InspireCyber

Case Study - Human Risk Management at Atlassian

Leading end-to-end cybersecurity training and awareness at Atlassian, transforming human risk through strategic program design, phishing simulations, and targeted security education across the organisation.

Client
Atlassian
Year
Service
Human Risk Management, Security Awareness & Training

Overview

At Atlassian, human risk represents one of the most dynamic and challenging aspects of cybersecurity. As the sole Human Risk Management professional, the mandate was clear: build, deliver, and evolve a comprehensive Cyber Security Training and Awareness Program that measurably reduces risk and empowers every employee to become a capable line of defense.

This wasn't about rolling out generic security training. It was about architecting a human risk strategy from the ground up - one that aligned with Atlassian's culture, risk profile, and business objectives. From program vision and strategic planning through to hands-on delivery and continuous improvement, every element was designed to address real threats with targeted, effective interventions.

The result was a mature, data-driven program that transformed how Atlassian approached human risk, embedding security awareness into the fabric of the organisation and making cybersecurity accessible, relevant, and actionable for everyone.

Strategic Program Development

The foundation of effective human risk management is a well-architected strategy. This meant developing a comprehensive program framework that encompassed:

  • Risk-Based Program Design: Mapping the threat landscape to organisational risk profiles, ensuring training and awareness initiatives addressed the most critical human vulnerabilities
  • Phishing & Simulation Programs: Designing and executing targeted phishing campaigns that tested, measured, and improved employee resilience against social engineering attacks
  • Bespoke Security Content: Creating custom security awareness materials tailored to different roles, risk levels, and learning preferences across the organisation
  • Measurement & Iteration: Establishing metrics to track program effectiveness, behavioral change, and risk reduction over time

Every initiative was built with clear objectives, measurable outcomes, and a focus on sustainable behavior change rather than checkbox compliance.

Bridging Technology and People

One of the most critical aspects of the role was acting as a translator between the cybersecurity team and the broader business. Technical security controls, policies, and incident documentation mean little if they can't be understood and acted upon by those they're designed to protect.

This involved:

  • Stakeholder Engagement: Building relationships across the business to understand operational realities, gather feedback, and ensure security initiatives were practical and adoptable
  • Communications Leadership: Leading communications for major cybersecurity initiatives, translating complex technical concepts into clear, digestible guidance that enabled action
  • Training Delivery: Conducting targeted training sessions including privileged access management education, ensuring high-risk users understood their responsibilities and the controls in place to protect them
  • Change Management: Embedding security awareness into business-as-usual operations, ensuring new cybersecurity initiatives were understood, adopted, and sustained across teams

The goal was always clarity and empowerment - making security accessible without diluting its importance.

Delivering Measurable Risk Reduction

Human risk management is only effective if it delivers measurable outcomes. Throughout the program lifecycle, a relentless focus on data and continuous improvement ensured that initiatives weren't just well-intentioned - they were effective.

Key achievements included:

  • Quantifiable improvements in phishing simulation results, demonstrating increased employee vigilance and reporting rates
  • High engagement rates in security awareness training, indicating successful alignment with user needs and organisational culture
  • Reduced incident rates related to human error, showing tangible risk reduction
  • Strong feedback from stakeholders on the clarity and usefulness of security communications and training materials

This data-driven approach enabled informed decision-making, program refinement, and clear demonstration of value to leadership and the broader business.

What we did

  • Human Risk Management Strategy
  • Phishing & Simulation Programs
  • Security Awareness Content Development
  • Training Design & Delivery
  • Stakeholder Engagement & Communications
  • Change Management
  • Privileged Access Management Training

In Conclusion

Human risk management at scale requires more than awareness - it demands strategy, clarity, and a deep understanding of both people and technology. At Atlassian, this meant building a program that didn't just educate but empowered, turning every employee into an active participant in the organisation's cybersecurity posture.

The work demonstrates that with the right approach, human risk can be measurably reduced, security can be made accessible, and technical complexity can be translated into practical action. It's a testament to what's possible when cybersecurity meets human-centered design, strategic thinking, and relentless execution.

More case studies

Speaker at Festival of Business Analysis 2025

Presenting at IIBA's flagship professional development event, exploring how power skills and strategic stakeholder engagement remain essential for business professionals in an AI-enabled world.

Read more

AgileAus23 Talk

Christina steps on stage at AgileAus23 to present "Empowering Agile leaders to enable integrated cybersecurity practices."

Read more

Tell us about your cyber security challenges

Reach out to us

We’re here to help