How do we change cybersecurity behaviour rather than simply improve awareness? In this episode, Julia Prümmer joins Cybercrimeology to discuss cybersecurity training through the lens of psychology, systematic reviews, and behavioural theory. The conversation examines why many training programmes improve knowledge and attitudes but struggle to produce sustained behavioural change, and how differentiating between types of cybersecurity behaviour may lead to more effective interventions.

What leads someone from early curiosity in technology to criminal hacking? Dr Melissa Martineau joins us to discuss cyber profiling, pathways into cyber dependent offending and what distinguishes those who drift toward crime from those who enter cybersecurity. We talk about motivations, early developmental factors and what her research reveals about opportunities for prevention and diversion.

We speak with Dr Grant Ho from the University of Chicago about a large-scale field evaluation of anti-phishing training inside a major health organisation. The conversation examines annual awareness training, embedded “teach-at-click” exercises, and the role that engagement plays in any observed benefit. We also discuss how to measure programme value realistically and why careful experimental design matters when organizations make investment decisions.

How do insider-risk programmes work when they are built around people, not just data? Dr Deanna D. Caputo, Chief Scientist for Insider Threat Capabilities at MITRE, explains what multidisciplinary, human-centred insider-risk work looks like in real organisations, why user-activity data has limits, and how carefully designed field experiments can improve reporting and detection. We also touch on new research exploring whether typical insider-risk telemetry contains early indicators of suicide risk.

How do cybercriminals decide which targets to pursue, and how can researchers study these decisions in real time? In this episode, we talk with **Daniëlle Stibbe** a PhD Candidate and researcher at the Netherlands Institute for the Study of Crime and Law Enforcement (NSCR). Daniëlle shares her journey from psychology to criminology and explains her work using honeypots, leaked credentials, and online experiments to examine offender behaviour. We also discuss the challenges of running experiments in digital environments, and what her work on the impact of large-scale police operations like *Operation Cookie Monster* reveal about risk perception and adaptation in online criminal forums.

What does influence look like when there are no formal memberships, no application processes, and no leaders? In this episode, Dr. Francesco Carlo Campisi shares insights from his doctoral research on how deviant online movements like Anonymous and QAnon mobilize participation using social media. We talk about emotional engagement, visibility as a resource, and how theory can help us understand participation in loosely organized but powerful digital collectives.

In this episode we have a wide ranging discussion on the human in cybersecurity with Dr. Iain Reid from the University of Portsmouth. We get into the application of psychology to cybersecurity including deception, risk perception, and responsibility We talk about who carries the burden of defence, how software developers think about security, and what deception looks like in both cybercrime and cyberwarfare.

What can leaked internal messages from a ransomware group reveal about how cybercrime operations really work? In this episode, Estelle Ruellan discusses the analysis of the tens of thousands of chat messages leaked from the Conti ransomware group she created with colleagues. They to mapped the internal roles and communication patterns of this group using natural language processing and Latent Dirichlet Allocation analysis to better understand this notorious ransomware-as-a-service outfits. We explore this interesting analysis method, what it uncovered, and howMs Ruellan’s quest to make cybercrime more understandable with data visualization.

When fake science can be bought, what happens to the value of real research? Dr. Sarah Eaton from the University of Calgary and Dr. Sabina Alam from Taylor & Francis discuss the collaborative efforts of United2Act.org to combat the global threat of scientific paper mills. We explore what these organizations are, how they operate, and what can be done to push back against fraudulent publishing in the digital age.

What happens when people get tired of cybersecurity? Dr. Andrew Reeves from the UNSW Institute for Cyber Security joins us to explore how psychological principles—like fatigue, reactance, and decision-making under pressure—shape both how users engage with cybersecurity and how attackers and defenders can exploit them. We talk about what goes wrong with security training, why users push back against well-meaning policies, and how simple design choices can reduce cognitive load and increase compliance. Dr. Reeves also shares his work on cyber deception and how defenders can turn the tables, using stress, uncertainty, and time pressure to mislead attackers inside networks. This episode weaves together user behavior, system design, and attacker psychology into a broader conversation about how we shape—and are shaped by—the security systems we live with.

How can we encourage businesses to tackle cybersecurity? In this episode, we speak with Dr. Susanne van ’t Hoff-de Goede, Associate Professor at the Centre of Expertise Cyber Security in The Hague University of Applied Sciences. Susanne’s work focuses on the human factor in cybercrime—whether examining online victims, offenders, or the law enforcement response. Here, she introduces an innovative “low-threshold” cybersecurity intervention experiment that scanned company websites and sent tailored risk reports through traditional mail. We explore what worked, what didn’t, and how she plans to refine the approach to get more businesses proactively engaged in their cybersecurity.

In this episode we have a conversation with Dr. Thomas Dearden from Virginia Tech to delve into the sociological underpinnings of cybercrime, discussing how strain and anomie theories interact with the motivations behind online offending. We talk about the nuances of these theories, how they can shed light on cybercrime, the their potential for cybercrime prevention. Recorded at the Human Factors in Cybercrime Conference, the discussion also touches on some ongoing work focusing on the use of honeypots to study cybercriminal behaviour.

What is an ethical hacker, what do they do and how does their journey to this point unfold? Dr. Marleen Weulen Kranenbarg joins us to discuss her research towards discovering the overlaps in pathways to the positive and negative cyber behaviors among ethical hackers. We explore the nuances of ethical hacking, the factors influencing the choice of a positive path, and the challenges faced by schools and organizations in supporting ethical cybersecurity practices.

What does it take to improve law enforcement’s response to cybercrime? Dr. Tom Holt from Michigan State University discusses his efforts to develop an evidence-based training center for police officers tackling cyber-enabled and cyber-dependent crimes. From identifying gaps in local law enforcement training to bridging the divide between academic research and real-world needs, Dr. Holt shares the challenges and opportunities in this critical area.

In this episode, Asier Moneva, a cybercrime researcher at the Netherlands Institute for the Study of Crime and Law Enforcement (NSCR) and the Center of Expertise Cyber Security at The Hague University of Applied Sciences, discusses the transformative principles of open science. Asier explores how transparency and replicability can shape a more credible and collaborative research environment, sharing his experience with open science practices such as preregistration, registered reports, and open-access data. We discuss the challenges in open science such as those posed by academic pressures, like the 'publish or perish' culture, and highlight how open science practices benefit both researchers and the public.

Ever wonder how much influence movies have on your cybersecurity habits? In this episode, Maike Raphael, a PhD student and researcher at the University of Hannover, joins us to discuss her fascinating research into how films depict passwords and cybersecurity. We explore the impact of these depictions on public understanding, what makes a good password (and what doesn't), and how media shapes our perceptions of cyber risks. Raphael’s analysis covers a dataset of over 97,000 movies and reveals some surprising trends about the intersection of film and cybersecurity awareness.

In this episode, we dive into the fascinating world of signaling theory with Judith Donath, a faculty advisor at the Berkman Klein Center for Internet & Society at Harvard University and author of The Social Machine. We explore signaling theory and its roots in biology and human communication and how it applies to today's digital ecosystems. With the rapid advancement of AI, deep fakes, and machine learning, the integrity of communication and signals is more crucial than ever. How can we distinguish between genuine signals and those designed to deceive us?

In this episode, we sit down with Dr. Miranda Bruce, to discuss research mapping the global landscape of cybercrime and the importance of understanding local factors that contribute to digital offenses. She discusses the challenges of measuring cybercrime, the innovative use of expert surveys, and the development of the World Cybercrime Index.

In this episode of Cybercrimeology, we speak with Dr. Laura Huey, Professor of Sociology at the University of Western Ontario, about the rising phenomenon of cyber cop baiting and its impact on law enforcement. Dr. Huey delves into the difficulties faced by police officers, the spread of misinformation, and the role of right-wing extremism in targeting police offline for online. Join us as we explore the complexities of policing in the digital age and the importance of evidence-based research in addressing these challenges.

In this episode of Cybercrimeology, we are joined by Joakim Kävrestad, an Assistant Professor of Computer Science at the School of Engineering, Jönköping University in Sweden. Joakim shares his journey from a technical background in networking and cybersecurity to focusing on the societal and psychological aspects of security. He discusses his innovative work on Context-Based Micro-Training (CBMT), a method that enhances cybersecurity training by delivering relevant information to users at the precise moment they need it. We discuss the design science approach to research and compare our favourite pieces of bad cybersecurity advice.