We invest hours analyzing a security risk, and that effort makes us overvalue the recommendation. An executive who hasn't shared that analysis weighs the same risk differently, and they might be right.

https://zeltser.com/rejected-security-recommendations

#cybersecurity #securityleadership #CISO #infosec

As we automate more security work, stakeholders trust what they can see. Making them feel secure is as much our job as making them secure.

https://zeltser.com/importance-of-feeling-secure

#cybersecurity #infosec #securityleadership

When DevOps overwhelmed security reviews, the same velocity let teams patch in minutes instead of waiting for quarterly releases. Vibe coding by non-developers is the next shift where that speed works in our favor.

https://zeltser.com/security-governance-vibe-coding

#cybersecurity #infosec #securityleadership #AI

🧠Turn your team into threat hunters, one dice roll at a time 💥

🎲 𝗗𝗨𝗡𝗚𝗘𝗢𝗡𝗦 & 𝗗𝗥𝗔𝗚𝗢𝗡𝗦: 𝗧𝗛𝗘 𝗦𝗘𝗖𝗨𝗥𝗜𝗧𝗬 𝗣𝗢𝗪𝗘𝗥 𝗧𝗢𝗢𝗟 𝗬𝗢𝗨 𝗗𝗜𝗗𝗡’𝗧 𝗞𝗡𝗢𝗪 𝗬𝗢𝗨 𝗡𝗘𝗘𝗗𝗘𝗗 - Klaus Agnoletti ( @klausagnoletti ) & Glen Sorensen 🛡️

Roleplaying isn’t just for nerds, it’s a proven method for building real security muscle. This talk reveals how structured tabletop roleplaying games unlock deeper learning, improve team cohesion, and turn abstract security concepts into lived experience. By simulating incident response, threat modeling, and zero-trust design through narrative-driven play, teams develop adaptive thinking, shared mental models, and faster decision-making under pressure.

Klaus Agnoletti https://www.linkedin.com/in/agnoletti/ is a freelance storytelling cyber security advisor, co-founder of BSides København, neurodiversity advocate, and architect of playful security transformation through narrative and gamification.

Glen Sorensen https://pretalx.com/bsidesluxembourg-2026/speaker/J3PRCC/ is a Solutions Engineer at DeleteMe, former vCISO, and incident master for HackBack Gaming. 20+ years in security engineering, GRC, and operations. Passionate about OSINT, AI-powered social engineering, and using tabletop games to train real-world response.

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/

#BSidesLuxembourg #GamifiedSecurity #CyberTraining #IncidentResponse #RolePlaying #SecurityLeadership #InfosecEducation #PlayToLearn

We adapted security governance to SaaS adoption and DevOps velocity. Vibe coding by non-developers is the next comparable shift, and those transitions give us a starting approach, even though the timeline is shorter.

https://zeltser.com/security-governance-vibe-coding

#cybersecurity #infosec #securityleadership #AI

Just Announced for BSides Luxembourg 2026!
𝗞𝗘𝗬𝗡𝗢𝗧𝗘: 𝗜𝗗𝗘𝗡𝗧𝗜𝗧𝗬 𝗦𝗘𝗖𝗨𝗥𝗜𝗧𝗬 𝗝𝗨𝗦𝗧 𝗘𝗫𝗣𝗟𝗢𝗗𝗘𝗗 - Wendy Nather (@wendynather )

As identity ecosystems evolve, some challenges never quite get solved—delegation being one of them. But now, the stakes are higher than ever. With the rapid rise of non-human identities that don’t fit traditional system or application roles, organizations are facing a new layer of complexity. Even if you’re not actively using these “agents” yet, they’re already becoming part of the broader digital environment. The question is no longer if—but how you’ll manage them. It’s time to start making deliberate decisions about identity, access, and control in this expanding landscape.

Wendy Nather ( @wendynather ) is a strategist, research director, and former CISO with over 40 years of experience in IT operations and security. Her expertise includes identity and access management, threat intelligence, risk analysis, and security operations, shaped by leadership roles in financial services, government, and industry research.
📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/

#BSidesLuxembourg #IdentityManagement #CyberSecurity #IAM #DigitalIdentity #SecurityLeadership

Vendor evaluations are broken.

Why don't we get to choose who we talk to? SageTap fixes one part of it: async vendor browsing, you apply for calls, 30-60 min, anonymous, paid. Not retire-early money, but a decent dinner. You decide at the end whether to reveal yourself.

And if the meetings aren't free, they're not for nothing.

Referral link (I get a credit if you sign up and complete your first vendor call): https://sagetap.cello.so/rSvWkKHVAIx

#CISO #SecurityLeadership

Every organization has a “Mike.”

The one who knows how everything works.

That’s not a strength. That’s a risk.

New article: When Security Architecture Depends on Tribal Knowledge

https://jimguckin.com/2026/03/19/when-security-architecture-depends-on-tribal-knowledge/

#CyberSecurity #SecurityArchitecture #InfoSec #SecurityLeadership

The fastest deal is useless if your vendor opens the wrong door 🚪

#CyberSecurity #DataProtection #InformationSecurity #Infosec #Compliance #ITSecurity #CyberRisk #CyberAwareness #DigitalSecurity #SecurityLeadership #BusinessContinuity #RiskAssessment #ISMS #ISO27001 #CISO