IT Governance, a provider of products and services that strive to meet today’s evolving IT governance issues, recently conducted an interview with Kai Roer, author of the new book, “Build a Security Culture.” Roer’s responses are provided below.
1) Welcome Kai. Thanks for taking the time to talk to us. Why don’t we start with your recent book “Build a Security Culture.” Why did you want to write it?
I wanted to write this book because there are so many people and organizations who struggle with creating results from their security awareness work. You know, they keep hearing that the human is the weakest link and that they really must buy this or that product or training in order to “fix it.” The truth is that what most organizations who fail with their security awareness efforts need is not another training module or silver bullet. They need to change their approach to how they organize their work by defining clear metrics, involving the right people, and planning their actions. Writing this book allowed me to explain just how easy it can be when one follows something like the Security Culture Framework.
2) What is “security culture”?
It is defined in the book; a full chapter is dedicated to it! Jokes aside, security culture refers to the ideas, thoughts, and the social behavior of a group, or say a company, that keeps them free (or not) from threats and danger. Put differently, it is all those things we do that either put us at risk or mitigate that risk.
In the context of an organization, the point is to understand the current culture, how it may impact the threat levels, and what needs to be done in order to mitigate the risks. The good news is that culture is plastic, which means that we can both build and maintain the culture we want.
3) What aspects of your work do you particularly enjoy?
Not the writing! Writing is very hard for me; it drains my energy! What I enjoy is advising organization across a diversity of industries around the world. Helping them turn a chore into a functional security culture programme which delivers results. I also love being on a stage, talking about my passions – security culture, psychology and communication.
4) Where did you begin your career in IT?
With a computer, a long time ago.
5) If you could go back in time and meet yourself when you were at school, what advice would you give yourself?
I like the Nike slogan: Just Do It! Grab that opportunity you see, and go for it! The funny thing is that I have followed that advice most of my life – which in turn made me go places, see things, and meet people I would not have otherwise. I have learned so much over the years just by being curious and by not giving in to fear of the unknown.
6) How have you found publishing with ITGP?
It is always a pleasure publishing a new book, and working with ITGP was pleasurable, too. I would like to thank my editor Vicki for her extended patience with me. Thankfully, the ITGP team has been very good at handling me!
To find out more about our panel members visit the biographies page.