Wolfgang Ettlinger
Wolfgang Ettlinger is heavily interested in the technical aspects of IT security, in particular application security. In the past decade he has gathered experience with a broad range of languages, technologies and frameworks in e.g. penetration testing, source code review and secure software development projects. He is responsible for the identification of dozens of CVEs affecting products from Citrix, Oracle, Symantec, Sophos, Trend Micro, etc. He currently serves as the Head of Research and Director for Application Security at Certitude Consulting.
Sessions
In Cybersecurity there is a narrative existing: The problem is sitting in front of the screen… but is it?
Our understanding of humans in cybersecurity is shaped by problematic metaphors, which influence how we design security systems. The way we likely describe humans, shapes how we approach cybersecurity.
Humans are as seen as the weakest link: Humans are viewed as the main source of failure > Assumption: Technology is strong, humans are weak
Humans are seen as driven by fear: as frightened animal > Assumption: Fear and punishment drive secure behavior
And once you believe, that the human is the problem, you stop looking for better explanations.
In our talk we will have a deeper look at these assumptions and the psychological as well as technical factors of (in)secure behavior in organizations
Cognitive biases often cause individuals to underestimate rare but catastrophic risks or to place excessive trust in automation. Routine blindness may result in subtle anomalies being ignored when tasks become repetitive. Furthermore, poor collaboration and information silos weaken collective intelligence, while misguided prioritization—such as choosing convenience over security—can undermine defense efforts. Yet, to fully leverage the strengths like pattern recognition, intuition, adaptive reasoning and ethical decision making, organizations should minimize human error through training, supportive tools, and sustainable working conditions, ensuring that human intelligence can function as a powerful ally in defending against digital threats.