Cybersecurity training and consulting that builds real security instinct
Explore the powers of game-based learning
People do not build security instinct by being lectured at. They build it by making decisions and living with what happens next. That is what a game does. It turns a topic people would normally sit through into something they actually do, argue about, and remember afterwards. The engagement is nice. The part that matters is that it sticks.
Contact me if you need my help in any of the following areas:
Community Marketing
The infosec community decides who is worth working for and worth buying from. Show up with something of real value instead of another campaign, and it talks about you. I help you do that in a language the community actually respects.
Talk: Living with AD(H)D in infosec
I can be engaged to do a talk or join a panel on neurodiversity, inclusion and ADHD built on my own journey from being diagnosed at the age of 44 after a long career in infosec.
The talk will focus on my journey and my learnings, I can talk about being an employee and which challenges neurodiverse people usually have in the workplace, what employers should focus on to be more inclusive or whatever is important to you.
In my experience neurodiversity is very widespread in infosec and IT in general so when I do my talk in front of these audiences, it always sparks a lot of talks and personal stories. To me it’s important to educate and inspire. I’ve been so lucky to do this at several conferences around Europe and US where I’ve been invited to talk about this, a subject very dear to me.
Reach out if you’re interested in continuing the conversation.
Two decades as an Infosec Professional
I have spent two decades in infosec, and the same thing keeps proving true: security is a people problem long before it is a technical one. So I teach it the way people actually learn, through stories and games they take part in, not slides they sit through. Pragmatic, a little contrarian, and built on what works in the room.
How I Work
Incident response training: I run your team through a real incident as a game, ransomware and worse, so they practise the hard calls before they have to make them for real.
Community-centric marketing: I help you reach the infosec community by giving it real value, not by pointing another campaign at it.
Public speaking and workshops: I speak at conferences across Europe and the US, and I run workshops that get a room talking instead of nodding along.
Work Experience
Where I’ve Worked
Strategic security work across enterprises including Deloitte, KPMG, NCC Group, Pandora, NNIT and others.
What I’ve Built
Designed Malware & Monsters, a TTRPG-based incident response training game used at BSides conferences.
Co-founded KbhSEC, Copenhagen’s independent infosec practitioner community.
Security awareness programme at Pandora, multi-channel, risk-based, global workforce.
Co-founder and organiser of BSides København since 2019.
Bridged marketing, technology, and community as Head of Community at CrowdSec.
From the blog
Stop Running Boring Incident Response Tabletop Exercises
I have seen this scene too many times.A group of people in a meeting room. Coffee on the table. Laptops open. A slide deck on the screen. The title says something like Ransomware Scenario Q2.Someone from security reads the scenario. People nod. A few people answer...
Want commercial success in infosec? Stop doing marketing! (like everyone else)
In the rapidly evolving digital landscape, traditional marketing strategies no longer suffice in the InfoSec sector. This article explores a transformative approach based on deep community engagement, demonstrating how genuine support and understanding of the InfoSec...
Got problems attracting infosec talent? It’s time for your organization to learn geek!
Embracing the infosec community and people in it is important if you want to attract the talent you need. Learning to understand geeks and geek subculture is an important skill here. Read on and understand why both your HR and marketing departments need to learn geek....
Employer Branding: Why Anthropology matters in your efforts to hire cyber security talent
There’s a lack of talent in cybersecurity. Nobody seems to be able to hire enough qualified specialists. Nothing’s new in that. What’s really strange when speaking of this lack of talent is that no one seems to do anything about that and their situation. While you...