Security-Engaged: The Whole-Organization Strategies Blog

In cybersecurity, the "last mile" represents the critical connection between technical controls and the people who use them every day. Without engaging frontline workers and providing them with the right tools and training, even the most advanced security measures can fall short. In this post, Sonya Lowry explains why human involvement is essential to closing the cybersecurity gap and how the Sibylity platform empowers every employee—technical or not—to be a vital part of your organization's defense strategy. Learn how to transform your last mile from a vulnerability into a strength through shared responsibility and accessible cybersecurity solutions.

The traditional, centralized approach to cybersecurity is no longer sufficient for today’s complex threat landscape. Relying solely on IT-driven security measures leaves critical gaps that can expose organizations to significant risks. In this post, Sonya Lowry explains why a new, distributed model—Federated Cyber-Risk Management (FCR)—is essential for empowering every department to take ownership of their cybersecurity responsibilities. By integrating FCR, organizations can shift from reactive, IT-focused security to a proactive, whole-organization approach that balances centralized governance with shared responsibility across all teams.

Federated Cyber-Risk Management (FCR) is often perceived as a human-centered cybersecurity approach, but it is, in fact, a process-centric methodology designed to distribute responsibility across an organization. In this post, Sonya Lowry clarifies the core principles of FCR and explains how it differs from human-centered cybersecurity while highlighting their potential synergy. By combining FCR’s structured process with human-centered design, organizations can create an inclusive, security-engaged culture where every stakeholder plays a role in managing cyber risks. Learn how to integrate these methodologies to foster a resilient, holistic approach to cybersecurity.

The emergence of the Rhysida Ransomware Group in 2023 has elevated the ransomware threat landscape, as evidenced by their high-profile attacks on large organizations like New Jersey City University. In this post, Sonya Lowry breaks down the anatomy of a Rhysida ransomware attack and explains how their sophisticated techniques, including AI-enhanced phishing and double extortion, demand more than technical defenses. Discover how a whole-organization approach—integrating both technical and human-centered strategies—can help your organization prevent, detect, and respond to such attacks. From advanced monitoring tools to empowering employees with critical thinking, learn how Federated Cyber-Risk Management (FCR) builds resilience in the face of evolving ransomware threats.

In the new era of social engineering, attackers aren’t just relying on malicious code—they’re using psychology to manipulate human behavior. With AI generating flawless phishing emails and social media posts, traditional red flags like typos and strange grammar no longer apply. In this post, Sonya Lowry explores how logical fallacies are being used by cybercriminals to trick even the most cautious individuals and organizations. By understanding and recognizing these psychological traps, you can defend against modern social engineering tactics and strengthen your organization's cybersecurity posture through Federated Cyber-Risk Management (FCR).

Effective cyber risk management requires more than technical controls. While tools like SIEMs, vulnerability scanners, and EDR solutions help address technical vulnerabilities, they often leave critical gaps in administrative controls, which can lead to human-enabled breaches. In this article, Sonya Lowry explores the limitations of traditional risk management programs and introduces Federated Cyber-Risk Management (FCR), a transformative approach that distributes cyber risk ownership across the organization. Learn how Sibylity by SibylSoft provides continuous oversight of administrative controls, closing the most overlooked gaps in cybersecurity and fostering a culture of shared responsibility.

In today's complex cybersecurity landscape, organizations need more than traditional strategies to protect against growing threats. Drawing from over two decades of experience and insights from Total Quality Management (TQM) and NSF-funded projects, Sonya Lowry introduces Federated Cyber-Risk Management (FCR). This revolutionary approach shifts cybersecurity from a siloed responsibility to a shared, organizational-wide commitment. FCR fosters security-engaged cultures, empowering every employee to take part in cybersecurity efforts. Discover how FCR can help your organization address cybersecurity challenges, overcome skill shortages, and build resilience through collaborative, cross-functional participation.