In the past decade, there has been a notable increase in the integration of human users as active components within technical systems, giving rise to what is now recognized as sociotechnical systems. However, the advancement of security measures has not kept pace with this integration, resulting in humans becoming the vulnerable link in the security chain. To address this issue, it is imperative to engineer security requirements that encompass the characteristics of individuals, thereby guiding the design of secure socio-technical systems that are tailored to accommodate their human components. This tutorial will present socio-technical systems, the security criticalities related to their human part, and how to address them. The tutorial is targeted to academics and practitioners, with interactive activities that will guide attendees in the specification of security requirements for socio-technical systems, allow them to experience cyber and social attacks and direct them to incident response actions