Security Journey ExpertStarted in July 2020
An investigation of the feasibility of a new security role: The Security Journey Expert.
The first idea was to research whether the 'customer journey methodology' of marketers can be used to make employees more security-conscious, so that security incidents attributable to human behaviour can be reduced. During the explore phase of the project this idea has expanded to an investigation of the feasibility of a new security role: The Security Journey Expert (SJE). This person looks at human behavior in business processes for causes of security vulnerabilities, so that security incidents attributable to human behavior can be reduced.
Proof of Concept: In the Proof of Concept phase the team investigated the viability of this new role by performing a dry run on the work of the Security Journey Expert. We looked at the employee recruitment process within financial organizations from a behavioural point of view and focused on (potential) user-generated incidents. As a results we gained insight into this new role and crafted a draft version of a competence profile.
Pilot phase: In the next phase of the project, in close collaboration with recruiters and hiring manager of at least one of the participating organizations, the team wants to make and publish a vacancy for this new role, search (internally) for, and select & interview suitable candidates. When a suitable candidate is acquired the team plans to continue with an actual implementation of the candidate for a short duration of time, i.e. a period of 6 weeks. And ‘coach’ the candidate on the job. The expected results are an updated competency profile to be used for acquiring suitable candidates within the business environment and a proof of the concept in the actual business environment.
This project is part of the trend
Money laundering gets growing attention
With new ways of money laundering, e.g. the use of social media and targeting the youth, it is becoming even harder for banks to identify money laundering fraud.