Three dimensions converge into one score. That's the hologram.
The data tells a story the market doesn't want to hear.
"My current SAT program is embarrassing. We send fake phishing emails, people click or don't click, we generate a report, nothing changes."
— CISO, 15-year security veteran
"This is checkbox compliance. Everyone knows it. We accept it because there hasn't been a better alternative that's auditable."
— VP, Cybersecurity Audit Practice (SOC 2, PCI-DSS, GLBA)
"Every CISO hates their SAT program. It's compliance theater."
— CISO persona research
"KnowBe4 is stale, Proofpoint SAT is an afterthought."
— Venture Capitalist, cybersecurity focus
"My KnowBe4 renewal is coming up. I'm already frustrated. That's a displacement sale, not a new budget sale."
— CEO
Training didn't.
"When I asked KnowBe4 about deepfake simulations, they said it was 'on the roadmap.' That was 18 months ago."
— CISO
"Deepfake vishing, AI spear phishing — these are 2024-2026 problems that legacy SAT vendors are completely unequipped to handle."
— Venture Capitalist
What CISOs face in 2025 — What legacy SAT can't simulate:
"Here's a dirty secret: Security awareness training completion rates tell us almost nothing about actual risk. A company with 100% completion on KnowBe4 can still have 40% phish-click rates."
— Cyber Insurance Underwriter
"Human risk is the biggest blind spot in our cyber risk portfolio. When the board asks 'what's our exposure to social engineering attacks?' I give qualitative answers. That's not risk management. That's hand-waving."
— Chief Risk Officer
"Human risk is currently a questionnaire checkbox. 'Do you have security awareness training? Y/N' — That's like asking 'Do you have income?' instead of measuring creditworthiness."
— Strategic analysis
Silos everywhere: email sees inbox, identity sees logins, SAT sees completion.
Attackers synthesize everything about a person.
Defenders don't.
There's a pattern here that the industry is missing.
A hologram requires multiple light sources to create depth. Human risk measurement is no different.
What attackers see
How people behave
How they perform
What attackers see when they look at your people from the outside.
The pen-tester's view.
How your people actually behave inside your systems every day.
The behavioral view.
How your people perform when tested against real attack patterns.
The proof.
Just like a hologram needs multiple light sources to create a 3D image, human risk measurement needs multiple data dimensions to create depth.
No correlation. No unified view. No depth.
The measurement becomes the defense.
This isn't theoretical. It's personal.
I've spent years on the offensive side — penetration testing, social engineering assessments, watching how easily humans become the entry point. I've crafted the phishing emails. I've made the vishing calls. I've seen the moment someone clicks.
And I've watched what happens after. The shame. The fear. The "how could I be so stupid" spiral — when the truth is, they were targeted by someone who spent hours studying them.
That's when I realized: defenders deserve to see what attackers see.
The people protecting organizations are flying blind. They have email logs, identity alerts, training completion rates — but no unified view of who's actually at risk and why. Meanwhile, attackers are synthesizing LinkedIn profiles, breach databases, org charts, and behavioral patterns into targeted campaigns.
The asymmetry is the problem. This is my attempt to fix it. 🥃
I've done the work, not just studied the theory.
Penetration testing. Social engineering. Security architecture. Healthcare security. Audit and compliance.
Security expertise without product thinking is just a feature list.
Market sensing. Jobs-to-be-done. Business model design. Value proposition canvas. Go-to-market strategy.
BS Business Administration — Marketing, with concentrations in Insurance and Law. I understand how buyers buy, how risk gets priced, and how deals get done.
Security practitioner + Product strategist + Business foundation = Someone who can see the full picture.
I've built systems that demonstrate this thinking:
This isn't someone who watched a YouTube video about cybersecurity and decided to build a product.
This is someone who's lived it — on both sides — and sees a gap that needs to be filled.
Request the Strategic Brief — the framework, the FICO parallel, and why this requires incumbent infrastructure.
We'll review your request and follow up within 24 hours.