In this episode of re:invent security, hosts Jeroen Prinse and Irfaan Santoe sit down with Kay Behnke, CISO at Genmab. Kay has built security organizations in three very different global companies: NXP, FrieslandCampina, and Genmab. Spanning tech, food, and life sciences. Drawing from more than 20 years of experience, he reflects on how building a security team has evolved over time and what’s stayed the same.

Together, they unpack what it really takes to design security functions that scale, how to balance culture and compliance across geographies, and the hard lessons learned from doing it three times.

Whether you’re starting your first security organization or rethinking a mature one, this candid conversation offers timeless insights into the craft of building teams that endure and adapt. Tune in and ask yourself: What will you do differently tomorrow?

Chapters:

00:00 - 00:47 - Intro snippets

00:48 - 02:59 – Introduction of the episode and Kay

03:00 - 07:38 – How has Kay seen the reinvention of security during two decades?

07:39 - 11:27 – What was it like building a security organization two decades ago?

11:28 - 14:37 – What is the difference in building security organizations in three different industries?

14:38 - 17:48 – What is one thing you would recommend doing when changing industries?

17:49 - 21:15 – How did company culture Kay’s security approach?

21:16 - 24:43 – Is local presence needed for execution on the security program?

24:44 - 30:22 – What is the first role or capability you would start with?

30:23 - 33:58 — A security leader should listen to the needs of others

33:59 - 37:53 – How did the way boards act in the last 20 years?

37:54 - 41:08 – You need to understand the business and its processes.

41:09 - 46:03 – Key takeaways Irfaan and Jeroen

46:04 - 47:03 - Outro

Resources & Mentions:

CISO Mind Map - https://rafeeqrehman.com/wp-

content/uploads/2025/03/CISO_MindMap_2025.pdf

Daniel Pink 'Drive' - Dan Pink is one of my favorite authors who pushes you to look into the mirror;

this is a book that you wanted to read at the begin of your career

Peter Hinssen 'The Uncertainty Principle' - another favorite author of me; there are several

keynotes on YouTube (he probably holds the world record in slides per minute) and well known by

"The New Normal" this book is about the future and how we can and need to deal with uncertainty

and disruption

Daniel Kahneman 'Thinking Fast and Slow' - for everyone who is building a security awareness

campaign a MUST read

Andrej Karpathy 'Deep Dive into LLMs like ChatGPT' - if you have time then you should watch this

video since it provides you surprising insights about how LLM models work

Graham Cluley 'Smashing Security' - finally s.th. about information securty; the weekly podcast for

the lunch walk with your dog

Connect with Kay: https://www.linkedin.com/in/kbehnke/

Subscribe to this channel to find all new episodes:

https://youtube.com/@reinventsecurity?feature=shared

Listen on:

Spotify: https://ap.lc/SzTrY

Apple Podcasts: https://ap.lc/HmXhf

FOLLOW ►

Jeroen Prinse

LinkedIn: https://www.linkedin.com/in/jprinse/

Irfaan Santoe:

LinkedIn: https://www.linkedin.com/in/irfaansantoe/

Hosted on Acast. See acast.com/privacy for more information.

In this episode of re-invent security, we sit down with Patric Versteeg, European CISO of the Year 2024, to unpack the “inner game” of cybersecurity leadership. Patric argues that real change isn’t about putting on a new mask—it’s about returning to your core values and installing “compensating controls” for your own behaviors under stress. From building mixed, high-trust teams to shaping board-level narratives that actually land, he shares pragmatic tools you can use tomorrow.

You’ll hear how Patric:

- Builds resilient teams using a diverse mix of working styles (not clones), clear outcomes over micromanagement, and a “beekeeper” approach that lets experts do their best work.

- Protects team energy by addressing brilliant-but-low-trust outliers—even when they’re top individual performers.

- Wins the boardroom without needing a board seat, by fitting the message to culture: financial exposure, reputational stakes, or license-to-operate.

- Quantifies risk simply (people × internal hourly rate × downtime days) to make funding decisions straightforward.

- Manages himself in a crisis, using quick breathing resets when meditation isn’t practical, and embracing mentors/coaches for sustained growth.

- Frames board reporting around three questions: Are we compliant? Are we at risk? Did we have any material breaches?—and shows risk trends visually over time.

Chapters:

00:00 - 02:55 Introduction

02:56 - 05:34 The "Inner Game" of Leadership

05:35 - 13:32 The Definition of Personal Leadership in Cyber Security

13:33 -15:54 Building the Right Team: Diversity is Key

15:55 - 19:05 Leadership Style: Trust and Result-Oriented

19:06 - 25:54 The "Beekeeper" Philosophy and Hiring Smarter People

25:55 - 26:56 Definition of a "High-Performance Team"

26:57 - 31:16 Boardroom Communication: From Fear-Mongering to Business Risk

31:17 - 39:51 What the Board Truly Wants to Know (3 Core Questions)

39:52 - 41:10 Cybersecurity as a Feeling: The Human Connection

41:11 - 46:20 Advice for Aspiring CISOs & Leadership Development

46:21 - 52:01 Wrap-up

Resources & Mentions:

Book: True North — Bill George https://billgeorge.org/book/true-north/

Book: Surrounded by Idiots — Thomas Erikson (red/yellow/blue/green styles)

Metaphor/Book (Dutch): De Bijherder (The Beekeeper)

Community: NextGen CISO Network (mentoring/coaching): https://nextgenciso.nl/Home/

Inspiration: Man in the Mirror — Michael Jackson (self-reflection theme)

Thinkers: Simon Sinek; Brené Brown (trust, courage, vulnerability)

Practice: Visual risk-trend infographics for board updates (quarterly)

Connect with Patric: https://www.linkedin.com/in/pjmversteeg/

Subscribe to this channel to find all new episodes:

https://youtube.com/@reinventsecurity?feature=shared

Listen on:

Spotify: https://ap.lc/SzTrY

Apple Podcasts: https://ap.lc/HmXhf

FOLLOW ►

Jeroen Prinse

LinkedIn: https://www.linkedin.com/in/jprinse/

Irfaan Santoe:

LinkedIn: https://www.linkedin.com/in/irfaansantoe/

Hosted on Acast. See acast.com/privacy for more information.

In this episode of re:invent security, hosts Jeroen Prinse and Irfaan Santoe sit down with two cybersecurity leaders tackling the talent gap from opposite directions. Laurens Jagt, founder of Cyber Security District, is building one of Europe’s most vibrant security communities—mentoring and guiding professionals at every stage of their career. Medea de Jong, Global CISO at Sonepar, brings the inside view of what it takes to lead, grow, and keep effective security teams in highly regulated industries.

Together, they explore what’s broken in how we hire, why job descriptions miss the mark, how to spot hidden talent, and what it really takes to build security teams that stick. Whether you’re building your first team or reshaping a mature one, this candid conversation is packed with insights you can act on tomorrow.

Tune in and ask yourself: What will you do differently tomorrow?

Chapters:

00:00 - 03:33 - Introduction

03:33 - 07:09 - How do Medea and Laurens see reinventing the field?

07:10 - 08:22 - Are soft skills more important then certificates?

08:23 - 10:07 - What is more difficult: finding or retaining talent?

10:08 - 19:01 - What is the new generation looking for?

19:02 - 24:46 - Should we take more risk on new or transitioning talent?

24:45 - 31:04 - What is going wrong with our job descriptions?

31:05 - 34:49 - Should development be driven by the organization or the professional?

34:50 - 43:19 - Talking to the board on team development

43:20 - 45:21 - What’s one example of a development program that works?

45:22 - 47:52 - Are we looking for talent in the right places?

47:53 - 51:14 - What makes a transition into the cyber security field work?

51:15 - 53:56 - Building a brand new security team

53:57 - 58:09 - Key take aways Irfaan and Jeroen

58:10- 59:45 - Outro

Resources:

1. TierPoint – Building Your Cybersecurity Team (2025)

Link: https://www.tierpoint.com/blog/cybersecurity-team

A practical guide for building an effective cybersecurity team, covering roles, strategies, and policy foundations. Ideal for modern organizations aiming to be scalable and agile.

2. TechTarget – Maximize Business Impact with the Right Security Team

Link: https://www.techtarget.com/searchsecurity/tip/How-to-build-a-cybersecurity-team-to-maximize-business-impact

This article explores how the right team structure directly influences risk reduction, operational efficiency, and talent retention. Especially relevant for security leaders and HR decision-makers.

3. Airiam – 14 Strategies for Building Cyber-Resilient Teams

Link: https://airiam.com/blog/building-cyber-resilient-teams

A clear and actionable blog post offering 14 strategies to enhance team culture, training, and awareness within cybersecurity teams. Useful for leaders looking to strengthen team dynamics.

4. ISACA - State of Cybersecurity 2024 report

Link: https://www.isaca.org/resources/reports/state-of-cybersecurity-2024

Connect with Media: https://www.linkedin.com/in/medea-de-jong-aa1b771/

Connect with Laurens: https://www.linkedin.com/in/laurensjagt/

Subscribe to this channel to find all new episodes:

https://youtube.com/@reinventsecurity?feature=shared

Listen on:

Spotify: https://ap.lc/SzTrY

Apple Podcasts: https://ap.lc/HmXhf

FOLLOW ►

Jeroen Prinse

LinkedIn: https://www.linkedin.com/in/jprinse/

Irfaan Santoe:

LinkedIn: https://www.linkedin.com/in/irfaansantoe/

Hosted on Acast. See acast.com/privacy for more information.