Dr Mark Carey-Smith
[Independent Infosec Professional]
Mark has been an information security professional for approximately 20 years.

He has worked in operational and architectural infosec roles as well as lecturing, and his current focus is governance, risk and compliance.

Mark holds an MIT and a PhD from the Queensland University of Technology. Mark's philosophy is that information security should be an enabler of business and is fascinated with the behavioural antecedents of the decisions that people make when they use, or abuse, information.

Tutorial: Getting to Yes. Influence and how to get it.

Technical Level (3 being the highest score): 1

Introduction
o Acknowledgement of traditional owners
o Housekeeping (timing, toilets, exits etc.)

Who we are and what we do
o The purpose of this tutorial – what’s in it for the participants
o Expectations about behaviour
o Participants’ expectations about the tutorial (they talk, we listen)

Influence
o What is it?
o What it is not (the types of influence we will be actively discouraging)
 FUD
 Deception, bullying etc.
 Trust and credibility and how to destroy them

Messengers
o Why did they not listen to me but when a consultant came up with the same idea they thought it was brilliant!?

Categories of messengers:
 Hard – based on Status
 Soft – based on Connectedness
 Fleshing out these concepts with specific traits (e.g. socio-economic position, dominance, attractiveness, vulnerability, trustworthiness etc.)

Listening
o Information aversion and how to overcome it
o Lessons from SABSA’s approach to defining ‘the problem’
o Allowing people to be heard and why that might be a novel experience when communicating with an infosec professional

Compelling Events
o Never let a good crisis go to waste
o Organisational political realities – turning a negative situation into a positive
o Preparing beforehand (e.g. last minute budget ‘fillers’)
o Sharing the credit for a good idea
o Grasping the nettle – timing is everything
o NOT ‘I told you so!’
o The availability heuristic and its effect on risk perception

Conclusion
o Our reflections
o Participants’ reflections

Secure your place now!