
What does trust mean to you?
Four cybersecurity practitioners tell us what trust means to them.
Read MoreDiscover exclusive interviews and insights from the global Black Hat MEA community, in your inbox every week.
Phenomenology – and why lived experience should guide cybersecurity.
Because most of us have spent the last few years very focused on tools. AI, LLMs, quantum, real-time detection.
But the question we need to ask more often is:
What’s it like to be a person using these systems?
Not the persona. Not the end user. The person.
In philosophy, phenomenology is the study of lived experience; not what we think people do, but what it feels like to live through a process. We think phenomenology is increasingly relevant in cybersecurity. Because if Black Hat MEA 2024 taught us anything, it’s that we’re still designing security around systems – but the risk (and the opportunity) lies with people.
Speaking to us on the exhibition floor, Craig Jones (Immediate Past Director Cybercrime at Interpol) said simply, “You can do great work using technology, even if you don’t fully understand it.”
But he added: “That’s why we need checks and balances.” Why? Because no matter how intelligent the tech gets, the way people interact with it is unpredictable; emotional, distracted, overloaded, overwhelmed. Human.
The lived experience of cybersecurity isn’t clean. It’s messy. And that messiness is where breaches happen.
Justin Ong (CISO and Chief Privacy Officer at Panasonic) talked about how AI is helping translate security into business language. And that’s really valuable. But what’s underneath that is more profound: we’re learning how to frame risk in ways that resonate with lived reality – not just with dashboards and KPIs.
This is important because increasingly, leaders in cyber are recognising that the future of security might depend less on the tech stack, and more on how well we understand human experience.
You know this:
That’s phenomenology in practice, and we ignore it at our peril.
Caitlin Sarian (Cybersecurity Girl) told us, “It’s not just engineers anymore. It’s product people, business leaders, creatives.” It’s not just diversity of role – it’s diversity of experience.
So we need to design security not just for experts, but for real people, in real moments.
When we caught up with Dr. Leila Taghizadeh (CISO at Allianz) at the 2024 event, she highlighted the energy and perspective coming out of the Middle East. A region with a young, connected population rethinking what cyber leadership can look like. Not imported best practices, but lived ones.
We can keep pushing the edge of what machines can do. But if we don’t embed empathy into the design, delivery, and communication of cybersecurity, we’ll keep solving the wrong problems.
As the philosopher Maurice Merleau-Ponty said:
“The body is our general medium for having a world.”
In other words, all perception (and all risk) is grounded in experience.
Let’s stop designing for the persona, and start designing for the human.
Open this newsletter on LinkedIn and tell us in the comment section.
Join the newsletter to receive the latest updates in your inbox.
Four cybersecurity practitioners tell us what trust means to them.
Read MoreFind out how security analysts and disaster science can help the cybersecurity industry get better and storytelling and communication.
Read MoreDiscover five top open source projects that you can use to improve your cybersecurity skills.
Read More