re:invent security

In this episode of re:invent security, hosts Jeroen Prinse and Irfaan Santoe sit down with Kay Behnke, CISO at Genmab. Kay has built security organizations in three very different global companies: NXP, FrieslandCampina, and Genmab. Spanning tech, food, and life sciences. Drawing from more than 20 years of experience, he reflects on how building a security team has evolved over time and what’s stayed the same.Together, they unpack what it really takes to design security functions that scale, how to balance culture and compliance across geographies, and the hard lessons learned from doing it three times.Whether you’re starting your first security organization or rethinking a mature one, this candid conversation offers timeless insights into the craft of building teams that endure and adapt. Tune in and ask yourself: What will you do differently tomorrow?Chapters:00:00 - 00:47 - Intro snippets00:48 - 02:59 – Introduction of the episode and Kay03:00 - 07:38 – How has Kay seen the reinvention of security during two decades?07:39 - 11:27 – What was it like building a security organization two decades ago?11:28 - 14:37 – What is the difference in building security organizations in three different industries?14:38 - 17:48 – What is one thing you would recommend doing when changing industries?17:49 - 21:15 – How did company culture Kay’s security approach?21:16 - 24:43 – Is local presence needed for execution on the security program?24:44 - 30:22 – What is the first role or capability you would start with?30:23 - 33:58 — A security leader should listen to the needs of others33:59 - 37:53 – How did the way boards act in the last 20 years?37:54 - 41:08 – You need to understand the business and its processes.41:09 - 46:03 – Key takeaways Irfaan and Jeroen46:04 - 47:03 - OutroResources & Mentions:CISO Mind Map - https://rafeeqrehman.com/wp-content/uploads/2025/03/CISO_MindMap_2025.pdfDaniel Pink 'Drive' - Dan Pink is one of my favorite authors who pushes you to look into the mirror;this is a book that you wanted to read at the begin of your careerPeter Hinssen 'The Uncertainty Principle' - another favorite author of me; there are severalkeynotes on YouTube (he probably holds the world record in slides per minute) and well known by"The New Normal" this book is about the future and how we can and need to deal with uncertaintyand disruptionDaniel Kahneman 'Thinking Fast and Slow' - for everyone who is building a security awarenesscampaign a MUST readAndrej Karpathy 'Deep Dive into LLMs like ChatGPT' - if you have time then you should watch thisvideo since it provides you surprising insights about how LLM models workGraham Cluley 'Smashing Security' - finally s.th. about information securty; the weekly podcast forthe lunch walk with your dogConnect with Kay: https://www.linkedin.com/in/kbehnke/Subscribe to this channel to find all new episodes:https://youtube.com/@reinventsecurity?feature=sharedListen on:Spotify: https://ap.lc/SzTrYApple Podcasts: https://ap.lc/HmXhfFOLLOW ►Jeroen PrinseLinkedIn: https://www.linkedin.com/in/jprinse/Irfaan Santoe:LinkedIn: https://www.linkedin.com/in/irfaansantoe/

In this episode of re-invent security, we sit down with Patric Versteeg, European CISO of the Year 2024, to unpack the “inner game” of cybersecurity leadership. Patric argues that real change isn’t about putting on a new mask—it’s about returning to your core values and installing “compensating controls” for your own behaviors under stress. From building mixed, high-trust teams to shaping board-level narratives that actually land, he shares pragmatic tools you can use tomorrow.You’ll hear how Patric:- Builds resilient teams using a diverse mix of working styles (not clones), clear outcomes over micromanagement, and a “beekeeper” approach that lets experts do their best work.- Protects team energy by addressing brilliant-but-low-trust outliers—even when they’re top individual performers.- Wins the boardroom without needing a board seat, by fitting the message to culture: financial exposure, reputational stakes, or license-to-operate.- Quantifies risk simply (people × internal hourly rate × downtime days) to make funding decisions straightforward.- Manages himself in a crisis, using quick breathing resets when meditation isn’t practical, and embracing mentors/coaches for sustained growth.- Frames board reporting around three questions: Are we compliant? Are we at risk? Did we have any material breaches?—and shows risk trends visually over time.Chapters:00:00 - 02:55 Introduction 02:56 - 05:34 The "Inner Game" of Leadership05:35 - 13:32 The Definition of Personal Leadership in Cyber Security13:33 -15:54 Building the Right Team: Diversity is Key15:55 - 19:05 Leadership Style: Trust and Result-Oriented19:06 - 25:54 The "Beekeeper" Philosophy and Hiring Smarter People25:55 - 26:56 Definition of a "High-Performance Team"26:57 - 31:16 Boardroom Communication: From Fear-Mongering to Business Risk31:17 - 39:51 What the Board Truly Wants to Know (3 Core Questions)39:52 - 41:10 Cybersecurity as a Feeling: The Human Connection41:11 - 46:20 Advice for Aspiring CISOs & Leadership Development46:21 - 52:01 Wrap-upResources & Mentions:Book: True North — Bill George https://billgeorge.org/book/true-north/Book: Surrounded by Idiots — Thomas Erikson (red/yellow/blue/green styles)Metaphor/Book (Dutch): De Bijherder (The Beekeeper)Community: NextGen CISO Network (mentoring/coaching): https://nextgenciso.nl/Home/Inspiration: Man in the Mirror — Michael Jackson (self-reflection theme)Thinkers: Simon Sinek; Brené Brown (trust, courage, vulnerability)Practice: Visual risk-trend infographics for board updates (quarterly)Connect with Patric: https://www.linkedin.com/in/pjmversteeg/ Subscribe to this channel to find all new episodes:https://youtube.com/@reinventsecurity?feature=sharedListen on:Spotify: https://ap.lc/SzTrYApple Podcasts: https://ap.lc/HmXhfFOLLOW ►Jeroen PrinseLinkedIn: https://www.linkedin.com/in/jprinse/Irfaan Santoe:LinkedIn: https://www.linkedin.com/in/irfaansantoe/

In this episode of re:invent security, hosts Jeroen Prinse and Irfaan Santoe sit down with two cybersecurity leaders tackling the talent gap from opposite directions. Laurens Jagt, founder of Cyber Security District, is building one of Europe’s most vibrant security communities—mentoring and guiding professionals at every stage of their career. Medea de Jong, Global CISO at Sonepar, brings the inside view of what it takes to lead, grow, and keep effective security teams in highly regulated industries.Together, they explore what’s broken in how we hire, why job descriptions miss the mark, how to spot hidden talent, and what it really takes to build security teams that stick. Whether you’re building your first team or reshaping a mature one, this candid conversation is packed with insights you can act on tomorrow.Tune in and ask yourself: What will you do differently tomorrow?Chapters:00:00 - 03:33 - Introduction03:33 - 07:09 - How do Medea and Laurens see reinventing the field?07:10 - 08:22 - Are soft skills more important then certificates?08:23 - 10:07 - What is more difficult: finding or retaining talent?10:08 - 19:01 - What is the new generation looking for?19:02 - 24:46 - Should we take more risk on new or transitioning talent?24:45 - 31:04 - What is going wrong with our job descriptions?31:05 - 34:49 - Should development be driven by the organization or the professional?34:50 - 43:19 - Talking to the board on team development43:20 - 45:21 - What’s one example of a development program that works?45:22 - 47:52 - Are we looking for talent in the right places?47:53 - 51:14 - What makes a transition into the cyber security field work?51:15 - 53:56 - Building a brand new security team53:57 - 58:09 - Key take aways Irfaan and Jeroen58:10- 59:45 - OutroResources:1. TierPoint – Building Your Cybersecurity Team (2025)Link: https://www.tierpoint.com/blog/cybersecurity-teamA practical guide for building an effective cybersecurity team, covering roles, strategies, and policy foundations. Ideal for modern organizations aiming to be scalable and agile.2. TechTarget – Maximize Business Impact with the Right Security TeamLink: https://www.techtarget.com/searchsecurity/tip/How-to-build-a-cybersecurity-team-to-maximize-business-impactThis article explores how the right team structure directly influences risk reduction, operational efficiency, and talent retention. Especially relevant for security leaders and HR decision-makers.3. Airiam – 14 Strategies for Building Cyber-Resilient TeamsLink: https://airiam.com/blog/building-cyber-resilient-teamsA clear and actionable blog post offering 14 strategies to enhance team culture, training, and awareness within cybersecurity teams. Useful for leaders looking to strengthen team dynamics.4. ISACA - State of Cybersecurity 2024 reportLink: https://www.isaca.org/resources/reports/state-of-cybersecurity-2024Connect with Media: https://www.linkedin.com/in/medea-de-jong-aa1b771/Connect with Laurens: https://www.linkedin.com/in/laurensjagt/ Subscribe to this channel to find all new episodes:https://youtube.com/@reinventsecurity?feature=sharedListen on:Spotify: https://ap.lc/SzTrYApple Podcasts: https://ap.lc/HmXhfFOLLOW ►Jeroen PrinseLinkedIn: https://www.linkedin.com/in/jprinse/Irfaan Santoe:LinkedIn: https://www.linkedin.com/in/irfaansantoe/

In this episode of re:invent security, we sit down with Arnaud Wiehe (Managing Director of Information Security at FedEx) and Tiago Teles (Head of Advanced Analytics & AI at ABN AMRO), co-authors of Emerging Tech, Emerging Threats, to explore what it truly means to lead in cybersecurity amid accelerating innovation.From the explosive rise of GenAI and deepfakes to third-party risk at scale and secure-by-design realities—this conversation unpacks the practical and philosophical shifts modern CISOs must embrace. Arnaud and Tiago reflect on the evolving role of the security leader: no longer the “department of no,” but a proactive enabler of innovation.We cover the threats shaping today’s landscape, including AI-generated phishing, insider risks, and automation-driven attacks—and how data quality, awareness, and defense-in-depth are now non-negotiable. Equally, we explore how security professionals must stay ahead not by fearing technology, but by experimenting with it—even when it might not succeed.Whether you're a seasoned security executive or an aspiring leader, this is a must-listen conversation about redefining relevance, staying ahead of risk, and embracing the future before it embraces you. Tune in and ask yourself: how are you staying curious?Chapters:00:00 – 04:11 - Intro, Meet the Guests & Why This Topic Matters04:12 – 08:39 - Writing the Book: Reinvention, Mindset, and Co-Authoring08:40 – 15:04 - The Speed of Innovation: Why CISOs Must Stay Ahead of Tech15:05 – 22:04 - From “Department of No” to Tech Enabler22:03 – 28:04 - AI, Data & Security: Practical Use Cases that Work Today28:05 – 33:52 - The Curious CISO: A New Model for Leadership33:53 – 44:32 - Security by Design: The Real-World Playbook44:33 – 53:43 - The Threats Are Here: Deepfakes, AI-Phishing & What's Next53:44 – 58:32 - Final Takeaways & Challenge to Security LeadersResources:* The Future Is Faster Than You Think: How Converging Technologies Are Disrupting Business, Industries, and Our Lives by Peter H. Diamandis, Steven Kotler, et al.Connect with Arnaud: https://www.linkedin.com/in/arnaudwiehe/Connect with Tiago: https://www.linkedin.com/in/tiagoteles/Subscribe to this channel to find all new episodes:https://youtube.com/@reinventsecurity?feature=sharedListen on:Spotify: https://ap.lc/SzTrYApple Podcasts: https://ap.lc/HmXhfFOLLOW ►Jeroen PrinseLinkedIn: https://www.linkedin.com/in/jprinse/Irfaan Santoe:LinkedIn: https://www.linkedin.com/in/irfaansantoe/

In this episode of re:invent security, we sit down with Petra Oldengarm, Director of Cyberveilig Nederland (CVN), to explore the real meaning of digital sovereignty—and why it’s more than just a political slogan. Petra takes us deep into the practical challenges and strategic decisions that come with reducing digital dependencies. From procurement strategies and fallback systems to encryption standards and talent development, this conversation unpacks what sovereignty can look like—without chasing unrealistic dreams of full independence. We also tackle the CISO’s role in influencing vendor choices, the myth of total control, and how European regulation (like NIS2) might help—but won’t solve everything. Whether you're in the public sector, critical infrastructure, or private enterprise, this episode is a must-listen for security leaders trying to navigate geopolitical complexity without losing sight of operationalChapters:00:00 - 1:44 - Teasers1:45 - 4:44 - Introduction of the episode and Petra Oldengarm04:45 - 08:03 - Reinventing security with private public collaboration (project Melissa)08:04 - 09:43 - What are the biggest challenges that security leaders have regarding DigitalSovereignty?09:44 - 10:43 - Outsourcing is a strategic choice increasing dependencies10:44 - 12:40- How can security leaders influence outsourcing decisions?12:41 - 15:01 - Diversifying the vendor landscape is nog a security problem but a board problem15:02 - 18:40 - Waiting for a European solution is not a strategy18:41 - 21:15 - European legislation to improve digital autonomy21:16 - 25:50 - European alternatives requires a broad long term governmental strategy25:51 - 27:30 - Strategies to increase your sovereignty today27:31 - 31:50 - Decreased risk is your Return on Investment31:51 - 36:57 - What is the role of the government and the European Union to make sure leadersdiversify?36:58 - 38:00 - You need to shift business continuity to the left38:01 - 42:36 - Encryption is part of the solution40:52 - 45:51 - What legislation is in the pipeline? (Omwille van de lengte mag deze er uit)42:37 - 46:20 - Addressing the talent gap is a make or break for digital sovereignty?46:21 - 49:40 - Petra’s advice: where do leaders start?49:41 - 55:20 - Wrapping Up + Key take awaysResources & Mentions:Position Paper Cyberveilig Nederland on Digital Sovereignty: https://cyberveilignederland.nl/upload/userfiles/images/news/Position%20paper%20CVNL%20t_b_v_%20rondetafelgesprek%20Digitale%20soevereiniteit%20bij%20de%20Rijksoverheid%20d_d_%2013%20februari%202025%20(1).pdfArticle in the FD about dependencies in our digital autonomy: https://fd.nl/tech-en-innovatie/1549612/datacenters-worden-steeds-groter-maar-de-financiering-groeit-niet-meeConnect with Petra: https://www.linkedin.com/in/petraoldengarm/Subscribe to this channel to find all new episodes:https://youtube.com/@reinventsecurity?feature=sharedListen on:Spotify: https://ap.lc/SzTrYApple Podcasts: https://ap.lc/HmXhfFOLLOW ►Jeroen PrinseLinkedIn: https://www.linkedin.com/in/jprinse/Irfaan Santoe:LinkedIn: https://www.linkedin.com/in/irfaansantoe/

In this episode of Reinvent Security, we dive into the world of cybersecurity innovation with Sri Manda, the Chief Security and Trust Officer at Peloton. Sri brings a unique perspective—he’s not only a seasoned security leader in e-commerce, content creation, and IoT manufacturing, but also an active advisor to cybersecurity startups, venture capital, and private equity.In our conversation, Sri shares why modern CISOs must wear multiple hats: part technologist, part risk manager, part business strategist, and part mentor. He details how he distinguishes genuine innovation from marketing hype, how to set up effective proof-of- concept criteria to evaluate emerging solutions, and why he believes in building “incubation labs” inside the enterprise.Key highlights include: From Reactive to Proactive: Sri’s personal stories on why cybersecurity must move beyond mere compliance toward enabling secure, fast-paced innovation. Startup-Enterprise Partnership: Criteria and red flags for CISOs looking to leverage new market entrants, plus how entrepreneurs can refine their pitch. Reinventing the CISO Role: The shift from gatekeeper to strategic leader—communicating in business terms, fostering a culture of collaboration, and building resilience. Future-Facing Tech: How AI, automation, and next-gen computing are shaping tomorrow’s security tools, and what Peloton is doing to stay ahead.If you’re ready to explore the cutting edge of cybersecurity—balancing bold new ideas with enterprise-grade governance—this episode is for you. Sri’s real-world experiences, from forging deeper connections with startups to bridging business objectives and risk management, offer a blueprint for CISOs everywhere.Chapters:Resources & Mentions: Peloton’s multifaceted business model: Content, IoT, e-commerce, and apps. The value of an MBA for cybersecurity leaders: bridging financials and technology. Incubation labs: a practical approach to vet, test, and adopt innovative solutions. Book Recommendation: Having Effective Conversations (for tough stakeholderdiscussions).Connect with Sri: https://www.linkedin.com/in/srimanda/Subscribe to this channel to find all new episodes:https://youtube.com/@reinventsecurity?feature=sharedListen on:Spotify: https://ap.lc/SzTrYApple Podcasts: https://ap.lc/HmXhfFOLLOW ►Jeroen PrinseLinkedIn: https://www.linkedin.com/in/jprinse/Irfaan Santoe:LinkedIn: https://www.linkedin.com/in/irfaansantoe/

Join hosts Jeroen Prinse and Irfaan Santoe in this episode of re:invent security as they sit down with Esther Schagen-van Luit to explore what it truly means to be a Strategic CISO in today’s security landscape. Esther is a well-known cybersecurity leader and advocate for Diversity, Equity, and Inclusion. With years of experience advising and working alongside CISOs across various sectors, she brings a sharp, candid perspective on the disconnect between tactical security operations and the strategic needs of modern organizations. In this episode, Esther unpacks:• The common traps that keep CISOs stuck in operational mode• What separates a strategic CISO from the rest—mindset, skillset, and influence• How organizational readiness (or lack thereof) impacts a CISO’s ability to lead at the strategic level• Why aligning security with digital transformation is non-negotiable• And how DEI plays a real role in shaping stronger, smarter security leadership Esther doesn’t just talk about the role of the CISO—she challenges the assumptions around it. She shares what it takes to grow into strategic leadership, even in environments that aren’t quite ready for it, and why security professionals must be ready to challenge how value is measured and communicated. Known for her clear thinking and no-nonsense delivery, Esther reminds us that strategy isn’t about sitting at the executive table—it’s about speaking the language of the business and helping shape its future. Whether you’re a current CISO, an aspiring one, or someone who works closely with security leadership, this episode offers a grounded, honest look at the evolution of the role—and how to push it forward.Chapters:00:00 - 04:09 - Introduction of the episode and Esther Schagen van Luit 4:10 - 07:32 Reinventing security and being a driving force for good.07:33 - 9:32 What are the key differences between an operational, tactical and strategical CISO?09:33 - 12:15 What are operational and tactical CISO's lacking?12:16 - 14:20 Strategic security visions requires curiosity14:21 - 15:56 What is holding organizations back to embrace a strategical CISO?15:57 - 19:33 - What are the most important skills to become a strategical security leader?19:34 - 22:07 Example of a security leader who was successfull in aligning business objectives and security strategy22:08 - 25:00 Don't sell winter coats in the summer25:01 - 26:42 The difference between regulated and unregulated organizations26:43 - 33:21 What are the tell tale signs that an organizations is not ready for a strategical CISO?33:22 - 42:00 What are some practical/high impact steps to create high performing security teams?42:01 - 43:00 What is the one piece of advise you would like to give security leaders?43:01 - 46:28 What resources does Esther recommend to level up strategic thinking?46:29 - 52:21 Key take aways Irfaan and JeroenResources:Connect with Esther: https://www.linkedin.com/in/estherschagenvanluit/ Subscribe to this channel to find all new episodes:https://youtube.com/@reinventsecurity?feature=sharedListen on:Spotify: https://ap.lc/SzTrYApple Podcasts: https://ap.lc/HmXhfFOLLOW ►Jeroen PrinseLinkedIn: https://www.linkedin.com/in/jprinse/Irfaan Santoe:LinkedIn: https://www.linkedin.com/in/irfaansantoe/

In this episode, we talk with Carlo Alexander Schreurs, CISO of FrieslandCampina, about his journey of reinvention after surgery and his transition into a transformational CISO role. He advocates for moving from rigid "zero trust" to a more flexible "adaptive trust" model, better suited to digital transformation. Carlo emphasizes cultural shifts in cybersecurity, highlighting storytelling, collaboration, and psychological safety to build trust and resilience. He also stresses integrating cybersecurity with business goals, going beyond compliance to drive innovation. The episode wraps up with practical advice for CISOs on staying agile in a fast-changing landscape.Chapters:00:00 - 03:14 Introduction of the episode03:15 - 06:26 Carlo reinventing himself 06:27 - 09:36 Reimagining Traditional Security09:37 - 14:16 The Drama Triangle vs. The Winner's Triangle 14:16 - 17:41 From Zero Trust to Digital/Adaptive Trust 17:42 - 23:00 The Role of Trust and Loyalty 23:01 - 26:15 The CISO as Storyteller 26:16 - 32:55 Shifting from Risk Avoidance to Value Creation 32:56 - 43:45 Human Factors and Behavioral Insights 43:46 - 45:44 Reframing Cyber Security 45:45 - 55:34 Compliance Theater 55: 35 - 58:03 Practical Steps for Agile and Adaptable Programs58:04 - 1:02:56 Key takeaways Jeroen & IrfaanResourcesDrama triangle to winner triangle:article 1: Life threw a curveball at me - on human-centric transformationsarticle 2: Beating the drama in Cybersecurity and Technology teams: uncovering hidden dynamics that drain energy and prohibit growtharticle 3: Beating the drama in cybersecurity and IT: How to shift from drama triangle to TED and build a thriving teamarticle 4: Cybersecurity Transformation: The Power of Human-Centered Leadership Storytelling: The Hidden Skill Every CISO or CIO Needs, But Few Use (On storytelling)Other source: The Cyber Samurai—Forging a Black Belt in the Digital DojoConnect with Carlo: https://www.linkedin.com/in/schreursc/Subscribe to this channel to find all new episodes:https://youtube.com/@reinventsecurity?feature=sharedFOLLOW ►Jeroen PrinseLinkedIn: https://www.linkedin.com/in/jprinse/Irfaan Santoe:LinkedIn: https://www.linkedin.com/in/irfaansantoe/