Culture & the Human OS: Your Invisible Security Control
When most organizations talk about “culture,” it can feel abstract: values on a wall, slogans in the all-hands deck, a paragraph in the annual report.
4 min read
NCSC Cyber Culture Principle 3: Learning From Cyber Incidents
This is a quick deep dive into one of the NCSC cyber security culture principles, designed to help you understand what it actually means in...
2 min read
Tailgating at Heathrow: What Physical Security Failures Teach Us About Human Risk and Cybersecurity
I’ve travelled through Heathrow more times than I care to remember. The queues. The repeated checks. The belt removals. The very thorough screening.
4 min read
Malicious Insiders in an AI-Enabled World
“Insider threat” isn’t new. But AI changes what insiders—especially malicious ones—can do.
1 min read
Shadow AI and AI Workforce Risk
If you don’t give people clear, usable, safe ways to use AI at work, they will create their own. That’s Shadow AI.
1 min read
NCSC Cyber Culture Principle 2: Creating a Safe, No-Blame Reporting Culture
This is a quick deep dive into one of the NCSC cyber security culture principles, designed to help you understand what it actually means in plain...
2 min read
Modern Human Risk Management Programs: Beyond Awareness Training for an AI Enabled Future
For years, “managing human risk” usually meant:train people once a year, run phishing simulations, track click rates, repeat.
1 min read
NCSC Cyber Culture Principle 1: Turning Security Into a Business Enabler
This is a quick deep dive into one of the NCSC cyber security culture principles, designed to help you understand what it actually means, why it...
2 min read
How AI and Cyber Culture Collide: Human Risk in the Age of GenAI
GenAI showed up in most organizations the way shadow IT did: not with a carefully planned rollout, but with a link in a chat.
7 min read
What Is Cognitive Operations? The Human Competency for Safe AI
We’ve spent years building IT operations, security operations and now AI operations. But there’s a missing layer: the operational capability that...
1 min read