The Human Side of Cybersecurity: Wondros President Kiersten Todt on Take9
Cybersecurity threats are evolving – and getting smarter. Most traditional approaches fall short of addressing the human behaviors that make us vulnerable. But, the Take9 campaign is flipping the script – shifting the conversation from technical jargon to everyday actions. Its message is simple: take nine seconds before you click, respond, or react. It’s a small pause, but the reward is big. Take9 shows that securing our digital world starts with small, everyday choices anyone can make.
In this Q&A, Wondros President Kiersten Todt – set to speak at RSA Conference 2025 – dives into how Take9 is changing the way we think about cybersecurity, the power of storytelling, and why intentionality might just be our best defense.
What makes Take9’s approach to cybersecurity different from traditional campaigns?
Kiersten: Take9 is a cybersecurity public awareness campaign focused on accessible human behavior, rather than a checklist of rules to follow. Through our research, we learned that if people can just take a moment to pause before acting, they can avoid falling into traps like phishing scams or other cyber threats. It’s not just about cybersecurity—it’s about teaching a behavior that applies to so much of life. That’s what makes this campaign stand out.
How did you land on the idea of pausing for nine seconds?
Kiersten: It came from listening to experts across different fields, from chief information security officers to behavioral psychologists. The concept is rooted in research that shows how a brief moment of discomfort—about eight to ten seconds—is often all it takes to shift from a reaction to a thoughtful response. That pause allows your intuition and logic to work together, reducing the likelihood of making impulsive decisions that could lead to harm.
Why focus on human behavior rather than technical solutions?
Kiersten: Technical solutions are a vital piece of this, of course, but they’re not the whole story. The majority of cyber incidents happen because of human error, and not because someone didn’t have the right software. People are often vulnerable because of urgency—they’re rushed, stressed, or distracted. By addressing the human side of cybersecurity, we’re tackling the root cause of many issues. The nine-second pause gives people a chance to recalibrate, step back, and recognize potential threats before they act.
“We’re not just helping people stay secure online; we’re also encouraging a healthier relationship with technology overall.”
How does Take9 address the broader cultural urgency to always act quickly?
Kiersten: That’s a huge part of the challenge. We live in a culture where everything feels immediate—emails demand instant replies, notifications pull us in constantly. Take9’s message is countercultural in a way. It’s saying, “You don’t have to respond right away.” By normalizing this pause, we’re not just helping people stay secure online; we’re also encouraging a healthier relationship with technology overall.
What role does storytelling play in the Take9 campaign?
Kiersten: Storytelling is at the heart of this campaign. People learn best through stories—real, relatable examples of situations they might find themselves in. Whether it’s someone avoiding a phishing scam or realizing the importance of double-checking a suspicious link, these stories make the lessons memorable. The narrative approach also humanizes cybersecurity, which can often feel abstract or intimidating.
Where do you see Take9 going in the future?
Kiersten: The goal is to build a movement. We want this idea to extend beyond cybersecurity—into education, mental health, even workplace productivity. The nine-second pause has so much potential as a universal behavior. My ambition is that we collect stories from people saying, “Because of Take9, I avoided this scam,” or “I made a better decision.” Those personal testimonials will show that this isn’t just a campaign; it’s a way to create real, lasting change.