Current cybersecurity risk modeling methodologies do not consider humans as risk initiators or mitigators. Human factors are considered primarily in terms of how users use networks, which help defenders and IT managers prioritize assets; while the defenders and IT managers consider risk from their perspective of how to best protect their system. Risk management within the context of the NIST framework does not consider humans as actual risk factors, initiators and mitigators of risk, and therefore potential components of a predictive model of network security risk. Attributes of the human actors, attackers, defenders, and users, such as experience, knowledge, and cultural background, may significantly influence how human actors contribute to or mitigate cyber risk, and thus are appropriate parameters to include in a predictive cybersecurity risk model. In this paper, we extend our previous work conceptualizing a dynamic aggregated cybersecurity risk assessment model based on a Bayesian belief network and incorporate variables representing critical risk-inducing and risk-mitigating human and cultural factors into a proof of concept.