Security Awareness Training

Understanding Successful Human Risk Management With Hoxhunt’s Maxime Cartier

Expert Insights Interviews Maxime Cartier, Head of Human Risk at Hoxhunt.

Hoxhunt - Maxime Cartier

On the latest episode of the Expert Insights Podcast, Maxime Cartier, the Head of Human Risk at Hoxhunt, explains the importance of human risk management in enterprise cybersecurity strategies.

Cartier began his career building cybersecurity training for Fortune 500 companies, including retail giant H&M. A consistent observation throughout his career has been cybersecurity teams emphasising technology and compliance, rather than the human aspect.

“The human aspect in security was barely touched upon,” notes Maxime, highlighting the need for a shift in focus from technological solutions to comprehensive human risk management strategies.

Listen to the full episode here:

Understanding Human Risk Management

“Human risk management is the process of identifying, evaluating, and addressing the risks posed by human behavior in cybersecurity,” Cartier explains. This involves recognizing specific human risks unique to an organization’s environment, designing tailored interventions to address these risks, and measuring the outcomes in terms of risk reduction.

During the podcast, Cartier shares a compelling case study from his previous experiences, where a targeted human risk mitigation campaign significantly curbed the unauthorized use of Dropbox and other ‘shadow IT’ apps.

Instead of a blanket training approach, his team identified key users and engaged with them personally. This strategy led to a 70% reduction in unauthorized app usage.

“Instead of doing a big awareness campaign or training for everyone… we contacted directly those 50 people and asked them why they use Dropbox,” he explained, demonstrating the power of personalized, direct engagement

Building a Robust Security Culture

Cartier argues that building a security culture is crucial. Negative perceptions of security as overly technical or as the “Department of No,” can impede genuine engagement and improvement.

“Security culture matters because, at the core, it explains why people do or do not do the secure behaviors that you want them to do,” he emphasizes, underlining the importance of reshaping how employees perceive and interact with security protocols.

Cartier’s insights underscore the need for security teams to rethink how they approach human risk and security training. His top advice? Make security easy to understand and engaging by ensuring that it is accessible, rewarding, and meaningful.

“Try to make security easy,” he advises, stressing the long-term benefits of an approachable security framework for end users. By focusing on these principles, organizations can foster a sustainable security-focused culture that resonates with employees on a personal level.


Listen to the Full Podcast Episode:

As the social engineering landscape continues to evolve, human risk management programs can empower employees as active defenders in their organizations. To learn more, be sure to listen to the full episode above.

Subscribe to the Expert Insights Podcast for more insights from cybersecurity industry leaders.