In this episode of Follow the Rabbit, host Kofi Osae-Attah is joined by Erlend Andreas Gjære, co-founder and CEO of Secure Practice. Together, they debunk the common misconception that "people are the weakest link." Erlend argues that, with the right focus, the human element can be an organization’s greatest asset. He believes this shift requires a change in focus from basic security awareness to true preparedness.

The conversation moves beyond traditional "checkbox" compliance to explore how storytelling and interactive exercises can foster genuine employee engagement. Erlend shares the fascinating story of a company summer party that was transformed by a high-stakes simulation. This example proves that a resilient security culture is built through shared experiences rather than dry e-learning modules.

Finally, they discuss the psychology of phishing and explain why the best technology investment can't replace human intuition. Understanding how our brains process urgency and fear enables leaders to build a culture of reporting and recovery that transforms potential disasters into minor footnotes.

1. People are the last line of defense. Calling employees the "weakest link" is a big mistake. When a user clicks a link, it is often the final step in a system-wide failure rather than an isolated human error.
2. Preparedness > Awareness: Knowing a policy and acting on it are not the same. Preparedness involves co-creating organizational resilience by practicing how the company would function during an incident.
3. The Psychology of the Click: Phishing exploits instinctive "System 1" thinking. Training should focus on helping employees "slow down" and engage in "System 2" thinking, or logical reasoning, when they feel an emotional trigger, such as urgency.
4. Culture is a Conversation: A strong security culture isn't just a poster on a wall. It’s measured by how frequently and comfortably security is discussed at all levels of the business.
5. The Business Case for People: It is often easier to buy a tool than to change a habit. However, the real business case for security lies in investing in people who understand the business processes they are protecting.

Why Listen?

If you want to transition your team from fear-based compliance to confidence-based preparedness, this conversation is essential. Erlend Andreas Gjære offers a refreshing, human-centric approach to modern cybersecurity leadership.

Don't forget to like, share, and subscribe to the Follow the Rabbit podcast! Join us as we explore the people and technology that protect the future of the internet.

You'll find Erlend on Linkedin.

Find more about Secure Practice here.

Erlend also founded She speakes Cyber.