Executive Context
Across industries such as finance, manufacturing, healthcare, and FMCG, senior leaders observed a recurring challenge: despite having policies and controls in place, security incidents continued to originate from human behavior, unclear accountability, and misaligned incentives.
Executives faced critical questions:
- Why do security breaches persist despite formal controls?
- How can leadership influence security behavior beyond policies and training?
- How do we make information security part of “how the organization thinks and acts”?
Leadership Role & Contribution
Dr. Duy acted as the principal advisor on information security culture, working directly with senior leadership to:
- Diagnose cultural and behavioral drivers of security risk
- Identify gaps between executive intent and day-to-day practices
- Design leadership-led interventions that reinforce accountability and risk awareness
The approach emphasized tone from the top, decision signals, and management behavior—not isolated training programs.
Key Deliverables
- An Information Security Culture Framework aligned with enterprise risk and governance structures
- Clear articulation of leadership behaviors that reinforce secure decision-making
- Practical mechanisms to integrate security accountability into management processes
- Guidance for measuring cultural maturity and behavioral change over time
Business Outcomes
- Reduced reliance on reactive controls and ad-hoc awareness initiatives
- Improved alignment between leadership expectations and employee behavior
- Stronger organizational resilience against human-related security risks
- A sustainable cultural foundation supporting long-term digital transformation
This project highlights Dr. Duy’s ability to help executives address the human and cultural dimensions of cyber risk—often the most difficult and underestimated factor in enterprise security.
By shaping leadership behavior and organizational signals, security becomes a natural part of how decisions are made, not an afterthought.
