Carlo Alexander Schreurs (Friesland Campina): As a CISO, how do you lead in a Human-Centered way?

Summary

• From zero trust to adaptive trust
  Carlo challenges the traditional “zero trust” model, proposing a more human-centric and context-aware framework called “adaptive trust.” Rather than enforcing strict limitations, adaptive trust empowers users based on contextual signals while maintaining security boundaries.

• Reinventing security through self-transformation
  His journey began with personal reinvention following surgery, leading to a refreshed approach to cybersecurity. He advocates for transformational leadership built on purpose, passion, and perseverance, bringing storytelling and empathy into the fold.

• Drama triangle vs. winner triangle
  Using psychological models, Carlo explains how security teams often fall into roles like persecutor, victim, or rescuer. The antidote is the “winner triangle,” where CISO leadership should blend assertiveness, vulnerability, and caring to enable change.

• Digital safety over cyber compliance theater
  He advocates renaming cybersecurity as “digital safety” to connect better with employees and align with existing safety culture. Compliance should be used not just to tick boxes but as a lever to drive maturity and resilience through meaningful, risk-based improvements.

• Storytelling and strategic positioning
  Effective CISOs must communicate a compelling vision, marketing security’s value in relatable language. Carlo stresses the need for cybersecurity leaders to engage boards, influence early in transformation projects, and create pull rather than push dynamics.

• Shifting from control to enablement
  Rather than acting solely as blockers or enforcers, cybersecurity teams should offer value through shared services, such as vulnerability management and awareness programs, to support the business securely.

• Psychological safety and incident response
  Carlo underlines the importance of fostering a culture where people feel safe to admit mistakes—critical for detecting and responding to threats. Phishing simulations are useful but should avoid punitive responses that discourage openness.

• Awareness through immersive communication
  Initiatives like hack talks, internal cyber magazines, and executive storytelling are used to build engagement and awareness. These campaigns have elevated FrieslandCampina’s cyber maturity industry-wide.

• Resilience as a core security pillar
  Recognizing that breaches are inevitable, Carlo emphasizes preparation over prevention. Security must function like mission control—not just issuing rules, but enabling continuity during incidents.

• Security as part of digital transformation
  Cybersecurity is positioned as an enabler within broader organizational transformation. By integrating with digital programs, leveraging metrics, and aligning with company values, security becomes a strategic partner, not an obstacle.