David Shipley
David Shipley is an award-winning entrepreneur who loves working at the intersection of the liberal arts and technology.
In 2016, David co-founded Beauceron Security with an innovative approach to cybersecurity awareness This approach empowers everyone within an organization to know more and care more about their crucial role in protecting against cyber-attacks. Beauceron Security now serves more than 1,200 clients across North America, Europe, and Africa, and over 1 million people have benefited from their work.
Before co-founding Beauceron Security, David was the security lead for the University of New Brunswick and developed its incident response, threat intelligence, and awareness practice.
He is a Certified Information Security Manager (CISM), a former journalist, and a Canadian Forces veteran. He was awarded the Queen's Diamond Jubilee Medal and King Charles III Coronation Medal for his service to Canada and his work in cybersecurity.
David regularly contributes to the Cybersecurity Today podcast and appears frequently in the media to help explain cybersecurity stories.
Session
Forget the tired “PEBKAC” jokes—your next breach won’t happen because people are stupid, but because their brains are running exactly as designed.
This session weaponizes cognitive science and a dataset of 1 million users experiences with phishing simulations and 170,000 people's answers to perceptual surveys to show how attackers hijack four predictable bugs in wetware: optimism bias (“not me”), Dunning‑Kruger (a dash of training → god‑mode confidence), and the newly quantified technology bias—the reckless belief that EDR, AI mail filters, or zero‑trust pixie dust catch everything. You’ll see why users who score high on tech bias click links 140% more often, and why click‑through rates double if phishing simulations pause for just three months. Then we flip the script: continuous “people‑patching,” instant dopamine‑hit feedback loops, and neuroscience-based hacks that drop real‑phish clicks 8× while tripling report rates. We'll also show how to prove the ROI for moving from security awareness to motivation, while also demonstrating how humans can show the flaws in your security stack, like how many phishes leaked past your e-mail filters