Cybersecurity training and consulting that builds real security instinct

EXPOSURE: The board game that builds security instincts in management

Turn a 60-minute session into a lasting shift in how your leadership team thinks about security risk. No technical knowledge required. Built around NIS2 Article 21(2)(g).

I can help you with a different take on your cyber security marketing

You want to do it differently. But how? I have a simple suggestion: address the cyber security community; a powerful but often overlooked marketing channel. Doing so both requires understanding of the target group and the ability to get ideas no one else does. I can assist you with both.

NIS2, DORA and the CRA make security a board problem

The new EU rules do not ask you to be aware of cyber risk. They ask your board and your team to make the decisions, test the plan, and prove it. I run games that build exactly that, mapped to NIS2, DORA and the CRA.

Explore the powers of game-based learning

People do not build security instinct by being lectured at. They build it by making decisions and living with what happens next. That is what a game does. It turns a topic people would normally sit through into something they actually do, argue about, and remember afterwards. The engagement is nice. The part that matters is that it sticks.

Contact me if you need my help in any of the following areas:

Community Marketing

The infosec community decides who is worth working for and worth buying from. Show up with something of real value instead of another campaign, and it talks about you. I help you do that in a language the community actually respects.

&

Gamified Incident Response training

Most incident response plans have never met a room full of people under pressure. I run the incident as a game, so your team makes the calls, finds the gaps, and learns how each other actually behaves before a real incident does it for them.

&

Talk: Living with AD(H)D in infosec

I can be engaged to do a talk or join a panel on neurodiversity, inclusion and ADHD built on my own journey from being diagnosed at the age of 44 after a long career in infosec.

The talk will focus on my journey and my learnings, I can talk about being an employee and which challenges neurodiverse people usually have in the workplace, what employers should focus on to be more inclusive or whatever is important to you.

In my experience neurodiversity is very widespread in infosec and IT in general so when I do my talk in front of these audiences, it always sparks a lot of talks and personal stories. To me it’s important to educate and inspire. I’ve been so lucky to do this at several conferences around Europe and US where I’ve been invited to talk about this, a subject very dear to me.

Reach out if you’re interested in continuing the conversation.

 

Two decades as an Infosec Professional

I have spent two decades in infosec, and the same thing keeps proving true: security is a people problem long before it is a technical one. So I teach it the way people actually learn, through stories and games they take part in, not slides they sit through. Pragmatic, a little contrarian, and built on what works in the room.

How I Work

5

Incident response training: I run your team through a real incident as a game, ransomware and worse, so they practise the hard calls before they have to make them for real.

5

Community-centric marketing: I help you reach the infosec community by giving it real value, not by pointing another campaign at it.

5

Public speaking and workshops: I speak at conferences across Europe and the US, and I run workshops that get a room talking instead of nodding along.

Work Experience

Where I’ve Worked

Strategic security work across enterprises including Deloitte, KPMG, NCC Group, Pandora, NNIT and others.

What I’ve Built

5

Designed Malware & Monsters, a TTRPG-based incident response training game used at BSides conferences.

5

Co-founded KbhSEC, Copenhagen’s independent infosec practitioner community.

5

Security awareness programme at Pandora, multi-channel, risk-based, global workforce.

5

Co-founder and organiser of BSides København since 2019.

5

Bridged marketing, technology, and community as Head of Community at CrowdSec.

From the blog

Stop Running Boring Incident Response Tabletop Exercises

Stop Running Boring Incident Response Tabletop Exercises

I have seen this scene too many times.A group of people in a meeting room. Coffee on the table. Laptops open. A slide deck on the screen. The title says something like Ransomware Scenario Q2.Someone from security reads the scenario. People nod. A few people answer...

No cookies here

Notice there’s no cookie banner here.
That’s intentional and the site is still GDPR-compliant. I chose to avoid cookies and stick to basic, privacy-friendly stats.
My analytics are cookieless: self-hosted Plausible (EU) and PostHog in cookieless mode, with your IP anonymized. No cross-site tracking, nothing that identifies you.
The one cookie I can set does the opposite of every other cookie: it tells my stats to ignore you completely, and you only get it if you ask.

Everybody wins.