We're developing the foundational framework for how behavioral security connects to cyber risk. A working group of senior security practitioners and researchers is creating the ontology that maps user behavior to threats, vulnerabilities, controls, and risk outcomes.
This is applied research at the intersection of behavioral science and cybersecurity risk management. Early participants shape how the framework evolves and gain access to methods and tools as they develop.
Quarterly in-person sessions starting Q2 2026.
Contributors include CISOs, human risk managers, and senior security culture practitioners testing real-world applications and stress-testing the framework.
Between sessions, participants and anyone who wants it will receive detailed readouts with key decisions, updated frameworks, and opportunities to provide input.
Behavior is the nexus where all security domains connect. User actions determine whether controls work, contribute to vulnerabilities, and are what interventions target. Yet most organizations lack systematic frameworks for reasoning about behavioral security risk.
The ontology provides structured mental models and analytical methods. It establishes common language for understanding how behavior shapes security outcomes.
This is vendor-neutral research with open-source licensing. All contributors will be publicly recognized for their involvement in developing the ontology.
