Cyber, Sourdough, and Stress: My Two Days at the International Cyber Expo

CAREER
Written By Hannah Nairn

The Basics

What: International Cyber Expo (co-located with the International Security Expo)
Where: London, in-person — real humans, real coffee, real badge lanyards.
When: 30th September – 1st October 2025
Perk: One free ticket got you access to both expos — like a 2-for-1 deal, but with firewalls and threat intel instead of fries and a milkshake.

Why I Went

I didn’t just go for the free swag (though, shoutout to whoever gave out the socks). My main goals were:

  • To see what the rest of the world is doing in cybersecurity beyond my own bubble.

  • To catch up on the latest trends, tools, and buzzwords.

  • And, honestly, to compare how we’re doing against what’s considered cutting-edge right now.

Key Takeaways (a.k.a. “Stuff That Made My Brain Go Hmm”)

Human Trust Is Still the Weakest Link

Urgency, authority, and familiarity — the holy trinity of phishing lures — are alive and well.

Even when people know they’re talking to an AI, they’ll still emotionally bond with it (see: “The Sourdough Experiment,” where an AI grandma built a wholesome online baking community). Humans: delightfully irrational since forever.

Behavioural Science > Boring Training

The era of annual “click next 12 times to finish your cybersecurity training” is over.

Continuous micro-engagements, nudges, and behavioural models (MINDSPACE, EAST, BJ Fogg) are making security stickier — and not just for users, but for developers too.

Burnout = Breaches Waiting to Happen

Tired devs write risky code.

Organisations are finally realising that psychological safety is as important to security as any patch or firewall. No one does their best threat modelling when they’re one Jira ticket away from an existential crisis.

Threat-Led Penetration Testing (TLPT)

Traditional pentests? Cute.

TLPT takes things up a notch simulating real attacks, across supply chains, with business-critical impact. It’s less “find some CVEs” and more “can your company actually survive this scenario?”

Resilience Is About Systems, Not Silos

Digital twins and scenario modelling are being used to stress-test critical infrastructure.

It’s not about fixing isolated bugs anymore — it’s about making sure the whole digital ecosystem doesn’t fall apart like Jenga in a storm.

Ransomware Still Rules the Incident Response Charts

Ransomware (usually with data exfiltration), BEC, and intrusions make up 95% of IR cases.

Good news: backup recovery rates are looking solid. Bad news: attackers are getting nastier about leaking your data when you don’t pay.

From “Don’t Click That” to “Bounce Back Fast”

Security isn’t just about prevention anymore. The focus is shifting to recovery — technical, operational, and human. Because even the best defences sometimes fail, and resilience is what decides whether you have a bad day or a bad year.

Talks That Stuck With Me

1. The Sourdough of Trust

An AI granny posts a sourdough recipe on Facebook. People connect, share, and form a community. Then plot twist, she’s revealed to be AI.

Nobody cares. The emotional connection was real.

Takeaway: humans trust what feels authentic, even if it’s synthetic.

2. Engaging People with Proactive Nudges

Nudge theory in action — pop-ups like:

“You haven’t interacted with this sender before. Sure you want to click that?”
Way more effective than annual training slides you forget five minutes later.

3. From Human Risk to Ransomware

Top 3 incident types: ransomware, BEC, and intrusions.

Fun(?) fact: 96% of ransomware cases involve data exfiltration, and 68% of that data gets recovered from backups.

4. Threat-Led Pen Testing: Because Normal Pentests Are Boring Now

This is where testing gets real. Instead of hunting hypothetical bugs, TLPT simulates actual attack scenarios with live systems, real stakes, and uncomfortable truths.

5. Ctrl+Alt+Defend: Breaking the Developer Burnout Cycle

Developer stress leads to insecure code.

Psychological safety encourages people to speak up when something feels off.

Moral of the story: take care of your devs, and they’ll take care of your security.

6. Recovering After a Terrorist Attack

A sobering reminder that “incident response” isn’t just for cyber incidents — it’s about the full spectrum of recovery: people, places, and community.

7. Securing Critical National Infrastructure

If trains go down, buses and taxis follow within hours.

Digital twins are being used to model these dependencies — but only if you can actually interpret the mountain of data they generate.

What I’m Taking Away

Here’s what I’m chewing on after two days of cyber chaos and caffeine:

  • Digital twins aren’t just cool tech toys they’re critical for resilience planning.

  • Behavioural nudges can make security awareness less painful and more effective.

  • TLPT feels like the future of pentesting — realistic, ugly, and necessary.

  • Human connection is both our biggest strength and our biggest risk.

Final Thoughts

The International Cyber Expo wasn’t just a showcase of shiny new tools and acronyms; it was a reminder that security isn’t purely technical.

It’s human, messy, behavioural, and emotional.

And sometimes, it starts with a loaf of AI sourdough.

Hannah Nairn
Next

Shared Responsibility in the Cloud: Why It’s Still Misunderstood