• Buy my latest book!

    In "Build a Security Culture" I explain what security culture is, how to build and maintain security culture, and how you can use the Security Culture Framework to plan, measure, organize and create results with your security awareness programs. The book is available in electronic formats as well as in print.
    You can buy the book on Amazon here: Buy now!
    Or directly from IT-Governance here.

Build a Security Culture – Now in a store near you!

My latest book, Build a Security Culture, is now available in a store near you – well, at least if you have access to the Internet, and reading this, I guess you have! The book is about building and maintaining security culture in organizations, and use the Security Culture Framework as a backdrop.

Here are a couple of pictures from the book – the first ever taken, as far as I know! Thanks for the pics, Thom!

Build a Security Culture Build a Security Culture cover

You can order the book at Amazon. I, obviously, think you should! It is also available in other stores, I am sure! You could also ask your local bookshop to put it on display – I would love that of course! Even better, take a picture of it, and post it on social media tagging me or #securityculture!

I also love to hear from you:

  • how do you use the book to build security culture?
  • what kind of goals do you use to measure your security culture progress?
  • who do you involve in your culture programmes?
  • what kind of activities do you find gives you the best results?

Share your thoughts below in the comments!

The process of building security culture

The Security Culture Campaign process

The Security Culture Framework (SCF), the open and free methodology, is a process of building security culture. It was created to help you organize your work with building and maintaining security culture. Using the principles found in process management, the SCF will enable you to document your progress, and create … Continue reading

Fluffy awareness, anyone?

Fluffy awareness – what exactly is that? And perhaps more important – is fluffy awareness something we want? Or even need? This was the main question discussed during the January 2015 episode of the live Security Culture Show I host together with the excellent Mo Amin.

You can watch the full 45 minute recording on Youtube, or also download the podcast at the Security Culture Framework site.

As always, we ramble on about security culture, awareness and related topics. And as always, we had a fantastic guest: Sarah Clarke, who happily shared her experiences and knowledge of creating awareness that makes a difference. We had loads of fun, discussing anything from Judo, sticks and fear, to agreeing on intrinsic motivation being a key element in building lasting change. We had more viewers than ever before, and questions and discussions where held in the comment area too! Make sure to check them out here!

We also gratulate Rowenna Fielding with winning a copy of my upcoming book “Build a Security Culture” – the book will ship mid March!

Do you want to watch us live? Next show is February 24th at 1800CET. Look for that Google Hangout-on-air invite!

Here is the full show:

The Security Culture Show – a review of 2014


Earlier this year, Mo Amin and I kicked off the Security Culture Show, a monthly Google Hangout on Air or a TV-show on your computer if you like. This December, it was time to review what we had done, and to meet with our guests again.

The Security Culture Show is a 45 minute show where we discuss security culture, security awareness and how to change behaviors with guests like J. Wolfgang Goerlich, Dr. Jane LeClair of the National Cybersecurity Institute, Rebecca Herold the Privacy Professor to name but a few.

The Guests


Although the general topic of the show is security culture, we find ourselves discussing anything from passwords to phishing, setting up and managing security programs, and how to tell stories in a way that relates to the audience.

Feedback about the show is great too:

Great content and very professionally made! Lars


Very insightful! Looking forward to your hangout session today too. Eli

We are the lucky ones, with actively participating viewers who ask us questions and give us feedback and direction. Thank you all for watching – live and recorded!

In the December show we had a special guest too: Santa Mo came by and offered to give away a copy of my upcoming book “Build a Security Culture” to one of our viewers, and in the November Show Rebecca Herold gave away one of her books too. Thank you! Perhaps we have more give-aways in the year to come too!

Santa Mo

Why should you check out the show? When you struggle with getting your security awareness programs right, the Security Culture Show is there to help. We focus on different topics and challenges of creating behavioral change, and use the Security Culture Framework as a base for structure. Our guests comes with line-of-fire experience they share. And both Mo and myself have long experience in building security culture.

You may also consider watching just for laughs – the show is live, and we do follow a quasi-script, but things happens, stuff breaks, and laughs are to be had. It´s only human, right?

Would you like to be a guest? Or do you know someone who should be? Let us know! Ping us on Twitter, G+ or your preferred tool. Do you have some awareness program challenges, questions or topics you would like us to dig into? Let us know! We will not even use your name unless you are ok with it!

Now, head on over to the Security Culture Show and have a serious laugh!

Spying in Norway: IMSI-catcher used to spy on the Parliament of Norway

Image: Aftenposten.no

Image: Aftenposten.noLast week in Norway, hell broke loose. Aftenposten, one of the major newspapers here, published a story of how Oslo were set up as a spy-hub where the cellular networks had been replaced by a hostile 3rd party. Someone are … Continue reading