Why Cybersecurity Is Really About People, Not Just Technology

As an Information Systems Security Officer (ISSO), I've spent a lot of time thinking about what it means to keep data safe. The world we live in is increasingly digital, and with that comes the huge responsibility of protecting information from ever-evolving threats. But the longer I do this job, the more I realize that cybersecurity isn't just about firewalls, encryption, and compliance checklists—it's about people.

People Are the Heart of Cybersecurity

When you think of cybersecurity, you might picture hackers in dark rooms, complicated code, and high-tech defenses. And sure, that’s part of it. But the biggest risks often don’t come from outside threats—they come from within, from everyday people who make simple mistakes. Maybe someone clicks on a phishing email or reuses the same password for multiple accounts. These are common errors, and they can lead to big problems.

But here’s the thing: I don’t see these mistakes as failures. I see them as opportunities to learn and grow. We’re all human, after all, and everyone slips up now and then. My job isn’t to punish people for their mistakes but to help them understand how to avoid them in the future. It’s about education and empowerment, not just enforcement.

The Impact of Life on Work and Security

Recently, I received news that my sister had fallen suddenly ill. The stress of this situation hit me hard—it was unexpected and overwhelming. It’s in moments like these that life’s unpredictability truly makes itself known. Balancing my personal concerns with my professional responsibilities wasn’t easy. There were days when my mind was far from the office, occupied with worry and concern for my sister’s health.

This experience reminded me that we all have lives outside of work, filled with challenges that can affect how we perform our jobs. It made me more empathetic toward others, recognizing that when someone makes a mistake at work, it might not be just about a lack of knowledge or carelessness—sometimes, it’s about dealing with something difficult in their personal life.

During this time, I leaned heavily on my team and colleagues. Their support allowed me to manage my duties effectively, even when I wasn’t at my best. It also reinforced the importance of creating a workplace where people feel supported, both professionally and personally.

Creating a Culture of Awareness, Not Fear

I believe that building a strong security culture within any organization is crucial, but it shouldn't be driven by fear. People need to know why security matters and how their actions contribute to the bigger picture. When they do, they’re more likely to follow best practices.

That’s why I spend a lot of time talking with people across different teams. I want to hear their concerns and understand their workflows. This way, I can help create security practices that make sense for them, not just for the IT department. Security should feel like a natural part of the job, not an extra burden.

Rolling With the Punches in a Changing World

The world of cybersecurity is always changing. There’s a new threat or vulnerability around every corner, and staying ahead of them can feel like a never-ending battle. But you know what? That’s what makes this job so interesting. It keeps me on my toes, always learning and adapting.

But I don’t do this alone. I lean on my colleagues, industry peers, and the wider security community. We share knowledge, tips, and insights because, at the end of the day, we’re all in this together. And that sense of community is something I value deeply.

Leading With Empathy and Understanding

Being an ISSO isn’t just about managing risks—it’s about leading people. It’s about being there for your team, offering support, and making sure everyone feels valued. The work we do is important, and it can be stressful. But by fostering a positive, supportive environment, I believe we can make a real difference.

When people feel appreciated and understood, they’re more likely to care about the security of their work. And that, in turn, makes the entire organization stronger.

Looking to the Future

As we continue to navigate the digital landscape, the role of the ISSO will keep evolving. But no matter how much things change, one thing remains constant: the importance of focusing on the human side of cybersecurity. By putting people first—through education, empathy, and communication—we can create a safer, more secure world for everyone.

Let’s keep working together to build a security culture that’s not just about protecting data but about caring for the people behind it - Joseph Baidoo