Behind the Firewall ft. Jeneil Russell

by Morgan Prost / May 22nd, 2026

What happens if your tools get it wrong?

During our KP Panel Interview hosted by Allie Krings, we got to hear from our Director of Quality Assurance, Jeneil, about what she’s seeing in the field: when organizations change how they talk about risk, everything else changes too.

A risk-aware culture anticipates threats, while a reactive culture responds only after harm occurs. A reactive culture is easy to spot – it tends to assume that “IT has it covered” or that major incidents are unlikely to happen. Security responsibilities are viewed as belonging to someone else, and employees may not fully understand the implications of risky behavior. Security is treated as compliance rather than culture.

One client redefined their approach by embedding risk awareness into everyday conversations. Not just their policies.

They even restructured operations to include risk logs as a core part of decision-making. People started raising concerns early, sharing lessons learned, and viewing security not as a gatekeeper but as an enabler of smart decisions.

This wasn’t just a compliance update; it was a crucial mindset shift. By normalizing these small, consistent conversations, the client embedded risk thinking into its DNA—and transformed from a reactive culture to one that was genuinely risk-aware and resilient.When information security becomes part of the rhythm of the business, it stops being siloed – and starts becoming strategic.