Redefining the GRC Function: Leading the Shift Beyond Checkbox Security Training
Security Awareness Training was built for compliance, not resilience, and attackers are exploiting gaps that legacy models were never designed to address. GRC leaders are now expected to demonstrate measurable risk reduction, not just training completion rates.
Dune Security and Alumni Ventures hosted a virtual discussion featuring Dune Security CEO David Dellapelle, alongside Meghan Hunt of The University of Vermont Health Network, Jake Wesenberg of Koch, and Sam Pena of Tetra Tech. The conversation focused on why traditional Security Awareness Training falls short and how GRC teams can close the gap between compliance activity and true resilience.
The session explored how attackers bypass standard training, what user layer risk looks like today, how GRC leaders can shift toward a risk-based strategy, and which metrics truly demonstrate readiness to executives and regulators.
Thank you to everyone who joined us. We look forward to continuing the conversation and partnering with our community to strengthen how organizations manage user cyber risk.


Video Recap
Photo Gallery
Step into the atmosphere of our past event — watch the recap and relive the moments where cybersecurity, innovation, and community came together.

GPSEC® Tysons
Join Dune Security at GPSEC Tysons, a premier cybersecurity conference for enterprise security leaders and practitioners.

Exploring GRC Engineering
Join Dune Security for a virtual webinar exploring the emerging role of GRC Engineering and how organizations are building more resilient, audit ready risk programs through automation and scalable design.

Covering Your Bases: A Security Leader Meetup
An exclusive Fenway Park suite experience for senior security leaders to network with peers and enjoy the Red Sox game, hosted by Dune Security and MassMutual Ventures.
Interested in hosting an event with Dune Security?
