Pop Quiz: How Many Bad Habits Did You Learn This Summer?

Orange Shoelaces and the Revolution of Small Choices

Defaults run the world. We just don't notice them doing it. But when we start to question the defaults in our lives and to set them so that they make our lives better, it can have a fantastic impact.

Even the small changes matter.

That insight hit me this month while reading an article from Greg Storey. It made me think about how I use search and why my shoe laces are orange. Too many of us sleepwalk through choices that shape our daily experience. Lisa Plaggemier from The National Cybersecurity Alliance reminded me that knowing better doesn't automatically lead to doing better. Her insights about why cybersecurity habits remain unchanged, even when we understand the risks, illustrate how we can trap ourselves with default behavior.

"Defaults are designed to be invisible. That invisibility is exactly why they're powerful."

Now, more about that Greg Storey article. He published a highly quotable piece: The Arialpocalypse: Default thinking ate the world. As usual, Greg's writing is fantastic, and I highly recommend you indulge yourself in some authentic writing.

At Black Hat, I interviewed Kyle Wilhoit for Threat Vector about Hacker Culture (we're aiming to have that episode ready by Thanksgiving!). Kyle constantly asks "What if" when he is working on challenging problems. What things are you leaving on default? What if you changed them?

Here are a handful of defaults I've changed that make things better for me.

1. Muted Slack alerts. The "Knock Brush" notification sound was making me massively anxious, especially when I'd hear it in TV commercials. More on this below.

2. I set the ambient lights in my Mach E to orange. It's not changing the world, but it makes me happy. I love me some orange. From the photo above: I swapped boring white laces for bright orange ones on my running shoes. It amuses me and has started quite a few conversations with other runners.

3. Switched Siri's voice to Northern England. Forget who told me to try this, but it makes my day when a cheery Brit gives me directions. As Redditor b7d says, "The new Siri - British Voice 3 in iOS 18.0 is hilariously incredible."

4. I dropped Google for DuckDuckGo (I did this years ago). The results are better! The amount of trash in Google results, never mind the invasive nature of their business model, is wild. DuckDuckGo is clean and fast. Side note: After listening to episode 809 of Mac Power Users with Kagi CEO Vladimir Prelovac, I'm very curious to try their search engine. As someone who spends a bit of my day around proper security types and folks that care about privacy, Privacy Pass from Kagi is a great idea. Sometimes a subscription model can unlock great UX.

"We even recently released something called Privacy Pass. It guarantees from a technical level that we don't know who the user searching is... It purely flows from the business model itself. We have literally no incentive to store user data." — Vladimir Prelovac

About that Slack sound

Check out this video from Iconic Sonic to understand what's wrong with Slack's default sound. To quote the video, the sound is a sonic design fail.

September Study Hall: Essential Listening

Since we're talking about going back to basics and changing defaults, here are three conversations that should be required listening for anyone trying to build better digital habits.

A Hacker's Insights on Your Privacy

Arjun Bhatnagar, CEO of Cloaked, breaks down why protecting your digital privacy is more urgent than ever. He shares practical advice you can use immediately and explains how personal data is collected and why security posture matters in our hyper-connected world.

Secure Your Summer: Top Cyber Myths, Busted

Lisa Plaggemier, Executive Director of the National Cybersecurity Alliance, dives into this year's "Oh Behave!" report and explains why cybersecurity habits remain unchanged even when we know better. Her insights about emotion, storytelling, and system design perfectly complement this month's theme about defaults and behavior change.

From Passwords to Proactive Security: Essential Tips for Educators

Mike Spisak, Technical Managing Director, tackles the cybersecurity challenges facing educational institutions. He shares actionable insights on improving security within budget constraints and building cyber-aware cultures. Essential listening for anyone trying to change organizational defaults.

And now some thoughts about AI

Listener Poll: How many AI tools are you currently using?

I want to hear from you. How many AI tools do you use today? You can use this Survey Monkey poll or comment below. Bonus points for anyone who shares the AI tools or services they cannot live without, OR the ones they are absolutely done with.

For those interested, this is a snapshot of the AI tools I am using.

• I'm currently juggling: Claude.ai, ChatGPT, VoicePal, Snipd, GoodNotes and Napkin AI. I am considering adding Notion AI to the mix.

• NotebookLM, Gemini, and Descript are in heavy rotation at work.

  I've tried and didn't like Apple Intelligence.

"Hallucination" should win awards for best marketing terms of this AI era. A lie rebranded as a "hallucination" is incredible.

This month, you'll notice I am including snippets from the podcasts I find valuable. I'm using Snipd to highlight moments in podcasts that are insightful and important. Those snips are added to a Notion database of I call Remarkable Content. If you want to see what podcasts I listen to and what I find interesting now you can.

Should we bully ChatBots?

Jay Schwedelson on Do This, NOT That: Marketing Tips: says we should.

Jay starts this episode by claiming we should yell at our chatbot, but then reveals that what we perceive as being mean is actually us giving the AI more content and input. "AI is like going to a doctor," and providing details, even in a mean way, allows it to deliver better answers. Makes sense, I guess

Do any readers find themselves frustrated with AI chatbots and resort to ALL CAPS or angry prompting? Sigh. Me too.

Maybe Perplexity will make all these chatbots and bespoke AI tools go away…

I doubt it, but maybe they can incorporate them into the tools we already use. Aravind Srinivas was on Decoder talking about the need for an AI browser (this was before it was announced they were making a $34.5 Billion Offer for Chrome). He made some rather compelling arguments. Give the episode a listen.

I like Aravind's thinking. It's going in the right direction. The idea that AI is the product feels off to me. AI can make the products, tools, and experiences we have better. But it needs context, access, an interface we understand, and a way to surface useful things. A browser can provide all of that.

Cybersecurity stories that caught my attention this month.

AI Security Theater Continues

An AI company releasing an update that pays no attention to safety or security.

I, for one, am shocked!

AI red-teaming company SPLX tested GPT-5 against over 1,000 attack scenarios – prompt injection, data poisoning, jailbreaking, data exfiltration. Their verdict? The default version is "nearly unusable for enterprises" out of the box.

Leadership's Cyber Knowledge Gap Widens

Cybersecurity deserves C-suite attention – especially as GenAI use grows and attacks become more sophisticated. The CISO role is shifting, data breaches are spiking, and tension across executive teams is growing.This connects directly to my recent Threat Vector conversation with Nigel Hedges, Executive General Manager of Cyber & Risk at Chemist Warehouse and Sigma Healthcare.

Nigel gets it: CISOsmust shift cybersecurity from a technical problem to a business priority. His approach? Align security strategies with enterprise goals, build trust with boards, and use storytelling to communicate risk. Culture, metrics, and communication aren't just nice-to-haves – they're vital to cyber resilience. The leadership gap isn't just about technical knowledge; it's about translation.

Looking Ahead

The real test isn't whether we can change our defaults, it's if we consider them and decide to keep them because they are the best OR change them to make things better for us. I'm curious how many will read this month's newsletter, or Greg's article, nod along, and then keep using Arial and that anxiety-inducing Slack sound.

But I do have hope. The same forces that make defaults so powerful can work in our favor. Every small intentional choice (switching to DuckDuckGo, muting notifications that steal a bit of your soul) creates momentum. The orange shoelaces aren't just about personal preference; they're low-stakes practice for bigger decisions.

I am a huge fan of the book Nudge by Richard Thaler and Cass Sunstein. Their work shows that we can actually design environments to make better choices easier. Their concept of "choice architecture" involves how small changes in presenting options can guide people toward beneficial decisions without restricting freedom. We need this mindset in our AI tools, but are not getting it… yet. The companies winning next year won't be the ones with the most features (there are already too many features), but the ones that help us make faster, better decisions through thoughtful design. As Arjun Bhatnagar pointed out in our privacy discussion, the companies that succeed will be those that make privacy and security the default, not an afterthought.

A question for you: What default are you going to change this week? Not plan to change, not think about changing. Actually change. Start small. Start today. The world runs on defaults until someone decides theirs should run differently.

Until next month, David

Also, if you change a default this month, I'd love to hear about it. Reply and let me know what shifted. If you're interested in the science behind why defaults are so powerful, Thaler and Sunstein's "Nudge" is essential reading for anyone trying to design better choices.