Advisory · Keynotes · Board Counsel — Cybersecurity & AI Strategy

When everyone is either panicking or evangelising, you need someone who does neither.

The job is the same: figure out what's real, what matters, and what to do about it.

I help boards and executive teams make clear, business-aligned decisions on AI strategy and cybersecurity — without panic, hype, or performative projects.

For 30+ years, I've worked at the intersection of leadership, communication, and technology — building companies, shaping frameworks, and helping leaders turn emerging risk into measurable outcomes.

I don't sell tools. I don't run implementation projects.
I help leadership teams decide where AI creates real value, where it doesn't, and what to do next.

Explore Advisory Book a Keynote

The Track Record

Three decades of seeing what's next. And helping leaders get there sooner.

1994 Web content and digital communication consultancy The dot-com boom was still years away.

1996 Built a multi-language, multi-cultural content publishing platform WordPress wouldn't exist for another seven years.

2004 Privacy, security, and culture — not just firewalls The rest of the industry caught up eventually.

2010s Security culture as a measurable discipline Adopted globally. Framework used by ENISA.

2015 Measuring culture, not just training completion Mainstream now.

2018–2020 Human risk focus over awareness training Industry is shifting.

2022–present Measuring actual behaviors, not proxies Industry hasn't caught up yet.

2024–present Strategic AI advisory — filtering signal from noise When the hype cycle peaked, helping organisations find the actual value.

Created the Security Culture Framework

The framework I developed was adopted by ENISA — the European Union Agency for Cybersecurity — and is used by organizations globally to measure and build security culture.

Keynotes and Lectures on Six Continents

Over 30 years of keynotes, lectures, and executive sessions at conferences and institutions worldwide — including RSA Conference, Black Hat, UC Berkeley, Singapore Management University, and the University of Ljubljana. Serves on the Advisory Board for the Black Hat Europe Executive Summit.

Built and Sold CLTRe to KnowBe4

I built CLTRe — a SaaS platform measuring security culture — and sold it to KnowBe4 in 2019. It was the seventh startup I've been part of, and one of several I founded.

30+ Years Building Companies

I started my first company in 1994 and have been building at the intersection of technology, communication, and leadership ever since — through the dotcom era, through multiple exits, and through the shifts that shaped how organizations think about security today.

AI Policy — Norwegian Parliament

Named independent expert on Høyre's AI committee (2023), alongside leading academics, technologists, and senior policymakers. The committee's work produced a national AI strategy and a formal proposal debated in Stortinget in March 2024. Now bringing that policy-level understanding directly into boardrooms and executive teams.

Published Author

The Security Culture Playbook (Wiley, 2022, co-authored with Perry Carpenter) is the definitive executive guide to measuring and building security culture — covering the seven dimensions of security culture, the Security Culture Framework, and how to translate human risk into board-level decisions.

Earlier titles include Build a Security Culture (IT Governance Publishing, 2015), The Cloud Security Rules (editor, 2011), and The Leaders Workbook (2010, published in English, Spanish, and Japanese). Also contributed to Protecting our Future (Hudson Whitman, 2013) on the international cybersecurity workforce. Full bibliography on Amazon.

Still Building

Currently building Praxis Navigator — a human security behavior monitoring platform. still in the arena, not advising from the sidelines.

Kai Roer — credentials and published books

Kai signing books after a speaking event

Kai leading an interactive workshop — audience engaged with hands raised

How I Work

Challenge. Reframe. Commit.

Every engagement follows the same arc — whether it's a 45-minute keynote or a 3-month advisory relationship.

Challenge

I surface the assumptions you don't know you're making. I question the "best practices" that are actually holding you back. I bring the outside-in perspective that internal teams and conventional advisors can't provide.

Reframe

I offer a fundamentally different way to think about the problem. Two decades of research, pattern recognition from building and selling companies, and a track record of calling the direction before the industry moves.

Commit

You move from new understanding to decisive action. I'm a sounding board as you act. I open my network where it helps. But the value is the shifted thinking — not a document gathering dust.

Advisory

Strategic AI Advisory

Strategic, business-aligned AI advisory for leaders who need measurable outcomes — not hype, demos, or performative pilots.

Most organizations are either ignoring AI or throwing budget at it. Neither is a strategy. I help leadership teams cut through the noise and identify where AI creates genuine, documentable value — and where it doesn't.

This is not

↳ AI demos or technology showcases
↳ Implementation programs or vendor selection
↳ Generic “AI transformation” playbooks

This is

— Filtering FOMO from real opportunity
— Mapping AI use cases to business outcomes with measurable results
— Building internal clarity on what to prioritize and why
— Treating AI as a tool, not a solution in itself
— Governance, oversight, and risk framing leaders can own

Typical triggers

↳ Leadership has no clear AI direction despite mounting pressure
↳ AI projects started but produce no measurable value
↳ Board asks AI questions without strong internal answers
↳ Competitor moves create pressure to “do something with AI”
↳ You need an honest outside view before committing budget

Executive Advisory

For leaders who need someone who'll tell them what they're not hearing — and who's been right about this before.

Time-boxed strategic advisory. Typically 3–5 sessions over 1–3 months. Scoped to your situation — whether that's a specific decision, a strategic initiative, or a fundamental rethink of your approach to human risk, security culture, or cybersecurity governance.

You get

— Assumptions surfaced, blind spots exposed, "best practices" questioned
— A strategic frame that changes the decisions you make
— A sounding board between sessions
— Network access where it matters

Typical triggers

↳ Your board is asking cybersecurity questions and you don't have good answers
↳ Security culture or human risk efforts aren't producing measurable results
↳ A digital transformation is underway and security is an afterthought
↳ You need a strategic sounding board you can't find internally

Board Advisory

For boards that need independent AI and cybersecurity judgment in the room — grounded in strategy, governance, and business reality.

Ongoing board-level advisory on AI governance, cybersecurity governance, and human risk. I translate technology opportunity and risk into language the board can govern — and I challenge management assumptions with informed skepticism.

You get

— Independent AI and cybersecurity expertise at the board table
— Early warning on strategic blind spots not yet on the risk register
— A board that governs cyber risk instead of rubber-stamping narratives
— Entrepreneurial perspective from 30+ years of founding and building companies

Typical triggers

↳ Regulatory pressure is making AI and cybersecurity board-level liabilities
↳ The board is asking strategic AI questions without clear management answers
↳ The board lacks independent cybersecurity expertise
↳ A major transformation is underway and security governance hasn't kept pace
↳ A breach or near-miss exposed governance gaps

Kai presenting on stage at Black Hat Executive Summit

Keynotes

I don't give comfortable keynotes.

Audiences have heard every cybersecurity talk and every AI hype narrative. I give them something they haven't heard — a strategic frame for how leaders should evaluate risk, value, and action.

I draw from 30+ years at the intersection of leadership, communication, and technology, multiple company exits, and a track record of innovation across both cybersecurity and AI. Talks are custom or drawn from a curated backlog of signature presentations.

Tool, Not Solution: An Executive's Guide to Strategic AI

AI should serve strategy, not replace it. A boardroom-level framework for deciding where AI belongs — and where it doesn't.

Boards · CEOs · Executive leadership teams

From FOMO to ROI: Building an AI Strategy That Actually Works

Move from pressure and performative pilots to measurable business impact, clear prioritization, and accountable leadership decisions.

Executive teams · Strategy forums · Transformation leaders

The Board's Cybersecurity Blind Spot

Your board thinks it governs cyber risk. It governs a narrative. Here's the difference.

Board members · C-suite · Governance events

Human Risk Is Not a Training Problem

Security awareness training was a stepping stone. The industry stayed too long. Here's what's next.

Industry conferences · CISO summits

Topics are developed to fit the event and audience — get in touch to discuss.

Kai at Security Culture Framework workshop

Kai presenting CLTRe data at RSA Conference

Writing

Latest from roer.com

I've been writing about security, technology, and culture at roer.com since 1995.

Read all posts

Around the World

30 years. Six continents. Stages that matter.

SMU Cybersecurity Strategic Leadership Program

Presenting as CEO of Praxis Security Labs

Presenting Security Culture Report at RSA

Let's Talk

I work with a small number of boards, executives, and event organizers at any given time.

If you're facing a hard decision about AI strategy, cybersecurity governance, human risk, or digital transformation — or you need a keynote that will actually change how your audience thinks — let's have a conversation.