Course Description:
This course examines the psychological, behavioral, and social engineering aspects of cybersecurity. Through the lens of human factors and personality psychology, students explore how individuals become targets for cyberattacks, particularly phishing and other manipulative tactics. By integrating theoretical insights and practical demonstrations—including open-source intelligence (OSINT) gathering and personality-based vulnerability profiling—participants will develop critical awareness and defense strategies to mitigate the human-side risks of cyber threats.
Learning Outcomes
Knowledge By the end of this course, learners will be able to:
- Explain the psychological foundations of social engineering and cyber manipulation, including the role of cognitive biases and heuristics.
- Describe major personality models (e.g., Big Five, SEPF) and their relevance to cybersecurity vulnerabilities.
- Identify the principles and lifecycle of phishing and spear-phishing attacks, including emerging AI-enhanced strategies.
- Understand OSINT concepts and how personal information can be collected and misused in cyberattacks.
Skills By the end of this course, learners will be able to:
- Analyze personality traits to assess susceptibility to social engineering using tools like the BFI-2 and SEPF.
- Apply OSINT frameworks and tools to simulate information gathering for vulnerability analysis.
- Evaluate phishing emails using scales such as the NIST Phishing Scale and apply protective countermeasures.
- Conduct structured assessments of digital overexposure and identify potential social engineering attack vectors.
Attitudes By the end of this course, learners will be able to:
- Demonstrate ethical responsibility in the use and discussion of OSINT and social engineering methods.
- Reflect on personal digital behaviors and their influence on cybersecurity risk.
- Foster a human-centric cybersecurity culture that values psychological literacy and prevention.
- Critically assess the social consequences of personality profiling and data overexposure in digital environments.
- Trainer/in: Ric Lugo
As a part of the CyberSecPro project, this seminar on Human Factors in Cybersecurityexamines the psychological, social, and organisational influences on security-related behaviour and decision-making. Participants will explore how human vulnerabilities are exploited by cyber attackers and how these risks can be addressed through a stronger understanding of communication, culture, and collaboration within organisations. Maritime case studies are used as examples
- Trainer/in: Ric Lugo
Session Details
1.      Session Title:
CSP002: Human Aspects of Cybersecurity: Social Engineering, Personality, and Vulnerability
2.      Session Description:
This session explores the human-centred vulnerabilities in cybersecurity, focusing on how social engineering attacks exploit individual traits, online behaviours, and social media footprints. Students will gain hands-on experience using OSINT (Open Source Intelligence) tools to identify personal and organizational exposure, analyse personality profiles using the Social Engineering Personality Framework (SEPF), and design spearphishing campaigns guided by the NIST Phishing Email Scale. Students will learn to map the intersection between personality, technology use, and social vulnerability, ultimately strengthening their understanding of how human factors shape cybersecurity risks and defences and ethical aspects of this knowledge. Group presentations will demonstrate their findings and propose countermeasures.
Key Learning Objectives:
Knowledge (students will understand):
- The key principles of social engineering and how attackers exploit human vulnerabilities.
- The psychological underpinnings of persuasion, including Cialdini’s principles and the Big Five personality traits.
- How OSINT tools reveal online exposure and potential exploitation points in social media and public data.
- How to assess phishing susceptibility using the NIST Phishing Email Scale and tailor attacks (and defenses) based on personality profiles.
Skills (students will be able to):
- Use the OSINT Framework to systematically gather open-source intelligence on individuals and organizations.
- Apply the Social Engineering Personality Framework to profile targets and predict susceptibility to influence tactics.
- Design realistic spearphishing emails and campaigns aligned with NIST phishing evaluation metrics.
- Critically analyze and present findings from simulated social engineering exercises, including ethical and legal considerations.
Abilities (students will develop capacity to):
- Identify personal and organizational digital vulnerabilities and recommend practical mitigation strategies.
- Synthesize psychological theory with real-world cybersecurity practices to anticipate human-centered threats.
- Communicate complex cybersecurity risks to diverse audiences, including technical and non-technical stakeholders.
- Reflect on ethical boundaries and develop a responsible, security-conscious mindset when engaging with sensitive data.
- Trainer/in: Ric Lugo

This course navigates through the human aspects of maritime cybersecurity, examining the psychological, social, and organizational influences on security practices and decisions in a maritime context. Attendees will uncover insights into human vulnerabilities that cyber attackers target in maritime operations and acquire methods to cultivate a cybersecurity-aware culture within maritime organizations. It further highlights the vital importance of communication and collaboration at strategic, operational, and tactical levels specific to the maritime sector. Participants will investigate how proficient communication between maritime domains and effective decision-making can strengthen cybersecurity measures in maritime operations.
Upon  successful completion of this module the learner  will be expected to be able to:
Knowledge:
•    Gain an understanding of the psychological, social, and organizational elements that shape cybersecurity actions within the maritime domain.
•    Understand the critical role of communication and teamwork in bolstering maritime cybersecurity across different sectors.
•    How decision-making frameworks are used at strategic, operational, and tactical levels within maritime cybersecurity.
•    Recognize the profiles and strategies of adversaries targeting maritime operations.
•    Evaluate human-related threats and vulnerabilities in maritime contexts.
Competencies:
•    Understand the discussions pertinent to maritime cybersecurity at various levels of decision-making.
•    Cultivate an environment of transparent communication and teamwork focused on maritime cybersecurity.
•    Reflect on cybersecurity decision-making with the understanding of how human factors are related in the maritime arena.
•    Identify human-centric threats and vulnerabilities in maritime operations.
- Trainer/in: Kitty Kioskli
- Trainer/in: Ric Lugo
- Trainer/in: Nineta Polemi
- Trainer/in: Paresh Rathod
- Trainer/in: Stefan Schauer
This course explores the tactical and strategic use of open-source intelligence (OSINT) within the context of maritime cybersecurity. Learners will investigate how OSINT can be leveraged for data collection, threat identification, and vulnerability analysis specific to maritime operations. Emphasis is placed on understanding threat actors, legal implications, AI-driven OSINT tools, and mitigation strategies. Through real-world maritime scenarios, participants will gain the analytical and ethical competencies to defend against cyber threats arising from public data exposure and social engineering techniques.
 
Learning Outcomes (By the end of this course, learners will be able to):
Knowledge
- Explain the concept and stages of open-source intelligence (OSINT) and its relevance to maritime cybersecurity.
- Identify the types of publicly accessible data and platforms used for maritime OSINT (e.g., AIS tracking, social media).
- Describe common threat actors, including hackers, nation-state actors, and insiders, and their OSINT exploitation strategies
- Interpret international regulations (e.g., NIS2, GDPR, NIST) relevant to maritime cybersecurity and personal data protection.
Skills
- Conduct structured OSINT investigations using maritime tracking tools and social platforms to build intelligence dossiers.
- Analyze OSINT-derived data to detect potential vulnerabilities and threats (e.g., phishing vectors, misinformation).
- Utilize AI tools and automation techniques to process large datasets for real-time threat monitoring.
- Apply mitigation strategies to secure sensitive maritime operational and personal data from OSINT-based attacks.
Attitudes
- Demonstrate awareness of ethical and legal boundaries in collecting and using open-source intelligence
- Recognize the importance of cyber hygiene and privacy-preserving behavior among maritime personnel
- Appreciate the role of human behavior and social engineering in OSINT vulnerability.
- Foster a proactive cybersecurity culture in maritime contexts, encouraging vigilance and accountability.
- Trainer/in: Ric Lugo
This course explores the tactical and strategic use of open-source intelligence (OSINT) within the context of maritime cybersecurity. Learners will investigate how OSINT can be leveraged for data collection, threat identification, and vulnerability analysis specific to maritime operations. Emphasis is placed on understanding threat actors, legal implications, AI-driven OSINT tools, and mitigation strategies. Through real-world maritime scenarios, participants will gain the analytical and ethical competencies to defend against cyber threats arising from public data exposure and social engineering techniques.
Knowledge
- Explain the concept and stages of open-source intelligence (OSINT) and its relevance to maritime cybersecurity.
- Identify the types of publicly accessible data and platforms used for maritime OSINT (e.g., AIS tracking, social media).
- Describe common threat actors, including hackers, nation-state actors, and insiders, and their OSINT exploitation strategies.
- Interpret international regulations (e.g., NIS2, GDPR, NIST) relevant to maritime cybersecurity and personal data protection.
Skills
- Conduct structured OSINT investigations using maritime tracking tools and social platforms to build intelligence dossiers.
- Analyze OSINT-derived data to detect potential vulnerabilities and threats (e.g., phishing vectors, misinformation).
- Utilize AI tools and automation techniques to process large datasets for real-time threat monitoring.
- Apply mitigation strategies to secure sensitive maritime operational and personal data from OSINT-based attacks.
Attitudes
- Demonstrate awareness of ethical and legal boundaries in collecting and using open-source intelligence.
- Recognize the importance of cyber hygiene and privacy-preserving behavior among maritime personnel.
- Appreciate the role of human behavior and social engineering in OSINT vulnerability.
- Foster a proactive cybersecurity culture in maritime contexts, encouraging vigilance and accountability.
- Trainer/in: Ric Lugo