This week, I spent two full days at the National Cyber Security Show at the NEC—not to speak, not to exhibit, just to be in the room. It’s easy to get stuck in your own lane. A couple of days surrounded by different voices, ideas, and challenges was exactly what I needed.
And honestly? It was worth every minute.
I’ve been in and around cybersecurity education for years, but what stood out this time wasn’t just the technology on display. It was the tone of the conversations happening in the background. More and more people are starting to realise that cybersecurity isn’t just about firewalls and frameworks—it’s about people.
Mental Health + Cybersecurity: A Powerful Connection
One of the most memorable talks I attended was by Jasmine Eskenzi from The Zensory, who spoke about combining cyber awareness training with mental wellbeing. She talked about emotional regulation, stress, and the very human realities of working in digital environments.
It struck a chord.
At Cyber Rebels, we’ve always said that you can’t expect someone to spot a phishing email if they’re running on empty. Behaviour change doesn’t happen in a vacuum—it happens when people feel clear-headed, confident, and supported. Training that ignores the human side of security is missing the point.
UNBORING, and Unforgettable
Another brilliant talk came from Sara Carty at UNBORING, who made the case for using marketing principles to drive cyber awareness. Not fear. Not shame. Communication.
She challenged the idea that awareness training has to be dry or technical to be taken seriously. Her message? If we want people to care, we need to give them a reason. We need to stop writing content for compliance checklists and start creating experiences that people actually remember.
Yes. All of that.
Because for me, awareness has never been about ticking boxes. It’s about changing behaviour—and that only happens when we speak human.
Why This Matters to Me (and to You)
I spoke to vendors, educators, consultants and business leaders. And there was a recurring theme: cyber threats are growing, yes—but most businesses still don’t feel equipped to handle the human element. They know their people are their biggest risk… and also their biggest asset.
That’s why I do what I do.
At Cyber Rebels, we focus on human-first cybersecurity awareness—training that connects, makes sense, and actually sticks. We don’t just show people what a phishing email looks like—we help them understand why they clicked. And how to do better next time.
It’s not about scaring people. It’s about empowering them. That’s what real awareness looks like.
What I Took Away
After two days of soaking up ideas, talking to like-minded people, and hearing from speakers who genuinely get it, here’s what I walked away with:
🔹The cybersecurity conversation is shifting toward people, not just products.
🔹There’s more space than ever for creative, behaviour-led training that actually works.
🔹And there’s still a huge need for clear, jargon-free education that meets people where they are.
That’s where we come in. And that’s why I’m more energised than ever to keep pushing forward.
💬 Let’s Talk
If you’re a business owner, a team leader, or someone who’s just had enough of the same tired “cyber awareness month” emails—let’s talk.
We build training that’s real, relevant, and built for how people actually work. And we’d love to help you protect what matters most.
Director of Training and Development, Cyber Rebels.
Andy Longhurst is the founder of Cyber Rebels and a cybersecurity practitioner and educator focused on how risk actually shows up in real organisations. His work sits at the intersection of digital safety, education, and practical risk management — helping teams understand not just what policies say, but what happens in the moments where decisions are made under pressure.
With a background spanning adult education, web development, and technical consultancy, Andy specialises in translating complex security concepts into clear, usable understanding. Rather than focusing solely on tools or compliance frameworks, his approach centres on human behaviour, judgement, and the systems that shape everyday choices.
He delivers live, interactive cyber awareness training for organisations of all sizes, from small businesses and education providers to public-sector teams and larger organisations operating in complex risk environments.
Outside of delivery, Andy spends his time analysing emerging attack patterns, refining training design, and exploring how organisations can build resilience that holds up in the real world — usually with a strategically sized cup of tea close to hand.
