2 minutes reading
About Aruneesh Salhotra
Aruneesh Salhotra is a seasoned technologist and servant leader with extensive expertise across cybersecurity, DevSecOps, AI, business continuity, audit, and sales. His impactful presence as an industry thought leader is underscored by his contributions as a speaker and panelist at leading industry events, including RSA, CactusCon, Harvard, QA Forum, ADDO, Palo Alto Ignite, ISACA, OWASP, Open Source Congress, IAPP, InfoSec World, and Machines Can See (Dubai). Furthermore, his engagement with key security bodies like OWASP, IEEE, GfE, PBC, and IAPP significantly shapes security policies and promotes superior cybersecurity practices.
Tapping into the Human Psyche to Drive Engagement
Aruneesh Salhotra’s address focuses on the psychological motivations behind training completion and the rising threat of AI-driven social engineering. He observes that in many organizations, training is viewed as a “chore”—something employees do because they have to, not because they are interested. The core topic of his discussion is how to turn this around by treating employees more like “kids” who need to be excited by the learning process. By making training contextual and interesting, organizations can move away from mundane, repetitive methods toward meaningful engagement that actually changes behavior.
Key Points from the Speaker:
- “Training and every sort of attestation seems as a chore itself”.
- “Treat employees as kids and make them excited about what you are actually asking them to do”.
- “Recognition by putting something on leaderboard doesn’t incentivize people… they are looking for much bigger accolades”.
Content: Incentivizing Security and the Deep Fake Challenge
Arunish highlights a critical failure in many awareness programs: the lack of effective incentivization. He notes that approximately 50% to 60% of employees are consistently late in completing their training because simple “leaderboard charts” do not tap into their primary job responsibilities or motivations. To truly influence the human psyche, he suggests that security participation should be linked to things employees value, such as performance reviews or extra credit. Training must also be persona-based; a finance employee should face different simulated attacks and modules than a member of the technical team.
Arunish also brings attention to the “deep fake” crisis. He shares the results of a social experiment where 92% of non-technical staff and 42% of security professionals failed to detect AI-manipulated imagery. He warns that deep fakes are becoming the “hardest problem” for organizations, as current tools often produce high rates of false positives. Because the threat landscape is evolving so rapidly with AI, Arunish argues that organizations must move beyond basic prevention tips and toward more adaptive, intelligent awareness programs that prepare users for highly sophisticated, personalized attacks.
Discuss Your Organization’s Human Risk Challenges – Book a Meeting
