Streaming live November 29 and 30, PrivSec Global unites experts from both Privacy and Security, providing a forum where professionals across both fields can listen, learn and debate the central role that Privacy, Security and GRC play in business today.

Miriam Mwonge currently works in Data Privacy Operations at East African Breweries Plc, where she is an Information Manager and Data Protection & Privacy Lead. Her work revolves around information management and governance, information security and data privacy.

Miriam appears exclusively at PrivSec Global to discuss human-centric security culture, looking at what organisations can do to optimise management of risks associated with a company’s employees.

Below, Miriam answers questions on her professional journey and the themes of her PrivSec Global session.

Could you briefly outline your career pathway so far?

I am a seasoned information management, data privacy and governance leader with a career that spanning 14 years. My professional journey traverses academia, oil and gas industries, as well as multifaceted consultancy and manufacturing sectors. Each of these has presented unique challenges and operational landscapes.

My passion, commitment and interest are driven by the constant changes in digital trends, technology and legislations that explicitly mould company strategies, business processes, workflow dynamics, and the continuous enhancement of skillsets.

What does it mean to build a human-centric security culture?

Building a human-centric security culture involves acknowledging and prioritizing the role of individuals in the security framework across various dimensions, including physical security, personnel safety, e-safety, risk assessment, management, business continuity, and investigations.

The synergy between humans and technology is vital for achieving comprehensive and fool-proof security. Individuals have to be empowered by fostering a sense of responsibility, and recognizing the unique contributions that human factors bring to the multifaceted landscape of security.

What are the primary hurdles companies face as they bid to build a human-centric security culture?

Building a human-centric security culture faces challenges, including:

• · Privacy concerns: Security may infringe on privacy, requiring careful consideration to avoid breaches, especially with global data protection laws like GDPR.
• · Resistance to change: Users may resist security protocol changes if perceived as inconvenient.
• · Limited understanding: Users may not grasp the benefits of security initiatives fully.
• · Lack of trained personnel: Insufficient expertise to support security measures and provide preceding training.
• · Budgetary constraints: Security measures need to demonstrate business value to secure budget allocations.
• · Technology-human misalignment: Security tech may not align with human behavior, risking workarounds.
• · Evolving threat landscape: Adapting security measures to the constantly changing threat landscape is a perpetual challenge.

Despite these hurdles, proactive efforts are crucial for creating a resilient and adaptable security environment.