People and security, part 3: security culture with Kai Roer

How do we make long-lasting changes to our security?

Conventional security training only goes so far. Instead, we need tools and techniques that keep security best practice to the fore. It should be more than an annual compliance exercise. As an industry, we need to change attitudes.

Kai Roer argues that effective security means changing the organisation’s culture. But cultural change can be hard to define.

As founder of security culture advisory firm CLR.re, now part of KnowBe4, Roer views security culture as something that can be measured, and monitored.

But identifying weaknesses is just the start of the process. According to Roer, we need to think about security as part of day to day business. That applies to every part of the organisation, not just the IT security team.

And a strong security culture will be flexible enough to deal with change, and new risks, as the last 12 months have shown, as he tells our host, Stephen Pritchard

Security culture expert Kai Roer

Security culture expert and author Kai Roer

Featured image: Brian Merrill from Pixabay