Fable Security

What a quarter. The team at Fable Security just closed 160% of plan  and added some tremendous new logos, including Fidelity Investments, Stifel Financial Corp., and Vertex Pharmaceuticals. Human Risk Management and Safe AI Enablement are having their moment. CISOs are done with check-the-box security awareness training. They want behavior change, real risk reduction, and an answer to the AI-powered social engineering hitting their people every day. Our message is landing because it's the right message for this moment: enable your people, protect your people. A few things I'm proud of: → Our AI messaging is resonating with CISOs in a way I haven't seen in years → We're winning competitive deals against the legacy incumbents and unlocking new funds from unbudgeted areas because of the impact we are making → The team is hungry, coachable, and operating like an A-team Huge thanks to our customers for trusting us, and to the Fable team for the work it took to get here. The best part of this job? We get to write a brand new chapter every 90 days. If you're an enterprise AE, BDR, SE, TAM or leader who wants to sell something CISOs actually want to buy, in a category being redefined right now  let's talk. We're hiring across the GTM org. LFG. 🚀

In 2026, supply chain attacks ARE phishing attacks — they just don't use email. The April 22 Bitwarden CLI and Checkmarx KICS compromises didn't trick anyone in the moment. They abused trust developers had built up with two of the most reputable security brands on the planet. Same MITRE technique (T1199) as a BEC. Different channel entirely. How does your security awareness program account for that? #HumanRisk #Cybersecurity #SecurityAwareness

RSAC made one thing clear: AI adoption is outpacing organizations’ ability to manage the risks. Organizations are rushing to layer on technical controls, but are missing a critical piece—the human layer. Because security shouldn’t just protect systems, it should protect people. Security needs to focus on how to help people build the habits to make better decisions in real time. When people have the right security habits, they can become your strongest defense. Check out Jon Oltsik’s recap of the trends at RSAC in CSO Online, and learn how human risk management is helping reshape awareness training. Link in comments. #RSAC2026 #CyberSecurity #HumanRiskManagement #SecurityTraining

Maybe security teams should build relationships with coworkers before threat actors do. See, the axios npm compromise started with a fake Slack channel. North Korean group UNC1069 created a fake company and spent a week building conversational rapport with a maintainer who just wanted to connect with someone. The attackers invited a maintainer to a fake video call—and when the "audio didn't work," served a malware download. Attackers even reassured the victim in the chat in real time. And the victim believed them, because the attackers had built up that relationship already. Full write up in the comments—and feel free to download this free video briefing to share this emerging threat with your employees now, before DPRK reaches out again. #HumanRisk #Cybersecurity #SupplyChain

What actually gets employees to pay attention to security? At PENNYMAC, the answer wasn't more email reminders, it was relevant content. Pennymac saw a clear shift when they moved to customized, targeted video briefings—driving higher engagement and measurable reductions in risk. Hear from CISO Cyrus Tibbs, who shares how they built a program that adapts, scales, and actually resonates. #CyberSecurity #SecurityLeadership #FinancialServices #HumanRisk

"Did employees watch the video?" is the wrong question. The right question is: did they change the behavior? New analysis of last quarter’s behavior data found one security campaign had a median time-to-behavior-change of 1.8 days — for the employees who act. The holdouts skewed the mean to 57.7. That gap is a program design problem. Report in comments. #SecurityAwarenessTraining #HumanRiskManagement #RiskManagement

We're excited to share that we've been included in the 2026 Cyber 150 list by Richard Stiennon. The list highlights companies gaining real traction and a strong signal of where the market is heading. For us, it’s simple: organizations are realizing human risk can’t be managed with static training and check-the-box programs. They want something measurable. Something that actually changes behavior. At Fable, we apply targeting, timing, and measurement principles drawn from adtech to human risk to understand how employees actually behave and respond to risk in order to deliver precise, timely interventions that reduce real exposure. Grateful to Richard for the recognition! Head to the comments to see the full list of companies featured on the Cyber 150 list.

𝗧𝗵𝗲 𝗤𝟭 𝟮𝟬𝟮𝟲 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗿𝗲𝗮𝗹𝗶𝘁𝘆 𝗰𝗵𝗲𝗰𝗸 𝗶𝘀 𝗵𝗲𝗿𝗲, 𝘀𝘁𝗿𝗮𝗶𝗴𝗵𝘁 𝗳𝗿𝗼𝗺 𝟭𝟰 𝗼𝗳 𝘁𝗵𝗲 𝗶𝗻𝗱𝘂𝘀𝘁𝗿𝘆’𝘀 𝘁𝗼𝗽 𝗲𝘅𝗽𝗲𝗿𝘁𝘀. The consensus: The perimeter has moved into the browser session, and the agentic enterprise has officially arrived. These are the 3 pivots you need to account for in your 2026 defense strategy: 1. Moving Security to the Interior The edge is no longer the battleground. But where exactly is the new enforcement frontier? Insights from Steve Salinas, Rajan Kapoor, Alex Bovee, Ian Schneller, and Matthew Sweeney. 2. Rethinking the AI-Driven Playbook Machine-generated code is changing the Secure-by-Design math. How do you manage nondeterministic behavior in production? Insights from Greg Martin, Kevin Magee, Matthew Marji, and Nicole Jiang-Gibson. 3. Killing the Compliance Theater Why check-the-box security is actually increasing your operational risk, and what the outcome-driven alternative looks like. Insights from Scott McCrady, Erik Hart, Steven Gerry, Sawan Joshi CISSP CISM CIPPE CRISC AIGP TOGAF FIP, and Jeffrey Wheatman. __________________________________ 🚀 𝗦𝗲𝗲 𝘁𝗵𝗲 𝗳𝘂𝗹𝗹 𝗤𝟭 𝗽𝗲𝗿𝘀𝗽𝗲𝗰𝘁𝗶𝘃𝗲 𝗿𝗼𝘂𝗻𝗱𝘂𝗽: https://lnkd.in/dR_U77ef __________________________________ #CISO #Cybersecurity2026 #InfoSec #CyberRisk #SecurityEngineering