In Episode S8E2 of the Brilliance Security Magazine Podcast, host Steven Bowcut sits down with Matt Lindley, Chief Innovation & Information Security Officer at NINJIO, to explore why the “human layer” of security must be managed with the same rigor as technical controls—especially as AI accelerates the scale, realism, and personalization of social engineering. Their conversation focuses on how organizations can move beyond compliance-driven awareness training toward measurable, behavior-driven human risk management, with accountability, metrics, and culture change as essential supporting pillars.
Summary
Matt brings a practitioner’s perspective to a problem many security leaders feel every day: attackers don’t need to defeat every control—they only need one person to click, comply, or be convincingly manipulated.
A major theme of the discussion is the shift from “security awareness” to human risk management (HRM)—a model that treats employee behavior as a risk surface that can be measured, coached, and improved over time, not just “trained once a year.” Matt explains why traditional training often fails to translate into real-world decision-making under pressure, and what must change when adversaries can use AI to craft persuasive messages at scale.
The conversation also explores:
- How generative AI changes social engineering, including the practical difference between deepfakes and “cheap fakes,” and why both can be effective in real environments.
- The role of behavioral science in security outcomes—how attackers exploit predictable human triggers like urgency, authority, fear, curiosity, and social proof.
- What modern HRM looks like operationally: targeted coaching, reinforcement over time, and programs designed to reduce risky behaviors rather than simply prove completion.
- Accountability and metrics: what leaders should measure (and what they should stop measuring) to demonstrate real risk reduction to executives and boards.
- How to drive culture change without security fatigue, building a durable “verify before you trust” mindset across teams without turning security into a constant interruption.
Throughout the episode, Matt balances strategy with practical implementation guidance—what to do first, where most HRM programs break down, and how to maintain momentum after launch.
About our Guest
Matt Lindley is the Chief Innovation & Information Security Officer at NINJIO, a cybersecurity awareness training and human risk management platform. With more than a decade and a half of experience as a cybersecurity analyst and practitioner, Matt focuses on helping organizations reduce risk by strengthening the human layer—translating emerging threats, social engineering tactics, compliance realities, and security transformation challenges into programs that drive measurable behavior change.
Click the image below to listen to this Brilliance Security Magazine Podcast episode.
Steven Bowcut is an award-winning journalist covering cyber and physical security. He is an editor and writer for Brilliance Security Magazine as well as other security and non-security online publications. Follow and connect with Steve on Instagram and LinkedIn.