed strategies can transform passive awareness into active vigilance. We'll explore how to shift mindsets, shape perceptions, and create organisational narratives where every employee understands their role in defending against threats. Whether you're refreshing a legacy program or building one from scratch, this topic will give you the frameworks and ideas needed to drive real change, from compliance to culture.

Cyber security decisions are never made in a vacuum. They are shaped by complex ethical and legal obligations that require us to balance innovation, privacy, and accountability. In this topic, we explore the layered risks that emerge when human judgement intersects with data protection, regulatory frameworks, and moral responsibility. You’ll examine how biases, assumptions, and workplace cultures can skew risk assessments, sometimes unintentionally exposing organisations to breaches of trust, law, and reputation. We’ll unpack what ethical data use really looks like, and how to build systems and cultures that hold people and organisations accountable. By the end of this module, you’ll be able to navigate the grey areas of cyber decision-making with greater clarity and confidence, essential for shaping secure, compliant, and ethically sound environments.

Security doesn’t have to come at the expense of usability. In fact, when systems are hard to navigate, people find workarounds, introducing risk. In this topic, we explore how user-centric design can transform security from a barrier into a seamless part of the user experience. You’ll learn to view interfaces through a human lens, rethinking how authentication, permissions, and alerts are presented to end-users. By applying UX principles to security design, we can build systems that not only protect but also support and guide user behaviour. This module will challenge you to put people first in your security strategy, crafting experiences that are intuitive, accessible, and aligned with how users actually think and behave.

As the lines between work and home continue to blur, organisations need a fresh, people-first approach to managing security and privacy. In this topic, we’ll explore how to embed security and privacy into the DNA of everyday business practice, not just as technical controls, but as cultural imperatives. You’ll examine what it takes to build a privacy-first culture, where individuals are empowered, not burdened, by secure practices. We’ll look at how organisations can align KPIs and performance incentives to security outcomes, making accountability tangible. And, we’ll consider how to support employees in managing cyber risks across both professional and personal environments. Cyber security is no longer a workplace add-on, it’s a core life skill. This topic will help you lead that shift, from policy to practice.