CyberSecurity Leadership Summit logo

CyberSecurity Leadership Summit 2021

I will be speaking at this year’s KuppingerCole Cyber Security Leadership Summit, 9-11 November 2021 in Berlin. It is a great privilege and pleasure to be invited to participate in such a high calibre event. I have two items on the agenda:

From Burden to Benefit – How aligning on business purpose and objectives is critical to maximise the value of Security

In this presentation I will focus on how to position Security as a Business enabler, and how to align and cooperate with those corporate functions that are driving the Digital Transformation. This talk will draw strongly on research in the field of Organisational Leadership and how to apply it to the context of CyberSecurity and the Digital Transformation.

Wednesday, November 10, 2021 12:00 – 12:20

Between Sugarcoating and Scaremongering – How to Position Your Governance & Risk Management Programme

Panel Discission, together with Victoria van Roosmalen, CISO and DPO at Coosto, moderated by Warwick Ashford. We will be diving into whether it is better to down- or up-play the risks addressed and uncovered by a Governance & Risk Management Programme, and how to decide which approach to take. Further participants to be announced.

Wednesday, November 10, 2021 12:40 – 13:00

This will be the first in-person event for me in nearly two years, and I am really looking forward to it! The whole conference will be offered as a hybrid event, both for participation on-site in Berlin, and online for those that can’t make it.

Please do come and join us for this excellent event, either in person in Berlin, or online. For more details, visit the event website at

Managers: Asset Or Liability In Remote Work?

As if we hadn’t noticed it already, Coronavirus is acting like a magnifying glass and accelerator for topics that were already on the horizon before the pandemic hit. Managers that act as enablers and facilitators of their teams and team members were already being seen as an important part of high-performing organisations. In the context of remote work, they become essential for team performance.

The role of managers and clear rules of engagement: lessons from remote-first companies

Source: Managers: Asset Or Liability In Remote Work?

Cybersecurity Culture – What does it mean?

The term „Cybersecurity Culture“ appears to be very much en vogue at present. I have myself participated in several panel discussions over the last year that specifically addressed this topic. But what does it mean?

I have been mulling this over for quite some time now and would now like to ask you, dear reader, to reflect on my thoughts and provide feedback. Perhaps together we can come to a clearer picture of where we stand, anywhere we need to go next.

Today, Cybersecurity Culture is very much interpreted to be the art of getting our users/employees to act in a manner that is appropriate to an organisation‘s risk profile. This is done through training and tooling, to elicit the desired method of behaviour from the subjects, i.e. the users or employees. It is generally implemented as a Cybersecurity Awareness Programme, applicable to the general populace of the organisation.

But is that really a „culture“? And is it even the right approach?

I’ve been mulling over this topic for quite some time now and there are essentially two parts that I think need addressing:

  • First, the question is, is cyber security culture a separate topic, or does it need to be integrated in the overall culture of an organisation? In fact, should we rather be talking about a Cyber-Secure Organisation Culture, rather than an Organisation Cybersecurity Culture?
  • The second part is, whether this one-size-fits-all approach is the most efficient in achieving the organisations goals? Would it perhaps not be better, to have several sub-cultures within the organisation that then outlined the values, beliefs, and actions of different groups of people, e.g. managers, knowledge workers, developers, or front office staff?

I believe that there are still many aspects of this topic that can, and need, to be explored. This is what I will be focusing on in the next few articles. In doing so, I would like to reflect upon not just my own opinions, but also on those of the community in general.

So, dear reader, please share your views and opinions on this topic. The more views we have, the more we can reflect upon them in our discussions and in the articles to come. So please don’t hesitate in providing your own opinion on this topic in the comments below.

PrivSec Global March 2021 – Creating a Cyber Security Culture

I am happy to be joining Dan Raywood, Glen Hymers and Sithembile Songo in a panel discussion on “Creating a Cyber Security Culture” at PrivSec Global on 25 March 2021 at 13:30 GMT.

For this and many more high-calibre sessions on Privacy and Security, join us online at PrivSec Global on 23-25 March. Learn more and register for free here; #PrivSecGlobal

Oliver Carr at PrivSec March 2021

PrivSec Global March 2021

I am happy and honoured to be confirmed as part of the discussion panel on “Creating a Cyber Security Culture” at the PrivSec Global conference at 13:30 GMT on 25 March 2021.

The other members of the panel will be:

  • Dan Raywood – Cybersecurity and Privacy Journalist
  • Glen Hymers – Global CISO and Head of Data Protection, Save The Children International
  • Sithembile Songo – Head: Information Security and Risk Management, Public Investment Corporation

I’m really looking forward to a lively and diverse discussion and hope you will be able to join us too. To reserve your place, just go to