Security Culture

The Compound Effect

The Compound Effect

| | Cybersecurity, risk management, Security Culture
When incidents stack, the effect is multiplied.The Factory Series — Part 5So far in this series, I’ve treated the threats one at a time. The physical walk-through. The geopolitical shift. The fuel reserves. The digital ...
Stories by Kai Roer on Medium
Twenty Days of Reserves

Twenty Days of Reserves

| | Resilience, risk management, Security Culture, War
Planning for best case scenarios works great until a crisis hits.Factory Series Part 3: Twenty DaysI grew up in Norway, near Slagentangen. Esso’s refinery on the Vestfold coast — one of two refineries that processed Norway’s ...
Stories by Kai Roer on Medium
Can You Still Take Out Our Factory?

Can You Still Take Out Our Factory?

| | Critical Infrastructure, geopolitics, hybrid warfare, Physical Security, Security Culture
Can You Still Take Out Our Factory? A Roer.com series.Part 2: The Pink Cloud Turned RedIn 2007, I walked through a nationwide food producer’s factory without being stopped. I published the story and asked: ...
Stories by Kai Roer on Medium
Can You Still Take Out Our Factory?

Can You Still Take Out Our Factory?

| | Critical Infrastructure, Physical Security, Security Culture, social engineering
How will you shut down this factory?Part 1: The Walk-ThroughYou are standing outside a factory. One of the largest food producers in the country. A butcher operation — industrial scale. Hundreds of employees. Trucks coming ...
Stories by Kai Roer on Medium
Rethinking Cyber Awareness: From Blame to Belonging 

Rethinking Cyber Awareness: From Blame to Belonging 

| | behavioral cybersecurity, contextual security, Cybersecurity Awareness Month, cybersecurity guardrails, employee empowerment, human error in cybersecurity, human-centered security, organizational resilience, phishing training alternatives, Risk Mitigation Strategies, Security Culture, security design patterns, security engagement, shared responsibility, weakest link fallacy
Stop treating employees like the "weakest link." Discover why traditional cybersecurity awareness training fails and how to build a culture of belonging through human-centered design, security guardrails, and collaborative resilience ...
Security Boulevard
Threat Modeling with AI: A Developer-Driven Boon for Enterprise Security 

Threat Modeling with AI: A Developer-Driven Boon for Enterprise Security 

| | AI tooling, AI-assisted threat modeling, AppSec collaboration, Attack Surface, Automation, continuous threat modeling, developer upskilling, developer-centric security, developers in security, governance, IDE integration, iot threats, LLMs in security, pattern recognition, proactive resilience, risk tooling, scalable defenses., Secure Coding, Security Culture, security proficiency, shift left, Supply Chain Risk, Threat Modeling, traceability, Vulnerability Remediation
For companies running a modern, adaptive and defense-centered security program, threat modeling is not a new concept. In fact, it’s one of the core tenets of preventative cybersecurity best practices. Being able ...
Security Boulevard
WAR room, CISO, AI Native, security, CISOs, UnitedHealth CISO

How the CISO’s Role is Evolving From Technologist to Chief Educator 

| | board-level cybersecurity, CISO communication skills, CISO leadership, CISO responsibilities, Cybersecurity Strategy, enterprise risk management, modern CISO role, Security Culture, Security Education
Today’s CISO is a strategic leader responsible for risk communication, security culture, education, and executive alignment. Technical expertise remains essential, but influence, clarity, and leadership now define success ...
Security Boulevard
human, risk, error, open source security

The Human Layer of Security: Why People are Still the Weakest Link in 2026 

| | adaptive access, AI-enabled phishing, Awareness Training, behavioral design, CISO leadership, deepfakes, employee resiliency, Human Error, human factor cybersecurity, Human Risk Management, human-centered security, insider risk, microlearning, Passkeys, passwordless, phishing simulations, real-time interventions, Security Culture, Security Metrics, social engineering, voice phishing
By 2026 humans remain cybersecurity’s weakest—and most vital—link as AI-enabled social engineering rises; prioritize behavioral design, real‑time interventions, and leadership ...
Security Boulevard
The Zero Risk Trap: How to Ditch Perfection and Prioritize Real Cyber Resilience

The Zero Risk Trap: How to Ditch Perfection and Prioritize Real Cyber Resilience

| | cyber resilience, risk appetite, risk management, Security Culture, zero risk
In Star Trek, the Kobayashi Maru simulation is an unwinnable test faced by Starfleet cadet captains. The only way to “win” is to accept that you can’t. It’s a test of character ...
Security Boulevard
zero-trust, be, ZTA, architecture, security, Permiso, applications, zero-trust, ML, AI, zero-trust, access, zero-trust, PAM, zero-trust, ZTNA, migrating, backup data, zero-trust, security, zero-trust, business, policy container zero-trust ZTNA

Elevating the Human Factor in a Zero-Trust World

| | Access control, access management, ai and security, Automation in Security, behavioral analytics, context-based security, cybersecurity awareness, Cybersecurity Leadership, Cybersecurity Strategy, DBIR report, Gartner zero-trust, human factor in cybersecurity, human judgment in security, human-centered security, hybrid work security, identity-centric security, phishing prevention, policy design, risk signals, Security Culture, social engineering defense, threat detection, zero trust framework, Zero Trust Implementation, zero trust security, zero-trust best practices
Zero-trust isn’t just technology — it’s a human-centered strategy. Real security depends on context, judgment and collaboration, not automation alone ...
Security Boulevard
Load more