Security expertise, delivered differently
Vulnerable U was built by security practitioners who got tired of watching organizations struggle with the same problems—training that nobody remembers and board communication that doesn't land. We decided to fix it.
Built by someone who's been there
Matt Johansen has spent over 15 years in cybersecurity—from hands-on penetration testing to leading security programs at companies you've heard of. He's presented to more boards than he can count and watched thousands of employees click through training without learning a thing.
Before starting Vulnerable U, Matt was the Director of Security at major tech companies where he built security programs from the ground up. He's spoken at DEF CON, Black Hat, RSA, and dozens of other conferences. He writes the popular Vulnerable U newsletter, read by tens of thousands of security professionals.
Matt started Vulnerable U because he kept seeing the same patterns: security teams working hard but struggling to communicate with the rest of the organization. The tools available were either too technical, too expensive, or just plain ineffective.
Making security communication actually work
We believe security isn't just about technology—it's about people understanding risk and making good decisions. Our mission is to bridge the gap between security teams and everyone else.
Clarity over complexity
Security doesn't have to be confusing. We translate technical concepts into language that anyone can understand and act on.
Respect people's time
Nobody has time to waste on ineffective training or endless reports. We deliver what matters, when it matters, in the format that works.
Real-world relevance
Everything we create is based on actual threats and real incidents. No hypothetical scenarios or outdated examples.
Credibility you can trust
In security, who's delivering the message matters as much as the message itself. Here's why organizations trust Vulnerable U.
Proven expertise
Our team has worked in security roles at Fortune 500 companies and fast-growing startups. We've built and led security programs, not just advised on them.
Industry voice
We're active contributors to the security community through conference talks, the Vulnerable U newsletter, and open-source projects. We don't just sell—we share.
Current intelligence
Our content is based on what's happening now, not what happened five years ago. We stay plugged into the threat landscape so you don't have to.
Practitioner mindset
We understand the challenges security teams face because we've lived them. Our products are built to solve real problems, not create new ones.
Ready to work with us?
Whether you need better security training, board-ready briefs, or both—we're here to help. Let's talk about how Vulnerable U can support your organization.