Why Protecting the Elderly Is a Cybersecurity Problem We Don’t Talk About Enough
I spend a lot of time adjacent to cybersecurity conversations. Not as a practitioner.
But as someone who listens closely to the people doing the work—
the frameworks, the threats, the tools… and the motivations behind them. What we talk about far less is who we’re protecting—and why that matters.
Recently, I sat down for a short interview with Rhett Graham, a cybersecurity professional whose reason for entering the field isn’t rooted in technology at all. It’s rooted in people.
Specifically: older adults.
“I wanted to stop the elderly from getting scammed by nefarious individuals.”
No buzzwords.
No posturing.
Just a clear, human reason for doing the work.
The Real Threat Isn’t Sophistication — It’s Asymmetry
When Rhett talks about cybersecurity threats, he doesn’t start with nation-state actors or zero-day exploits. He starts with education gaps.
“Lack of education is the biggest hurdle when it comes to protecting the elderly.”
That tracks with what many of us already know—but rarely say plainly: Most scams don’t succeed because they’re technically brilliant. They succeed because the person on the other end doesn’t know what to look for—or doesn’t expect malice.
Vishing.
Phishing.
Caller ID spoofing.
Urgent “help” emails that look just real enough.
For people who didn’t grow up immersed in digital systems, the playing field isn’t just uneven—it’s tilted. Rhett’s approach is practical, educate not just the individual, but the people around them. Caregivers. Family members. Anyone likely to be a second set of eyes.
Because cybersecurity, at this level, is a team sport.
Simple Controls Beat Complex Solutions
One of the things I appreciated most in our conversation was how grounded Rhett’s advice is. No expensive software. No complicated setup. No assumption that everyone wants—or needs—to become “tech savvy.”
Just simple guardrails:
- Silence unknown callers
- Only open emails you’re expecting
- Treat unsolicited contact with default skepticism
These aren’t advanced techniques. They’re behavioral controls—and they work precisely because they reduce exposure rather than relying on perfect judgment. In security terms, this is risk reduction 101. In human terms, it’s compassion.
Zero Trust Isn’t Just for Enterprises
When I asked Rhett for a closing thought—something he’d want readers to walk away with—his answer was short and telling. “Institute a zero-trust policy for unknown callers or unknown emails.” Zero Trust has become a corporate buzz phrase, but at its core it’s a mindset. Don’t assume good intent just because something looks familiar.
Applied at home, that principle can prevent devastating financial and emotional harm—especially for people who are disproportionately targeted and less likely to recover from losses.
Why This Perspective Matters
Cybersecurity needs more voices like Rhett’s. Not because he claims to have all the answers—but because he’s solving the right problem. Protecting vulnerable populations isn’t flashy work. It doesn’t always show up in metrics or dashboards.
But it matters. And for organizations looking to hire in this space:
values-driven thinking like this isn’t a “nice to have.”
It’s foundational.
If the future of cybersecurity includes more people who start with who they’re protecting—not just what they’re defending—we’ll all be better off.
***this post was compiled by my two agents, Julie-ish for the interview and Gio wrote this from the transcript. Julie (me) was the human in the loop for review, edits, and posting***
Leave a Reply