Discover how to design a security behavior and culture program that balances people, processes, and technology for long-term resilience.

Even experienced leaders can fall for phishing. Discover what CEO phishing attacks reveal about human psychology, why traditional training fails, and how smarter security tools help.

Small security awareness teams can do more with less. Learn practical ways to automate, gamify, and focus your awareness efforts for real cultural impact.

One yearly cyber attack simulation exercise won’t prepare your team. Learn how to balance ongoing security training with realistic exercises, and how to make both easier to plan and repeat.

Effective phishing defense starts with support, empathy, and tools that work for people. See how MailRisk bridges the gap between doubt and decision.

Discover simple, people-first steps to strengthen small business cyber security. Learn how tools like MailRisk, PrepJam, and Human Risk Metrics help your team handle phishing, rehearse incidents, and build safer habits.

Managers are the missing link in security culture. Explore Secure Practice’s playbook for cyber security training for managers, with practical steps and lessons.

Cybersecurity exercises help teams build muscle memory, so when the real threats come, people know how to respond. And just like everything worthwhile, they’re not easy to implement.

Most people don’t wake up thinking about cybersecurity. And even when they’re required to learn about it, they often forget what they’ve been taught the moment the training ends.

Are AI assistants reshaping security training? Learn why personalized, behavior-based coaching is the future of security awareness.

See how unlearning outdated habits and embracing the security training evolution helps you build a resilient, modern cybersecurity culture.

Can we achieve perfection for the launch? No. But let me share my thoughts on developing a product that will provide incredible value (and fun times) to our cybersecurity community.

Security culture isn’t instant. Learn how awareness automation can help, and where balancing effort, speed, and impact matters most.

Learn how to create security awareness content people want to read—with tips, examples, and 6 tools to get you started.

How to make a compelling case for security awareness training and show its ROI to management.

Why people tune out security awareness and what to do instead. Learn how to make training actually work by teaching it the way people learn best.

Is your incident preparedness plan failing? Explore the myths behind it and learn how real-world exercises can improve your team’s readiness.

It wasn’t exactly that we were actively looking for a new product to build, instead it was more a matter of inspiration, learning and a clear call to action. Our founder Erlend shares below why we’re putting so much effort into PrepJam right now.

How to use the Think, Feel, Say, Do framework to lead cybersecurity education with empathy and meet the emotional needs of your team.

Turn the human threat into strength. Strategies to secure your team without losing their trust.

Learn how human nature fuels cyber threats and discover strategies to turn it into your strongest defense.

Learn how embracing mistakes in cybersecurity boosts learning, improves processes, and engages colleagues. Don’t let fear of errors hold your team back.

You have done the preparedness exercise, and the head is full of thoughts and impressions. But what should you focus on when it comes to improving your cyber security resilience?

A preparedness exercise is a valuable opportunity to test your incident management plans and identify areas for improvement.

Performing a cyber exercise is a crucial step in ensuring that your organization can effectively respond to and recover from cyber threats. Here are some steps you can take to prepare for a cyber exercise.

Staying safe online has never been more important, both at work and in personal life. But people are different, both in their level of risk understanding, and also their personal interest in security. Therefore, our team is proud to present the biggest update to our security awareness, training and culture platform so far.

Privacy by design is a fundamental aspect of services offered by Secure Practice, including our data-driven tools for measuring and managing human cyber risk in organizations.

When the MailRisk button suddenly appears in the Outlook app for your colleagues, it is important to tell them what this shiny new button is all about. Here is a suggested way to go forward.

How do you prepare the most effective phishing email to serve the goal of your exercise? In the third part of this series on simulated phishing, we describe various approaches to designing phishing content.

How do you prepare an organization for you to try and trick them? In the second part of this series on simulated phishing, we provide the outline for a communications plan.

Is it okay to trick your own colleagues? With simulated phishing, this is precisely what we do, when sending employees fake emails to increase their cyber awareness.

To stay safe online, people need to care more about the security decisions they face every day. But unless the obvious gains obviously exceed the required effort, change is often avoided.

Have you ever received an email and wondered if it could be dangerous? It is definitely a good idea to report the suspicious email to IT, but the usefulness of your reporting increases if you are able to analyze the email headers.

Does your website allow the forwarding of end-users to URLs provided as a user-provided URL parameter? If so, it may potentially be abused in phishing campaigns, along with your web domain reputation.

What do emotions and empathy have to do with digital security? Can job satisfaction increase password quality? See the talk on what scientific research on these matters.

It was a great pleasure for us to receive the Outstanding Security Performance Award (OSPA) at the Norwegian Business and Industry Security Council (NSR) security conference.

The email has invites@microsoft.com as sender, and every technical investigation (both SPF, DKIM and DMARC) shows that the email itself has indeed been sent from Microsoft.

Email was never designed to be safe, but protocol additions like SPF have improved our ability to detect spoofed senders. We have discovered a trend in forging the Return-Path header, which SPF does not deal with on its own.

Are you working on security requirements in software development, test or procurement? There is no need to re-invent the wheel. See the talk on how OWASP Application Security Verification Standard (ASVS) can help.

Are you assessing whether simulated phishing may be a good thing to do in your company? See this video for useful steps and input to prepare and launch your own internal phishing campaign.