You're not a Kinderkarten teacher, you're an infosec professional

You’re an InfoSec Professional Not a Kinderkarten Teacher

Every minute you spend chasing other people for security work is a minute stolen from actual security work.

Image of a bored corporate employee head on the table holding a coffee cup.

How To Do Policy Training Better

Because nobody learns from a snoozefest. List of actionable small adjustments to make your trainings less boring.

19 essential KPIs to track your information security program's effectiveness

19 Essential KPIs to Track Your ISMS’s Effectiveness

List of universal KPIs and metrics to measure the progress and effectiveness of any information security management program.

GRC KPIs Checklist

GRC Metrics & KPIs Checklist with Example KPIs

Checklist for choosing KPIs for GRC program with Example KPIs

Risk Management Fail: Mixing Causes with the Risk Itself

People often mix up the risk itself with its potential cause or mitigation. This mistake can significantly impact how risks are understood and managed.

Illustration of a farm together with the post title

NIS 2 Just Came Out But We Already Know What NIS 3 Will Bring

In 7-8 years, my dad’s dairy farm and other “normal” non-techy companies will need to have formal information security programs. Here’s why: The World Economic Forum (WEF) has been publishing their Cybersecurity Outlook reports since 2022. In the latest 2025

Company

Follow Us