I am Erlend Andreas Gjære, a specialist in security and people.
My goal is to engage and train people to become security resources, rather than weaknesses. While competent employees are important, I also believe security depends on implementing technological products and policies which altogether reduce friction between humans and machines. For as long as technology cannot provide us with perfect protection, we cannot ignore this complex yet immensely interesting challenge.
As co-founder of the company Secure Practice, I have hands-on experience with security awareness, culture and training, behavior, change, compliance, risk and tech — all connected. I have tried “it all” in terms of what you could possibly do in a company to raise awareness and increase employees’ security competence. This includes creating e-learning content, producing 40 second video skits, designing posters, stickers and t-shirts, performing live hacking, hosting lunch ‘n’ learns, stealing employees’ passwords via phishing emails, planting infected USB lures, promoting secure coding practices, and simply walking from office to office talking with people about security in a casual tone. I have lead development of a successful programme and strong brand for secure practices among employees over several years, and surveyed progress at regular intervals for reporting to the executive board of directors.
Based on these experiences, I have conceptualized a theoretical framework for working with people, policy and products in security and IT, serving as a basis for our company Secure Practice. This framework is based on positive user experiences and functionality as primary drivers for compliance. It has been refined through engaging with several IT related change processes. As a certified ISO27001 Lead Implementer (PECB), I can offer a holistic approach to building a secure enterprise without relying on any of the three P’s alone.
Previously, I have worked as a research scientist at the Norwegian research foundation SINTEF for six years. My position involved applied scientific research in the wider area of information security and risk management. I have published a few scientific papers, held a range of presentations, written a few blog posts (in Norwegian), and also appeared in a couple of media stories (including this one in English). Although I have experience from several areas of cyber and information security, a main theme in my research has always been the human factors. Ever since my MSc studies in informatics, with Human Computer Interaction (HCI) as my main direction, this crossover has been strengthened by working on projects related to user experience and design thinking — making technology — and security — work for people.
In my spare time, I work on my wife’s farm Opeggen gård, where we breed horses, produce hay, and offer farm activities for individuals and teams, big and small. We have previously also sold produce from goats, pigs, sheep, quail, ducks and chicken. The farm is only a 25 minutes drive away from Trondheim city, and you are more than welcome to come visit us!