About us
Securebyme is a Swedish consulting company in information and cybersecurity, focused on what actually determines outcomes in practice - how organizations are led, how decisions are made, and which behaviors are encouraged in everyday operations.
In many organizations, policies, frameworks, and technical solutions are already in place. Yet incidents still occur, compliance falls short, and uncertainty arises in decision-making. Our experience shows that the problem is rarely a lack of knowledge, but rather how security is translated into everyday practice.
This is where Securebyme operates.
Cybersecurity is not determined in systems, it is determined in the decisions made every day.
Vulnerability arises when security is not a natural part of governance, priorities, and accountability. When decisions are made without sufficient understanding, when responsibilities are unclear, or when the organization’s ways of working do not support secure behaviors.
Technology can reduce risk, but it cannot compensate for shortcomings in leadership and culture. That is why we work with security where it is actually shaped: in executive teams, in governance models and priorities, and in how work is carried out in practice.
What we do
Securebyme supports organizations in building long-term security capability by combining three perspectives.
Information security culture
How information is valued, handled, and protected in everyday work.
Cybersecurity culture
How digital risks are understood, prioritized, and managed across the entire organization.
Protective security culture
Why Securebyme?
Security is not about what you do, but how you lead.
We connect strategy and everyday practice, bridging the gap between board-level requirements and employee behavior. We provide experience-based advisory services grounded in deep expertise from public administration, the armed forces, and complex organizations. In addition, we create behavioral change that lasts long after the project has ended.
Behind Securebyme
Securebyme was founded by Tobias Ander, a senior advisor in information and cybersecurity with a particular focus on governance, leadership, and security culture.
Tobias has a long background working in complex organizations where security is part of the core mission. He has held senior roles in information security, including as CISO in both government and municipal operations as well as within the Swedish Armed Forces, where his work has focused on translating requirements, regulations, and technology into security that works in practice.
In addition to his consulting work, Tobias is the author of several books in the field, including Information Security Culture, Systematic Information Security, and the English edition Information Security Culture. In these, he highlights a perspective that is gaining increasing traction today: that security is not primarily determined by technology or regulations, but by how organizations work with culture, behaviors, and structured processes over time.
He is also a sought-after speaker and educator, regularly working with executive teams and organizations that want to strengthen their ability to manage security in practice.
A key premise in his work is that many of the vulnerabilities organizations are exposed to are created long before a breach occurs. They arise in how decisions are made, how responsibilities are distributed, and what priorities are set in everyday operations.
Through Securebyme, this experience is translated into a structured approach where security culture is integrated into governance and leadership. Tobias is often personally involved in assignments that require a high level of trust, strategic depth, and the ability to navigate between leadership, operations, and regulatory frameworks.