Thanks for the kind words in the comments! I’m thrilled to see the interest in this interdisciplinary approach to tackling human-centric cyber risks, which account for 85% of breaches. The CPF’s focus on pre-cognitive vulnerabilities—like authority-based biases (e.g., Milgram’s obedience exploited in CEO fraud) or temporal pressures (e.g., urgency-driven errors)—aims to predict and mitigate risks before they’re exploited.
The ternary scoring system (Green/Yellow/Red) was designed to make actionable insights accessible to security teams, even those without deep psychology expertise. For example, we’ve mapped how group dynamics (Bion’s theories) can lead to security blind spots in high-pressure teams.
I’d love to hear from the HN community: Have you seen psychological vulnerabilities play a role in security incidents in your orgs? What approaches have you tried to address them? We’re also looking for pilot partners to test CPF in real-world settings—details at https://cpf3.org or https://github.com/xbeat/CPF. Happy to answer any questions!
kaolay|6 months ago
The ternary scoring system (Green/Yellow/Red) was designed to make actionable insights accessible to security teams, even those without deep psychology expertise. For example, we’ve mapped how group dynamics (Bion’s theories) can lead to security blind spots in high-pressure teams.
I’d love to hear from the HN community: Have you seen psychological vulnerabilities play a role in security incidents in your orgs? What approaches have you tried to address them? We’re also looking for pilot partners to test CPF in real-world settings—details at https://cpf3.org or https://github.com/xbeat/CPF. Happy to answer any questions!