
The Ethical Guide to Security Storytelling: Navigating Real Breaches with Care and Respect
From All Things Human Risk Management by Hoxhunt
February 2, 2026 · 34 min · Episode 11
About this episode
This episode discusses the ethical implications of using real breach stories in security training and how to do it responsibly.
Episode #11 Using real breach stories in security training works... but only if you do it ethically. Real incidents make threats feel concrete, cut through “this would never happen to me” thinking, and drive behavior change. But they also carry real risk: victim-blaming, fearmongering, reputational harm, and loss of trust if handled poorly. In this episode, Noora is joined by David Badanes (Human Risk Management advisor) to unpack ethical security storytelling: how to use real breaches responsibly, where the line is, and how awareness teams can turn incidents into learning without becoming the villain. They break down why real stories outperform generic examples, what not to include when telling breach stories, how to operationalize ethical review with limited resources, and how empathy is the key to changing security behavior. What you’ll learn in this episode: Why real breach stories are more effective than made-up examples in security training Where ethical security storytelling goes wrong and how to avoid victim blaming How to decide whether a real breach is appropriate to use in training What awareness managers should include (and exclude) when telling real incident stories…
People in this episode
Guest: David Badanes
Topics covered
- ethical storytelling
- security training
- real breaches
- victim-blaming
- behavior change
Keywords
- security awareness
- empathy
- incident learning
- reputational harm
Mentioned in this episode
Books & works: The Ethical Guide to Security Storytelling: Navigating Real Breaches with Care and Respect
More episodes of All Things Human Risk Management
- Your Security Awareness Program Has Plateaued - What Happens Next? · March 12, 2026 · 1h 2m
- The Attacks Getting Through Your Filters (and How AI Is Scaling Social Engineering) · December 22, 2025 · 38 min
- Does Security Awareness Training Even Work? Fixing the Flaws Behind “Training Fails” Headlines · November 16, 2025 · 38 min
- State of Phishing 2025: Why SVGs Spiked (and What Still Works) · October 30, 2025 · 46 min
- A CISO’s Playbook for Security Comms (with Jeffrey Brown) · October 14, 2025 · 53 min
- Virtual Kidnaps, Fake CFOs: Social Engineering Defense in the Age of AI · September 18, 2025 · 38 min
Explore listener stats, chart rankings, contacts and more on the All Things Human Risk Management podcast page.