Security is difficult to imagine. Are failures of imagination making you underestimate your risk? We will teach you to understand security as it applies to you and your organization—no matter your level of technical expertise.

a new approach to cybersecurity

security communication

Explain to your managers, your employees, or your board why security matters, and what they should do about it.

  • Communicate security to management, employees, or board members
  • Describe sources of risk to a non-technical audience
  • Advocate for security's role in the organization

Often, organizations miss security threats because people de-prioritizes security, frequently due to failures of imagination. We can help you bridge this gap.

security strategy

Just beginning to assemble a cybersecurity strategy? We can help you understand what you need, so you can focus on your real work.

  • Understand realistic threats, and how to protect against them.
  • Prepare incident response plans
  • Train employees to respond to security issues

You already understand the importance of data protection—we teach you how to execute effective data protection in the face of changing tools.

our perspective

Learn how we think about security and risk.

  • How Can CISOs Talk to Boards?
  • As a CISO, understanding how to communicate with the board can be your greatest asset. Missing the mark can be your greatest weakness. Here are a few common mistakes, and some simple strategies to overcome them.
  • How's Your Security Working, Really?
  • "How can I sabotage my company?" No employee says that. But employees sabotage their company’s security posture more often than you’d think.
  • How to Secure Your Law Firm
  • Though law firms are frequently the target of attacks, few effectively prepare for the threats they face. This piece describes how law firms can imagine incidents, and use them to produce actionable response plans.


Nick has a way of getting everyone involved, of getting us to really think critically... He has a real ability to make us aware of the motivations of others and create a sense of how we're the best people to help protect ourselves. Fantastic.
Ben, A Hundred Monkeys
Nick's rare combination of insight and deviousness makes him especially well-suited to security analysis. He prompts you to ask yourself questions to which you should know the answers, but probably won't have even considered. These issues are universal; Nick will help you identify and confront them with precision and clarity.

Nick Merrill

Nick Merrill (PhD, UC Berkeley) is the founder and managing consultant of Broad Daylight. He spent years developing techniques to help organizations practice cybersecurity effectively. A simple observation motivates him: society needs cybersecurity yesterday, but businesses don't have the tools they need to achieve it.

Outside of security consulting, Nick has authored dozens of academic articles. Nick is a lecturer at the UC Berkeley School of Information and a Postdoctoral Fellow at the UC Berkeley Center for Long-Term Cybersecurity.

contact us