Here are seven minutes of the best moments from last week’s CISO Series Video Chat: “Hacking the Human: An hour of critical thinking on the additional benefits of securing people”.

Watch the full video.

Joining me in this discussion were Robert O’Brien, CEO, Metacompliance and Shawn Bowen (@smbowen), CISO, Restaurant Brands International.

Got feedback? Join the conversation on LinkedIn.

HUGE thanks to our sponsor, MetaCompliance

Winner Best Bad Idea Award

We had a spectacular 41 bad ideas. We love Carlota Sage’s bad idea because it’s kind of a throw back to when phone operators used to patch in your calls for you.

Here are some honorable “bad ideas”:

“When users fall for phishing email, they must take and pass one of the military PT tests. Healthcare costs should go down, so now you can use that saved money for your security program funding.” – Matthew Thomson, vp, IT security, First Union Credit Union – Appleton Wisconsin

“Turn your security department into a group that seems to only trick users into clicking phish attempts.” – Jeff Costlow, deputy CISO, ExtraHop Networks

“Give the user a shock when they click on a simulated phish test.” – Ralph Page, IT risk and compliance manager, MRO Holdings

Best comments from the chat room

“‘People’ are just other nodes on the network, with BYOD issues and unstable operating systems.” – Brian Mohr, CEO and Co-Founder at D3 Intelligence

“When changing behavior you need both a way and a will. it feels to me like we offer lots of ‘ways’ but do very little too encourage the ‘will’.” – Dutch Schwartz, strategic lead, AWS Global Security Services Team

“Cyber security relying on end-users is not a strategy. We’ve got to stop delivering malicious emails to end-users.” – Errol Weiss, CISO, Health-ISAC

“I think everyone needs to understand why social engineering works so well. In order for your end users to access what they want when they want you are unable to lock it down. You cant just ignore end users because they are the main way in.” – Ian Holm, TTP development analyst, Alion Science and Technology

“I think a big gap in our security awareness is that we focus only on security for the business. We can make it far more impactful if we also share ways to make you family and home more cyber secure.” – Patrick Benoit, vp, global BISO, CBRE

“My favorite behavior metric: In Slack/Communities, see how often non-security folks are responding to security-related questions before the security team gets to it.” – Carlota Sage, principal, Sage Knowledge Works