SPRITE+ Project Partner Spotlight – CybSafe
This article was edited by SPRITE+ Research Associate Dmitry Dereshev, with written responses and edits from Cybsafe’s Head of Behavioural Science Dr. John Blythe, CPsychol.
Today the spotlight is on SPRITE+ Project Partner CybSafe. I have recently interviewed Cybsafe’s Head of Behavioural Science Dr. John Blythe, and asked him to talk a bit about his role and Cybsafe's connection to SPRITE+.
A bit about you and your role:
How would you describe your job to a 12-year-old?
I help people protect themselves from online harms.
Criminals are becoming more and more intelligent. They are using many different ways to target people online, including scams and computer viruses. I find out why people fall victim to crimes using psychology. I then use psychology to develop new product features. This means that people can use technology safely and securely.
Could you describe what you do during a typical workday?
My workdays are quite varied. My department is part of the product team at CybSafe and we collaboratively work on new product features. I focus on the research and analysis within product development and the application of behavioural science.
Some days we use frameworks and theories of behaviour change and the evidence base to inform the initial product ideas. Other days we conduct user experience research to assess the usability and acceptability of our product. Part of my day also focuses on the research arm of CybSafe and the work we are doing with universities and the UK government on understanding and reducing susceptibility to cyber threats.
Could you describe a challenging project that you’ve recently worked on?
I am currently doing lots of research on personalisation for different audiences. One of the greatest (and recurring) challenges is communicating complex cybersecurity issues. Literacy skills and message fatigue are just some of the key barriers to people’s engagement with cybersecurity messages. Designing with this in mind is a challenge. I am interested in how we make cybersecurity more interesting, engaging and accessible for people.
What training/experience did you have at the start of your career?
My background is in Psychology and my early experience was primarily academic. I did my undergraduate in Psychology and then an MSc Occupational Psychology (at Northumbria University). I have always been interested in how people behave in the workplace and this led me to do a PhD in cybersecurity in the workplace.
How did you get into your current role?
I spent a few years doing different postdoc positions at Northumbria University and University College London and whilst I love doing research, I realised that the academic culture wasn’t a good fit for me. I like to see the impact of research so I spent some time working in the UK Government on behaviour change strategy and then started looking for a post where I could apply my behavioural science background to product development.
What do you wish you'd known when you started your career?
To me, it's the importance of your support network and not letting someone else’s opinion of you become your reality. I suffered badly from imposter syndrome because I let my critics get the better of me but don’t let the reviewer twos of this world stop you from doing what you are passionate about!
What would you recommend to people who want to follow in your footsteps?
From my experience, a lot of people who have finished their PhD cannot see how it applies to industry job adverts. However, the majority of PhD skills such as research methods and evidence synthesis are key skills that industries look for. My key recommendation is looking at how to remove the academic bulk we add to our CVs and focus more on skills, competencies and strengths you can bring to an industry role.
What one stereotype would you like to dispel about your job or industry?
There is a misconception and oversimplification that behaviour change is just about nudging people. There is a science to behaviour change that is beyond just reading the Nudge book. Cybersecurity behaviours are complex behaviours and have a wide range of cultural, social, environmental and individual causes which require a range of interventions. When we limit to nudging, we limit how much we can help people.
A bit about your involvement with SPRITE+:
How would you describe your company in relation to SPRITE+?
CybSafe is a cybersecurity and data analytics company focused on the influence and measurement of people-centric cybersecurity risk and resilience. We dedicate ourselves to helping organisations take an intelligent, data-driven approach to cybersecurity awareness, behaviour and culture. We are keen to explore security and privacy issues as they relate to organizational cybersecurity.
How do you hope to benefit from working with SPRITE+ network?
We are looking to support challenge areas that primarily focus on privacy, security and trust as it relates to human behaviour for end-users and decision makers. As we focus on mitigating human cyber risk in organisations, we are keen to explore challenges that may relate to awareness, behaviour and culture within organisations.
We are interested in hearing more about the great work by SPRITE+ members and helping to disseminate their findings to audiences who do not normally hear about it. We are also looking to collaborate with academics on research projects, particularly those who are interested in generating impact from their research findings.
Which of the SPRITE+ Challenge Themes can you relate to from the job role that you do, or from your organisation as a whole? How does it impact your job role, and your organisation?
We most closely align with the Digital Vulnerabilities challenge theme. We focus specifically on reducing susceptibility to cybercrime. In my role, I focus on how we can use psychology and research evidence to design more effective interventions to reduce people’s susceptibility.
A lot of my focus is also on helping organisations understand their human cyber risk better and help them move towards a more people-centred approach. As technology is increasing the means with which individuals experience online harms, I am also interested in how we can design out crime through better security by design.
