Jeanette Rudolfsson

How to Build a Security Culture in Your Organization

How do you create a security-minded culture that permeates an entire organization? Since this fall, Jeanette Rudolfsson has been working as an information and security consultant at Consid, focusing on precisely this question—one of the most crucial aspects of cybersecurity.

– In simple terms, I help organizations not only identify risks but also implement measures to protect their businesses in an ever-changing environment.

Jeanette Rudolfsson joined Consid in September 2024, bringing a wealth of experience from nearly a decade in cybersecurity and digital protection. At Consid, she will focus on risk and continuity management.

Given what you’ve done and your experience, what are your top tips for companies that lag in their security efforts?

– My top advice is to start with the basics: a clear risk analysis process and a concrete continuity plan, also known as ‘Business Continuity Planning.’ Begin by identifying two or three of the most critical systems and then initiate risk identification and analysis. This creates a sense of progress in security work. But it’s not enough to have just a plan and process on paper—regular exercises and tests are needed to ensure it works in practice. Practice, adjust, and practice again. Another essential aspect is to maintain ongoing risk work that can adapt as threats evolve. Security is a continuous process, not a one-time project, she says.

Smiling woman standing in a room with framed artwork on the wall behind her.

Security Work is More than Technology and Protocols

For Jeanette, building a security-minded culture is just as important—if not more so—than establishing technical solutions. She likens it to installing a home alarm system; the effect only comes when those living in the household actually use it.

– To me, security work is about more than technology and protocols—it’s about building a security culture. I see each assignment as an opportunity not only to solve technical challenges but also to help organizations understand and integrate security into their daily operations. Security should not be seen as an isolated part but as an essential component in every process and a core value in daily work, she says, sharing her experience.

Implementing a Cybersecurity Mindset

Continuously discussing and spreading awareness throughout an organization is crucial.

– I believe better conversations around cybersecurity begin by simplifying complex issues and creating dialogue that everyone can understand and participate in, regardless of technical background. By listening and adjusting my language based on my audience, I help make security issues more accessible across the entire organization. The goal is to get everyone to understand the importance of security—from leadership to individual employees.

Just as technology and climate play crucial roles, Jeanette points out another factor: the feasibility of implementation and the importance of creativity as a consultant.

– One of the most challenging projects I worked on involved a client facing serious threats but with limited resources to manage them. The challenge lay in balancing high security requirements with budget constraints, staffing resources, and business needs. By conducting an in-depth study of the organization, we were able to identify the most significant risks and prioritize them. Focusing on the critical elements provided the client with a cost-effective and sustainable solution. For me, this highlights the importance of thinking creatively and being flexible with limited resources.

Discuss your challenges and opportunities with us!

Johan Kederstedt

Office Manager Linköping

johan.kederstedt@consid.se

072-5526414

Information & Cyber Security

Simplifying and securing information for our customers. Gain full control of your most important asset - your information. Services within Information & Cyber Security.