Q What skills do you believe are
important for the security role?
A: Adaptability, continuous learning, and self-development are skills I believe are really important and, with the threat constantly evolving, it is important to be able adapt to various situations and think outside of the box.
Communication is key – with your team, colleagues, partners, and intelligence providers.
Q How does technology support the security role?
A: We use the latest technology in terms of communications and visual aids which enables us to prevent, detect, and respond to a variety of situations.
Q How has your role changed time?
A: The security landscape and threat has changed over the years (as has technology) and there is a greater expectation of security and service delivery from the client than there used to be. So, you need to invest in training at the highest level and be more than competent at what you do.
Q What has been the highlight of your security career?
A: Being able to create an amazing culture and industry-acknowledged award-winning team: we were the 2022 Security Team of the Year winner, 2023 Security Team of the Year finalist and in 2024, Kadar Hersi (team member) was Security Officer of the Year finalist. This year, I won Security Manager of the Year at the BSIA annual security awards.
Q
What advice would you give to someone wanting to get into security?
A: Look at security as a career not just a job, the industry is so big and has a lot to offer, you just have to find what positively impacts you. I would also suggest you take courses, listen, and learn from peers.
Q How would you like to progress in your role?
A: That’s a tough question, maybe more of what I do. I thoroughly enjoy what I’m doing and have achieved, working with my team and client here in the West End.
Graham Bassett Editorial team
Sarah Aalborg – Secure by Choice
his book explores how our brains work and how this shapes our perception and evaluation of risk. Aalborg explains how to use this understanding to build effective security systems.
T Who is this book for?
Although the subtitle is “The Security Professional’s Guide to Human Biases in GRC” (Governance, Risk, Compliance), the audience is not narrowly defined – perhaps deliberately. While many examples focus on information security, the principles can be applied to a wide range of security contexts. The foreword by Perry Carpenter offers clarity: “Whether you’re a seasoned CISO, a security awareness professional, or someone just beginning to explore the human side of security, you’ll find valuable insights.”
Why should a security professional read this book?
Aalborg observes that approaches to IT security often focus heavily on technical aspects such as secure coding, network protections, and system hardening. While essential, she argues, these are not the root cause of most incidents. “It all starts with people’s actions – or lack thereof.” She highlights the staggering number of decisions a person makes each day – around 35,000 – pointing out that many are made subconsciously and are influenced by human biases, some of them irrational. Her aim is to give readers a practical understanding of how to factor an understanding of these biases into security strategies. As Perry Carpenter remarks: “She doesn’t just theorise about behaviour – she provides a practical
© CITY SECURITY MAGAZINE – AUTUMN 2025.
www.citysecuritymagazine.com
bridge between behavioural science and real-world security implementation. She helps us understand why people make the security decisions they do, and, more importantly, how we can work with human nature rather than against it.”
What I like about this book
The book is full of fascinating explanations of how the brain works and how this applies to GRC. Those quirks we thought were personal turn out to be universal – and Aalborg illustrates them with engaging stories and real-world examples of how to integrate this knowledge into security strategies.
What I’d like to change
It’s not easy to quickly grasp the book’s scope by glancing at the contents. The chapter list uses figurative titles such as “Taming the Paper Tiger” without explanatory subtitles. I personally prefer a more descriptive table of contents or roadmap to help the reader understand what’s ahead.
Aalborg mainly addresses readers working in corporate environments, and some advice – such as conducting multi-person workshops – assumes access to time, resources, and willing participants.
The summaries of biases appear throughout the book on black-bordered pages, which I found visually jarring (they reminded me of obituary notices!). A different design choice might have been more suitable.
In summary
Read Secure by Choice if you’re a security professional interested in understanding how the brain works and how human biases influence decision-making – and if you want to integrate that knowledge into your security approach. This book is useful for those who like practical
recommendations, are ready to improve their strategies, and have the time and resources to put these ideas into practice. Aalborg offers clear, thought-provoking insights that bridge psychology and security, making it a valuable guide for those wanting to work with human nature rather than against it.
Andrea Berkoff Editor
>
32
CITY SECURITY MAGAZINE BOOK REVIEW
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36
