homepage
Call Open menu
Request Info Apply Now

John Scott

John Scott runs Wildpark Security Consultancy Ltd – a boutique consultancy focussing on helping organisations mature their security culture and better manage their human risk.

He is also a Certified Instructor for the SANS courses LDR433: Managing Human Risk and LDR521: Security Culture for Leaders. 

He teaches classes and gives presentations all around the world on managing human risk and improving security culture. Previously, he worked in a human risk management startup as their Lead Researcher, a senior security transformation role at BT and was Head of Security Education for the Bank of England for nearly 7 years, running an internationally recognized culture change program for the UK’s central bank. John’s key passion is the need for security to be a champion of their colleagues, rather than just being the ‘department of NO’. He hates the phrase "users are the weakest link."

More About John
Specialties
Headshot of John Scott

Profile

Being an IT trainer was not something John set out to do. Throughout his career, he found himself choosing “interesting” job roles over a more traditional career path. Around 2015 he chose a job in security awareness specifically, and suddenly realized this was the career he’d been working towards his entire professional life without knowing it. John’s combination of communication skills, psychology, pedagogy, and persuasion, coupled with his passion for teaching others, suddenly were all very relevant to his role.

John has run cyber exercises for all levels of organizations, helping them to understand how to respond in a crisis. Drawing on his presentation skills, storytelling, and design skills to present exciting and engaging exercises that get the points across is very rewarding for John. In fact, just three months into his first security role, the entire organization was creating posters to be included in the cyber security strategic plan gallery. His enthusiasm carried him past a poster to in-house developed multimedia games, videos, interactive exhibits, and a 3-D modelling of critical systems and how information flowed among them.

John’s teaching philosophy comes from his very first instructor role—teaching Aikido, a Japanese martial art. From that he learned very quickly that there cannot be a single approach to teaching; some people learn by watching while others by doing. This belief guides John’s teaching to use as many ways of getting his point across as possible, ensuring he’s done everything possible to help students understand. The other thing Aikido taught John is that no matter how good you are, some days, with some techniques, someone you're teaching might be better than you. John latches on to the opportunity in every class to learn from someone else.

When teaching, John thoroughly enjoys the conversations with the class, drawing on everyone's experiences, backgrounds, and creativity. He encourages sharing of stories, good and bad examples of what has worked and sometimes more importantly, what has not. Watching the light bulb go off for a student, recognizing they are not alone in the world even if they are the only person in their organization who thinks about security awareness or culture change, is John’s biggest win. He helps students discover security awareness is an exciting and creative career, find and engage with the larger community of practitioners around the world, and understand that they can make a real difference in their organization with some simple but effective techniques to drive behavior change.

The threats we must educate our colleagues about change daily, but a lot of the mitigations remain the same from a behavioral point of view - have good cyber hygiene, create strong passwords, don't fall for phishes and so on. John believes his students’ biggest challenge is the strange balance that comes from keeping messaging fresh while reiterating and reinforcing the same behaviors over time to keep people engaged. He feels strongly it’s all about the stories you tell and how people listen to them.

John holds a bachelor’s degree in Library and Information Studies from Manchester Polytechnic, a PG Certificate in Education from University of Brighton, and a master’s degree in Cyber Security and Human Factors from Bournemouth University. He is a faculty member of the SANS Technology Institute, an NSA Center of Academic Excellence in Cyber Defense and multiple winner of the National Cyber League competition.