Published on: December 20, 2024
SafetyDetectives recently sat down with Matt Johansen, founder and CEO of Vulnerable U, to discuss his unique approach to cybersecurity and mental health in the industry. With a career that began in IT, Johansen’s passion for ethical hacking and human resilience led him to create Vulnerable U — a platform that bridges the gap between technical threat intelligence and mental well-being. Vulnerable U stands out by offering cybersecurity news alongside actionable advice on managing burnout and fostering a healthier work culture. In this interview, Johansen shares his insights on embracing vulnerability, navigating overlooked threats like supply chain attacks, and the future of cybersecurity as both a technical and human challenge.
Can you tell us about your journey into cybersecurity and what inspired you to create Vulnerable U?
I stumbled into cybersecurity by accident, like many in this field. I started in IT, breaking and fixing things until I realized I could get paid to break things on purpose — ethically, of course. The spark for Vulnerable U came from recognizing that while tech gets most of the attention, cybersecurity is deeply human. I wanted to create a space where we could talk about security threats and mental health challenges together, helping people stay resilient in a field that’s as demanding as it is rewarding.
What makes Vulnerable U unique compared to other cybersecurity platforms or newsletters?
Vulnerable U blends two worlds: cutting-edge cybersecurity news and actionable mental health advice. We don’t just inform; we support. It’s rare to see a platform where you get the latest threat intel alongside tips for managing burnout or fostering a healthier work culture. Our voice is also distinct — technical, direct, and never sugar-coated. We talk to security pros like insiders because we are insiders.
Cybersecurity is an ever-evolving field. What do you think is the most overlooked threat that companies should be paying attention to right now?
Supply chain attacks remain one of the most underestimated threats. These aren’t just technical issues — they’re human ones too. Consider how North Korean threat actors have posed as remote developers, gaining trust through legitimate work before injecting malicious code. Long-term trust-building attacks like the “xz Utils” compromise show how attackers patiently infiltrate open-source projects over time. Businesses need to rethink how they vet both code and contributors, focusing on persistent evaluation rather than assuming initial trust guarantees lasting safety.
You emphasize the concept of “embracing vulnerability” in cybersecurity. Can you explain how this mindset shift can benefit both individuals and organizations?
In security, we’re conditioned to patch vulnerabilities in systems, but we avoid confronting our own. Embracing vulnerability means acknowledging what we don’t know and being open to tough conversations — whether it’s admitting a breach, asking for help, or addressing workplace stress. Organizations that foster this culture build trust and respond faster to crises because they aren’t bogged down by blame or fear.
For aspiring CISOs and security professionals, what skills or habits would you recommend they develop to stay ahead in the field?
Stay curious and keep learning. The field evolves too fast to rest on what you already know. Build technical depth but also sharpen your communication skills — translating complex risks into business terms is crucial. Lastly, cultivate a strong network. Sharing knowledge is just as valuable as gaining it.
What role do you see platforms like Vulnerable U playing in the broader effort to build a more secure internet? Are there any future developments or goals you’re particularly excited about?
Platforms like Vulnerable U amplify conversations that often get sidelined — human resilience, mental health, and transparent communication in cybersecurity. We’re working toward building a connected community that supports both technical and personal development. I’m excited about expanding our reach through live events, deeper investigative stories, and more collaborations that push the industry forward while keeping humanity at its core.