Why cybersecurity pros need to think like hackers

Cybersecurity is a field of high-stakes decisions, digital cat-and-mouse games, and adversaries who are constantly evolving. And to truly stay ahead, defenders need to do more than react. They need to understand. 

That means getting inside the mindset of the threat actor. Which is why empathy and psychological insight are fast becoming essential skills in cyber defence.

Understanding the ‘why’ behind an attack 

When we asked him to reflect on the biggest lesson he’s learnt during his career so far, Jason Lau (CISO at Crypto.com) said: 

“I would advise my younger self to take more courses on psychology...understanding human behaviour is crucial for anticipating and mitigating cybersecurity threats. Knowing what motivates threat actors and how they think can enhance strategies and responses to attacks... This insight is invaluable for a CISO.”

Threat actors aren’t random error codes or malware signatures. They’re people, operating with goals, logic, and emotion. Understanding those drivers helps defenders build smarter systems, create stronger policies, and respond more effectively when something goes wrong.

From adversary to ally? 

For some professionals, that insight goes even deeper. Lance James (Founder and CEO at Unit 221B) has spent 25 years on the front lines of cyber defence – and his approach is shaped by personal reflection and empathy:

“I strive to empathise with our adversaries. However, this doesn't imply I approve of their actions, but I understand their origins.”

James draws from his own experience of being misunderstood as a “mischievous, albeit naive, teenager.” He questions the narratives we often impose on threat actors:

“Had I been born in China, would I, being who I am, be considered a threat or an enemy? Or would I simply be Lance James, a Chinese citizen advancing his nation's interests?”

This kind of thinking isn’t about justifying cybercrime. It’s about breaking down the binary of ‘good vs evil’ to better understand the environments, pressures, and choices that lead people into malicious activity. And sometimes, that understanding opens the door to transformation.

In one powerful example, James recalled how Unit 221B’s Chief Research Officer, Allison Nixon, helped guide a young cyber offender away from crime:

“The first time I worked with Allison, she caught a child causing all sorts of havoc. I realised that he was suffering from sibling abuse at home. Consequently, I wrote a letter to law enforcement, asking them to inspect the safety of his home before releasing him. This child wasn't crazy; instead, he was scared, angry, and wanted to be in a place safer than his home. Jail seemed appealing to him, leading him to engage in overt activities that would get him caught.”

“It's easy to disassociate while on a computer,” James added, “forgetting that it's not just bits and bytes, but people's lives at stake.” 

Tactical empathy to stay ahead 

Cyber attackers don’t always come with a criminal background. Many are insiders. Some are nation-state actors. Some are simply curious people making bad choices. But all of them are strategic in some way – and understanding their logic helps defenders be one step ahead.

As Lau said,

“The cybersecurity field shares many parallels to the game of chess...it’s important to learn and evolve regardless of the outcome.”

If you can anticipate your opponent’s next move, you can stop it before it lands. That’s the power of adopting a threat actor’s mindset.

So if we want to build stronger defences, we need to stop seeing threat actors as faceless enemies and start understanding them as complex humans. By doing so, cybersecurity professionals can move from reactive firefighting to proactive, strategic defence.

We’ll leave you with a final word of inspiration from James: 

“We confront violence and choose peace.”

And that, at the end of the day, is what this work is all about.