The Praxis Practice Blog

Insights on security culture, human factors in cybersecurity, and building resilient organizations.

Your Board Does Not Speak Firewall: How to Report Human Security Risk in Their Language
· Kai Roer

Your Board Does Not Speak Firewall: How to Report Human Security Risk in Their Language

Your CFO does not need a firewall log. Your auditor does not need a phishing dashboard. Stakeholder Brief auto-generates reports in each audience's language.

Are You Getting More Secure — Or Just Hoping? How Internal Baselines Replace Industry Guesswork
· Kai Roer

Are You Getting More Secure — Or Just Hoping? How Internal Baselines Replace Industry Guesswork

Generic industry benchmarks do not tell you if your organization is improving. Risk Bearing builds rolling baselines from your own Microsoft 365 data — from day one.

What Are Your Employees Actually Doing? (The Security Data Microsoft 365 Hides in Plain Sight)
· Kai Roer

What Are Your Employees Actually Doing? (The Security Data Microsoft 365 Hides in Plain Sight)

Your Microsoft 365 environment holds months of employee security behavior data you have never seen. Employee Pulse surfaces it in 15 minutes — no setup meetings required.

On Measuring the Unmeasurable
· Thea Mannix

On Measuring the Unmeasurable

Security culture is a theoretical metaphor that we can measure as others.

Meaningful Metrics: The Case for Switch Cost
· Thea Mannix

Meaningful Metrics: The Case for Switch Cost

Resilience in cybersecurity is about meaningful metrics, such as switch cost in cybersecurity.

The Internet is a dark room. Your brain thinks the lights are on.
· Thea Mannix

The Internet is a dark room. Your brain thinks the lights are on.

How can you tell when someone is lying to you? Most of our defenses against social threats are disabled in digital environments. Worse, we don't realize.

Meaningful Baselines for Human Factors: Here's How To Do It
· Kai Roer

Meaningful Baselines for Human Factors: Here's How To Do It

The most important reason for a baseline is to be able to know that what you do is the right thing to do in human risk management cybersecurity.

The Problem with Awareness Training Best Practices - and How We Can Fix It
· Kai Roer

The Problem with Awareness Training Best Practices - and How We Can Fix It

Security awareness training best practices are not working because they provide a one size fits all approach, which is damaging to security culture.

Words Matter: Why Human Risk Management is More Than Just a Term
· Thea Mannix

Words Matter: Why Human Risk Management is More Than Just a Term

It is important to shift from using the term security awareness to human risk management to adapt to the growing complexity in cybersecurity.

The Emotional Reality of the Digital World
· Thea Mannix

The Emotional Reality of the Digital World

Empathy is key in cybersecurity, and we must remember that digital events have real world consequences.