Melissa G.

FIFA World Cup 2026 Cybersecurity Alert: Beware of Scams, Fake Domains, and Phishing Attempts

⚽ Signal Watch | FIFA World Cup 2026 @channel The World Cup kicks off tomorrow and cybercriminals are already in play. Researchers are warning of a wave of FIFA-themed fraud: thousands of fake domains, banking malware hidden in pirate streaming apps and cloned FIFA login pages designed to hijack real accounts. One tell-tale sign? Any seller asking for crypto payments, FIFA's official ticketing never asks for it. A good reminder that major events are prime time for scams and phishing & a good moment to remind your workforce to stay vigilant, on and off the clock. 👉 FIFA World Cup 2026 Scams Are Already Live

0Comments

Commented on Monthly Icebreaker June: Improving Your Organizati...·Posted in00_announcements

Melissa G.

Great point, Florian A.! When leadership sets the standard, no exceptions, it can send a clear message to the whole organisation. How are you approaching executive accountability in your organisation? 💡

Commented on Monthly Icebreaker June: Improving Your Organizati...·Posted in00_announcements

Melissa G.

That's a great way to put it Sabrina H.: feeling intrinsically motivated, not just compliant. Resilience definitely comes in when employees feel empowered and safe to report threats. Would you say psychological safety plays an even bigger role in this? Monika G. Arne B. Markus P. what is top of mind for you? Are the thoughts from Sabrina resonating perhaps ? 💭

Posted in 00_announcements·

Melissa G.

Monthly Icebreaker June: Improving Your Organization’s Security Culture

🧊 Monthly Icebreaker - June @channel Security awareness programs are growing more sophisticated, but culture? That's still the hardest part to move.

If you could instantly improve one aspect of your organization's security culture, what would it be?

Whether it's getting leadership buy-in, moving from compliance to real culture change or turning employees into active defenders: we're curious what's top of mind for security experts right across the community. Drop your answer below 👇 and see how your peers respond. You might just find you're not alone. Need some inspiration? Check out our take on building a security culture → How to create a security culture: The Behavioral Security Model

4Comments

Commented on Trust but verify? Balancing employee flexibility a...·Posted in03_best-practices

Melissa G.

Thanks for kicking us off, Andrew! 🚀 What stood out to me is the tension between trust and control. Most organisations want to give people the flexibility to do their jobs, but where exactly to draw the line is often much less clear in practice. I'm curious how others are approaching this: Markus P. Roald R. Thomas B. Robert K. Lars S. have you found a balance that works well in your organisation?

Posted in 00_announcements·

Melissa G.

Introducing Andrew Rose as SoSafe Community’s First Cybersecurity Ambassador

🚀 Introducing Community Ambassadors: Meet Andrew Rose @channel One of the most valuable parts of any community isn't the content - it's the people behind it. The practitioners who have seen challenges first-hand. The leaders willing to share lessons learned. The experts who spark conversations that help others move forward.

That's why we're excited to introduce Community Ambassadors to the SoSafe Community.

Community Ambassadors are engaged and experienced security professionals who help bring fresh perspectives, facilitate discussions, share practical insights and encourage peer-to-peer learning across the community. 💡

Today, I'm delighted to introduce our first Community Ambassador: Andrew R..

Many of you may already know Andrew from HuFiCon, industry events, or his previous role as CSO at SoSafe. Andrew has spent more than 25 years in cybersecurity, holding leadership positions at organizations including Mastercard, Proofpoint, UK Air Traffic Control and several global law firms. He also led Forrester's global research on the human factor in security and was named European CISO of the Year in 2018. 📚 What can you expect?

Regular discussion starters: Andrew will share articles, observations and opinion pieces on topics shaping the cybersecurity industry. Some may challenge conventional thinking - and healthy disagreement is encouraged.
A facilitator, not just an expert: The goal isn't to provide all the answers. It's to bring together different perspectives, experiences and approaches from across the community.
Practical lessons and best practices: The most valuable insights come from real-world experiences, difficult decisions and lessons learned along the way. Andrew will help surface those conversations and turn them into actionable takeaways for the community.
Advice and peer exchange: Working in cybersecurity can be an isolated profession. Whether you're facing a challenge, testing an idea, or looking for a second opinion, this community should be a place where members can learn from one another.

📆 Andrew's first discussion piece will be published tomorrow. Until then, please join me in giving Andrew a warm welcome! 👋 And one final question before we kick things off: What cybersecurity challenge or topic is currently top of mind for you? We'd love to hear what you're seeing, struggling with, or simply curious about right now. Cheers, Melissa G.

1 attachment

1Comment

Commented on Analytics Overview of Phishing Campaign and E-Lear...·Posted in03_best-practices

Melissa G.

Thanks for sharing the behind-the-scenes insights,Robert K., super valuable to see those analytics side by side. A 74.2% reporting rate is impressive. Also great to see that you’re directly feeding the survey results into the next 12-month campaign cycle! 👏

🔗 This is the post Robert published some time ago, here you can find the questions and some more on the survey. .

I also remember you joining the Q&A after Jannekes session around e-learning completion rates at HuFiCon last year, so it’s really interesting to see your own results and approach here as well. Curious to hear from others in the community Markus P. Aljoscha T., Christian E. Kim H.: Have you found certain initiatives, campaign approaches particularly effective for improving completion or reporting rates over time? 👀

Commented on The 19-Day Gap in Human Defence: Why Security Awar...·Posted in03_best-practices

Melissa G.

Robert K. thank you sharing your perspective too!! 💯 Really interesting, especially what you mentioned, that the human line of defence can detect incidents before technical controls do. That shifts the conversation from “employees as the weakest link” to employees as active sensors! And totally agree on the ownership aspect too, giving people clear responsibility seems to make a huge difference. The risk owner/ process owner model is a really strong example of that. 👏 Curious what others might think Luke Q. Markus P. Matthias R. Thomas B. - looking forward to hearing your thoughts on the conversation too!

Commented on The 19-Day Gap in Human Defence: Why Security Awar...·Posted in03_best-practices

Melissa G.

Really interesting point, Lars S., especially what you mentioned, that the reaction time should depend/ is linked on how concrete and immediate the risk is. It raises a tricky question though: even if we know a risk is high and urgent, many organisations struggle to translate that into immediate action, especially when it comes to human behaviour. 💭 Sabrina H. Jochen S. Monika G. Robert K. curious how you see this, is this mainly a process integration issue, or an execution gap between risk awareness and action?

Commented on The 19-Day Gap in Human Defence: Why Security Awar...·Posted in03_best-practices

Melissa G.

💭 Markus P. Thomas B. Sabrina H. Lars S. Aljoscha T. would love your perspective here - what’s typically driving this kind of delay in your experience? 👀

About

Title
Community Manager
Topics I'm Interested In