In Episode 58 of the Cybersecurity Matters podcast, we sit down with Tim Ward, Co-Founder and CEO of Redflags, to explore how behavioural science is transforming cybersecurity. With nearly 30 years of experience in corporate IT and cybersecurity consulting, Tim shares why traditional security awareness training often fails and how real-time contextual nudges can create lasting behaviour change.

We discuss the limitations of phishing simulations, the importance of measuring actual behaviour change rather than training completion, and how data-driven insights can identify the 10% of users causing 80% of risk. Tim explains practical behavioural models like EAST and Mindspace that security teams can implement immediately, and why the industry is shifting from security awareness to human risk management.

Whether you’re a CISO, security leader, or cybersecurity professional looking to reduce human risk more effectively, this episode offers actionable insights on applying psychology to security challenges.

Key Topics Covered:

• Why phishing simulations don’t create lasting behaviour change

• Applying nudge theory and behavioural science to cybersecurity

• Real-time contextual interventions vs traditional training

• Measuring behaviour change and demonstrating ROI

• Using data analytics to identify risk outliers

• Managing AI risks and LLM usage

• Critical security decision points to focus on

• Building security teams and startup culture

• Career advice for cybersecurity professionals

Chapters:

00:00 Introduction and Guest Welcome

01:01 Journey into Cybersecurity

02:10 Entrepreneurial Influences and Early Ventures

04:37 Challenges and Growth in Entrepreneurship

09:18 Recruitment and Company Culture

17:29 Cybersecurity Awareness and Industry Insights

25:40 Future of Human-Centric Security

32:27 Advice for Aspiring Cybersecurity Professionals

About Tim Ward:

Tim Ward is the Co-Founder and CEO of Redflags (previously Think Cyber), a company that applies behavioural science to reduce operational risk in cybersecurity. With nearly 30 years of experience, Tim has worked in corporate IT and cybersecurity consulting, including serving as Global Head of Information Systems for BAE Systems. He studied Computer Science and AI at university and completed an MBA, with a particular interest in motivation and behavioural psychology. Tim is passionate about understanding what makes people tick and how to apply that knowledge to make security more effective.

RedFlags – https://redflags.io/

The Cybersecurity Matters Podcast is brought to you by neuco, a global recruitment agency that specialises in sourcing brilliant people for groundbreaking companies.