- Audience 1st
- Posts
- Why Human-Centric Security is the Next Frontier in Data Privacy (and Why It Matters Now More Than Ever)
Why Human-Centric Security is the Next Frontier in Data Privacy (and Why It Matters Now More Than Ever)
Attackers are focusing less on breaking into systems and more on exploiting people. It’s no longer just about firewalls and zero-days. It’s about you.
Dani Woolf
21 Feb • Read Time: 7 minutes
This episode is presented together with
When I started out as a marketer in the cybersecurity space, I didn’t fully grasp how personal security really is.
Sure, I knew the basics:
Protect the network, secure the endpoints, stop the bad guys.
But the more I spoke to security leaders, the clearer it became:
It’s all about people.
Security isn’t just technical; it’s deeply human.
The more I interviewed CISOs, security architects, and practitioners, the more I heard the same recurring theme:
Attackers are focusing less on breaking into systems and more on exploiting people.
It’s no longer just about firewalls and zero-days. It’s about you.
This shift toward human-centric security is something Rob Shavell, co-founder of DeleteMe, and I recently discussed on Audience 1st Podcast.
Rob’s take on privacy and human security was both fascinating and, frankly, a little unnerving.
But it also illuminated some important truths about where we’re headed and what we need to do to prepare.
Before we dive in, don’t forget to subscribe to join 1700+ cybersecurity marketers and sales pros mastering customer research. You’ll get notified whenever a new episode and buyer insights summary drops.
Insights and Key Takeaways
Privacy as a Verb: Taking Action in an Era of Data Abundance
“We used to think of privacy as a noun. I think we’ve got to start thinking about it as a verb.”
That hit me hard.
He’s right. Privacy is no longer a passive state of being.
It’s a series of actions we must take to protect ourselves from the growing risks of digital exposure.
In my work, I’ve spoken to security leaders who are no longer just concerned with protecting their networks; they’re worried about protecting their people.
From executives who’ve been doxxed to employees whose families have been threatened, these human risks are no longer rare incidents, they’re becoming frighteningly common.
And as Rob pointed out, this risk isn’t static.
The combination of AI and massive data collection is a ticking time bomb.
“Every Spotify play, every fast-forward, every choice we make online—it’s all being tracked, linked to our identities, and crunched by AI in ways even human analysts couldn’t predict.”
It’s not just about targeted ads or creepy coincidences. It’s about having our daily decisions manipulated without us even realizing it. Privacy is no longer a nice-to-have; it’s survival.
AI: The New Creative Tool for Cybercrime
We often think of AI as a force for good - automation, efficiency, innovation.
But there’s a dark side we can’t ignore.
As Rob described it, AI has turned cybercrime into a “creative industry.”
“You don’t need to be a hacker to launch an attack anymore. You can literally ask an LLM (large language model) to code a phishing attack for you. You don’t even have to be a developer.”
Hearing that made me think about how dramatically the landscape has changed since I started doing customer research in this industry.
Back then, attackers were technical specialists with years of experience.
I started seeing more advanced techniques rise as time passed during my time working in-house as a demand gen marketer for security firms.
Today, thanks to AI, anyone with a little creativity and malicious intent can become a threat.
I’ve heard countless stories from security leaders about how AI-generated deepfakes and synthetic voice scams are being used to wreak havoc.
The boundaries between fiction and reality are blurring and organizations are struggling to keep up.
The ROI Dilemma: Proving the Value of Prevention
One of the biggest challenges for security leaders is proving the value of proactive, human-centric security initiatives like continuous data removal.
The truth is, it’s hard to quantify something that doesn’t happen.
Rob shared an interesting anecdote about how one of his customers communicates the ROI of DeleteMe’s services to their board.
The security leader gets just 20–30 seconds every quarter to convey the impact.
They present a dashboard showing how many hours their team saved from monitoring and removing exposed PII (personally identifiable information), along with the number of successful removals.
“Fantastic. What’s next?” the board typically responds.
It’s a frustrating reality for many security practitioners.
Preventative efforts rarely get the same recognition as incident response.
But Rob believes the future lies in correlating digital footprint reduction with actual threat reduction.
It’s not easy, but it’s necessary if we want to tell a more compelling ROI story.
Simplicity is Everything: Overcoming Cultural Barriers
Another challenge we explored was the cultural resistance to security initiatives within organizations.
Rob described how employees have become conditioned to avoid anything that smells like security awareness training.
“It’s like giving bad-tasting medicine to a kid. They’ll do everything they can to avoid it.”
That resonated with me deeply.
In my conversations with security leaders, I’ve heard the same story over and over:
Employees are tired. They’re overwhelmed.
And if security feels like a burden, they’ll ignore it.
The key, Rob emphasized, is simplicity.
Make the solution easy to use, non-intrusive, and clearly distinct from traditional security processes.
When done right, services like DeleteMe can become a welcome relief rather than just another task on a never-ending to-do list.
Final Thoughts
So, where do we go from here?
The way I see it, human-centric security isn’t a passing trend.
Protecting people is just as important as protecting systems.
It’s about layered defenses that address both cyber and human risk together.
For me, this means continuing to have conversations that matter.
It means listening to practitioners, amplifying their voices, and helping them find solutions that actually work.
And it means recognizing that security is personal.
Always has been, always will be.
Until next time,
Dani
Subscribe to Audience 1st Podcast Newsletter
Thanks for reading! If you like summaries like this, subscribe to Audience 1st Podcast Newsletter to get notified whenever a new episode drops.
Excited to collaborate? Let’s make it happen!
Check out our sponsorship details to connect with real security practitioners and showcase your brand to an engaged community of cybersecurity decision-makers giving and seeking real buyer insights.
Reply