Thinking Security Works

Hi, I'm Richard Kranendonk

I help organizations think more clearly about security. Not just comply with it — understand it, manage it, and make it part of how they work.Security only works when the people running the business understand it and own it. Everything I do is built around that idea.

Managing Security

When security becomes a leadership problem

Recent regulations have made information security a personal responsibility of the CEO. This has uncovered the gap between creating security and managing technology.I work with organizational leadership to close that gap. A typical engagement runs a few days per month — management workshops, setting up and guiding an internal programme, and regular 1:1s to keep you in control.Booking.com, Roche, and Ultimaker are among the organisations I have worked with.If this sounds like your situation, let's talk.

Team level risk management

The Canvas Method

Security culture doesn't come from policies. It comes from conversations — structured, recurring conversations between teams about the risks they actually face and the controls that make sense for their work.The Canvas Method is a practical framework for risk management at team level. It actively involves teams in identifying and treating risks, building the security awareness and ownership that NIS2, ISO 27001, and similar frameworks require.

Explore the Canvas Method

Self-service ISO 27001 certification

ISO27DIY

ISO 27001 certification is increasingly becoming a requirement for doing business — but you don't necessarily need a consultant to get certified.ISO27DIY is built for small and mid-sized companies that want to get certified independently, with the right guidance and tools to do it properly.

Go to ISO27DIY

About me

I've spent 25 years at the intersection of IT, security, privacy, and management.My background is in organizational psychology, which shapes how I approach security — not as a technical problem to be solved, but as a management challenge that requires people, structure, and culture to move together. That perspective has informed everything I've built and done since.Earlier in my career I founded Rent-a-DPO, one of the first privacy advisory services in the Netherlands, and developed Pragmatic Privacy — a practical approach to privacy management for organisations navigating the early days of GDPR. The Canvas Method for Information Security and ISO27DIY grew from the same instinct: that compliance frameworks are only useful if the people running the business can actually work with them.I hold certifications in information security (CISSP), privacy law (ECPC-B, BC 5701), programme management (MSP), and ISO 27001 Lead Auditing. These matter less as credentials and more as evidence that I can navigate the full landscape my clients operate in.My clients have included Booking.com, Roche, and Ultimaker.