Episode Overview
In this episode, Peter Floyd, Chief Digital Officer at the Department of Local Government, Water and Volunteers, delivers a highly practical and refreshingly human keynote on why digital security must be everyone’s business — not just the responsibility of IT teams. Drawing on real-world experience inside a newly formed department of 1,000 staff, Peter shares how organisations can lift cyber awareness and capability across the entire workforce, without extra budget or technical jargon.
Rather than focusing on tools and controls, Peter reframes cybersecurity as a people and culture challenge, showing how simple, well-designed communication can significantly reduce risk and change behaviour across an organisation.
Key Themes
Peter explores how everyday habits — multitasking, password reuse, distracted clicking — create the biggest cyber risks, and why frontline staff who don’t “care about cyber” are often the weakest link. He demonstrates how awareness, humour and relevance can turn cybersecurity from background noise into something people actively think about at work and at home.
What You’ll Learn
1) Why Cybersecurity Isn't an IT Problem
Why most cyber incidents don’t start with hackers breaking firewalls — they start with normal people doing normal work under pressure.
2) Making Cyber Awareness Stick
How replacing long, technical updates with short, readable, engaging content dramatically increased staff engagement — from under 10% readership to more than two-thirds of the department.
3) Using Humour Without Undermining the Message
Why light-hearted hooks (including memes, photos and quizzes) can make serious security messages more memorable — and where the line needs to be drawn.
4) Low-Cost, High-Impact Interventions
How Peter built a successful cyber awareness program with minimal cost by partnering with internal communications, focusing on clarity, and designing content people actually want to read.
5) Turning Awareness into Behaviour Change
From phishing awareness and clean desk practices to geo-fencing, AI tools and meeting security — how small, well-timed nudges can reduce real-world risk.
6) Cybersecurity Beyond the Office
Why it matters that staff think about cyber risks at home too — especially around scams, social media, tax fraud and personal data — and how that awareness feeds back into safer behaviour at work.
7) Measuring What Matters
How engagement metrics, quizzes and friendly competition across teams helped reinforce learning and keep cybersecurity top of mind throughout the year.
8) Building a Sustainable Culture
Peter reflects on leadership, visibility and succession — and why no organisation should rely on a single champion to carry cybersecurity awareness forward.
Key Takeaways
Cybersecurity is a people problem first, technology problem second
Awareness works best when it’s simple, relatable and relevant
You don’t need more money — you need better communication
Short, clear messages beat long policy documents every time
Behaviour change happens when people understand why, not just what
Why You Should Listen
This episode is a must-listen for public sector leaders, digital and cyber professionals, internal communications teams and anyone responsible for workforce capability. Peter offers a practical, scalable approach to building cyber awareness that works in the real world — especially in organisations where most staff aren’t technical and don’t want to be.
Memorable Line of Thinking
Cybersecurity succeeds when people think about it instinctively — not when they’re forced to learn it. Making security everyone’s business starts by meeting people where they are.
Recommendations
GIW FEDERAL 2025: Strategies to bolster female participation in the cyber workforce for optimised outcomes
GIW Federal 2025: Cyber Resilience & Organisational Uptime Using Microsegmentation by Raja Ukil
Midnight In The War Room
Artificial Intelligence (AI) Policy Development
