The newsletter where an InfoSec Manager shares what actually happens behind the scenes

I'm Andries, a working InfoSec Manager. This newsletter is how I learn -- by writing about what I encounter on the job and sharing it with others in similar roles. No technical deep dives. No vendor pitches. Just real stories, honest mistakes, and practical lessons from someone sitting in the same chair as you. Published when there's something worth saying.

I Thought My Security Reports Were Kinda Good. I Was Wrong :\

Apr 17, 2026

•

6 min read

I Thought My Security Reports Were Kinda Good. I Was Wrong :\

What the viewing stats revealed, and how the CARE model fixed it

Andries Bredenkamp

Risk Management

+1

The Million Dollar Sticky Note

Apr 10, 2026

•

6 min read

The Million Dollar Sticky Note

Complex P@$$w0rds are a liability - not a control

Andries Bredenkamp

Risk Management

The Accountability Gap

Mar 27, 2026

•

6 min read

The Accountability Gap

You cannot own a risk that you do not understand

Andries Bredenkamp

Risk Management

+1

How I Became The Shadow IT Problem!

Mar 20, 2026

•

9 min read

How I Became The Shadow IT Problem!

How process automation became the governance risk nobody is looking for

Andries Bredenkamp

The Most Important Question in InfoSec

Mar 9, 2026

•

4 min read

The Most Important Question in InfoSec

You should be able to answer this question for everything you do and every decision you take.

Andries Bredenkamp

Risk Management

The Model That Fixes the Blame Game

Mar 3, 2026

•

5 min read

The Model That Fixes the Blame Game

Understanding the 3 Lines of Defence model, and how InfoSec fits into it

Andries Bredenkamp