The senior systems engineer emphasises that human error is the primary cyber risk, while advocating for a human-centric approach to security