Overview
Most cybersecurity conversations focus on tools, frameworks, and compliance checklists. Eric Near's sessions focus on the part that doesn't show up in a vendor's product brochure: the people. How organizations build security cultures that actually hold. How leadership communicates about risk without creating fear or apathy. And why the same technical controls succeed in one organization and fail in another, even when the policies are identical.
I've sat in a lot of security awareness trainings that treated employees like a threat to be managed. Every metric told you how many people clicked the phishing link. None of them told you whether people felt safe reporting when they made a mistake. Culture isn't a compliance checkbox. It's the thing that determines whether your controls actually work.
Human Side of Cybersecurity
Sessions on why people make the decisions they do, how security programs can be designed around human behavior rather than against it, and what it actually takes to build a security culture that outlasts any awareness campaign.
Security Culture & Leadership
Talks for executive and leadership audiences on how to communicate about cybersecurity risk, how to build organizational accountability without blame, and how the tone at the top shapes security behavior at every level of the organization.
Data Security
Practical sessions on how organizations handle, protect, and govern sensitive data, covering the gap between policy and practice, the real cost of data exposure, and how to talk about data security in terms that resonate with both technical and non-technical audiences.
Security that people can't or won't follow isn't security. It's documentation.
Featured Talk
The Human API: Scaling Security Without Breaking People
In the early days of Web 1.0, we viewed the internet as a digital frontier (a place where you could build a world from scratch with nothing but a Geocities account and a dream). Back then, security was an afterthought because we were all just trying to get the lights to stay on. Fast forward to the modern startup landscape, and we've swung to the opposite extreme. We treat security as a series of bureaucratic hurdles that "slow down" the shipping cycle, or worse, a weaponized set of policies used to shame the first engineer who forgets to rotate their API keys.
At times, the modern "security stack" often feels like a sensory nightmare of Slack notifications and mandatory training videos that don't actually teach us how to be safe. We talk about "move fast and break things," but we rarely talk about the emotional cost of being the person who "breaks" the company's reputation.
This session is a 30-minute deep dive into why your Information Security strategy will fail if it doesn't account for the "Human API." We are going to look at the intersection of startup velocity and emotional intelligence. I'll share why most phishing simulations are actually counter-productive (they build a culture of resentment rather than a culture of vigilance) and how to design a security posture that feels like a feature, not a bug.
We'll look back at how Open Source communities handled trust in the 90s and apply those lessons to the high-pressure environment of a Seed Round or a Series A. If you want to build a resilient company, you have to stop treating your employees like vulnerabilities and start treating them like your most sophisticated defense layer.
Attendees will walk away with a framework for Social Engineering defense that doesn't rely on fear. We will explore how to build "psychological guardrails" into your DevOps workflows and how to communicate risk to a neurodiverse workforce without triggering burnout. We'll also look at how to leverage the history of the Internet to build trust in decentralized, remote-first teams.
Formats
- Keynote — Full-length opening or closing keynote for conferences and association events
- Conference Session — Breakout or main-stage session tailored to your event's theme and audience
- Panel — Moderated panel participant or panel moderator on cybersecurity culture, risk, and leadership topics
- Workshop — Interactive working session for leadership teams or conference attendees
- Corporate Event — Internal sessions for executive teams, boards, or organization-wide security culture initiatives
Typical Audiences
- Industry conferences in technology, healthcare, finance, and professional services
- Local and regional association meetings (ISACA, ISSA, SHRM chapters, industry trade groups)
- Executive and leadership teams that need to understand cybersecurity in human and business terms
- Security and IT professionals looking for a different frame on the culture and behavior side of their work
- Organizations that have checked the compliance boxes and are trying to understand why security still isn't sticking
Common Questions
What topics does Eric speak on?
Eric speaks on two primary topic areas: the human side of cybersecurity (security culture, behavior, and why people make the decisions they do) and data security (governance, protection, and the gap between policy and practice). Both areas are approached from the perspective of someone who has worked inside organizations on real programs. Not from a vendor stage or a purely academic frame. Sessions can be tailored to a technical audience, a leadership audience, or a mixed-room conference setting.
Can sessions be customized for our event or audience?
Yes. Every engagement starts with a conversation about your event, your audience, and what you want them to walk away with. Topic framing, examples, and emphasis are adjusted based on whether the audience is technical, executive, or mixed, and whether the event is industry-specific (healthcare, finance, manufacturing, etc.). The core ideas remain consistent; the delivery is built for the room.
How do we book Eric for an event?
Use the contact form or book a discovery call below. Include your event date, format, expected audience size, and any specific themes your program is organized around. We'll confirm availability and talk through fit before anything is formalized.