Fellowmind X SoSafe: Transforming people-first principles into real, measurable security change

Founded in 2019 in the Netherlands, Fellowmind quickly grew into a digital transformation leader and full-service Microsoft partner, with over 2,000 professionals across five European countries. They help organisations in manufacturing, energy, and retail optimise operations, improve customer experiences, and future-proof their businesses using Microsoft Dynamics 365, cloud, and data solutions.

At Fellowmind, people come first. Their belief is simple yet profound: when individuals are empowered to bring their talents forward, both businesses and society thrive.

Roald Roos, Fellowmind’s CISO, leads the information security function across the organisation, orchestrating regional efforts and embedding a culture of security awareness across their fast-growing footprint.

When cybersecurity became too complex for separate tools to manage, Fellowmind turned to SoSafe, a partner that shares their human-first values. The goal was to build a risk-resilient organisation—driving engagement, improving security metrics, and creating a future-proof security culture.

Moving beyond fragmented tools to build real security habits

As Fellowmind expanded across Europe, Roald Roos quickly saw a puzzle forming: each region approached security differently. In Scandinavia, employees embraced IT tools with curious minds. In Poland, stricter controls and lower curiosity persisted. The challenge? To build one strong, cohesive security culture across many different starting points.

Meanwhile, the threat landscape was evolving. Cyberattacks, once easy to spot by broken translations and clumsy language, had developed into sophisticated, almost invisible threats.

“In the past, phishing campaigns were easy to spot—the language was poor, and translations were often awkward. But that’s no longer the case. Today, these attacks are much more sophisticated and harder to detect,” he explains. “It’s no longer a question of if you’ll be targeted by a phishing email—it’s a matter of when. That’s why education is critical. AI may empower attackers, but it can also empower us—the good guys—by enabling smarter, behaviour-based training and detection strategies.”

At the same time, Roald’s team was racing towards ISO certification, amplifying the need to streamline security efforts. Managing phishing simulations and e-learning separately slowed down security efforts across the organisation.

“Having separate solutions made it difficult to manage campaigns effectively. We needed a unified system to streamline processes, ensure compliance, and foster employee engagement,” says Roald Roos.

After seeing first-hand how messy separate tools could become, he knew a unified platform was the way forward. “Having one solution improved our efficiency by at least 30% and made the technical setup simpler,” he says.

And outside the company, a different kind of pressure was building; customers were asking tougher questions around NIS2 compliance.

If Fellowmind wanted real, lasting change, training couldn’t just be informative—it had to be engaging, easy to manage, and work across every country.

With clearer goals, a new system, and the urgency of the moment, Fellowmind was set to shift security awareness from disconnected actions to a culture that could take root and strengthen over time.

Compliance as the baseline, readiness as the goal

Roald introduced SoSafe across Fellowmind’s countries and played an active role in the rollout, managing everything across seven tenants within a single environment to simplify oversight. To boost engagement, he planned to add a layer of gamification through friendly competition between regions.

Fellowmind brings structured security awareness to all regions with SoSafe

Fellowmind implemented SoSafe’s integrated phishing and e-learning solutions to efficiently manage security awareness and meet compliance needs across multiple frameworks. Their approach focuses on:

• Phishing simulations to help employees build stronger habits by recognising threats early.
• E-learning modules to deliver continuous, engaging training adapted to real-world risks. Fellowmind rolls out one training module each month to steadily build awareness, and Roald notes that compared to previous providers, SoSafe has made his team about 30% more efficient.
• Gamification to drive higher engagement through quizzes, challenges, and friendly competition.

Making compliance part of everyday work

While frameworks like ISO 27001 set important standards, Fellowmind’s security goals went deeper than simply meeting audit requirements. Protecting customer data and reducing real-world risks was the true driver behind their compliance efforts.

To support their strategy, Fellowmind uses SoSafe across three key areas:

• ISO 27001 certification: Fellowmind uses SoSafe’s E-learning platform to deliver continuous security awareness training, as mandated by the framework. Roald’s team also leverages the ISO Reporting Tool to track participation and demonstrate compliance to auditors.
• NIS2 readiness: In preparation for the new directive, Fellowmind deployed SoSafe’s Cyber Security for Managers lessons. This role-based training ensures executives and managers understand their responsibilities around risk management, incident response, and direct accountability.
• GDPR compliance: Fellowmind uses SoSafe’s Data Privacy lessons to educate employees on safeguarding personal information, helping to strengthen their overall compliance posture and protect customer trust.

“While compliance is crucial, our focus goes beyond just ticking the boxes. SoSafe, with its ISO Reporting Tool, not only helps us meet compliance requirements but also allows us to manage real risks, secure customer data, and foster a security culture that mitigates human risk—something far more impactful than simply passing audits.”

Beyond the platforms and training, Fellowmind’s success was also built on strong partnership. Roald shared how the SoSafe Customer Success team—whom he referred to as “consultants”—supported them at every step.

“SoSafe helped a lot with implementation, from user management to whitelisting, to creating templates and providing regular advice on running campaigns,” Roos shared.

While other vendors were considered during evaluation, Roald noted that SoSafe’s behavioural science-driven, gamified content ultimately proved the better fit for driving real adoption across the business.

“The combination of phishing simulations, personalised learning, and gamification has increased engagement across the team and ensured we are compliant with key frameworks like NIS2, GDPR, and ISO,” says Roald Roos, CISO, Fellowmind.

Building a security culture you can see, measure and trust

Today, Fellowmind’s security culture doesn’t live in policy binders. It shows up in daily choices, small habits, and proud moments of “I spotted that phishing email!”

“Our click rates have dropped significantly, and employees are actively engaging with the training. With SoSafe’s help, we’re building a proactive security culture while staying on track for compliance with key regulations,” said Roald.

Using SoSafe Analytics, Fellowmind tracks results by country and tailors their approach based on real data. Roald sees signs of progress everywhere, and the results speak for themselves:

• In some markets where the company operates, click rates on simulated phishing emails have dropped as low as 3.5%, far below industry averages.
• Users average a training score of 97%, demonstrating strong awareness levels.
• Phishing interactions have fallen by 74%.

Looking ahead, Roald sees Personalised Learning as the next leap forward: “As people don’t want to repeat the same content every year, personalised training—based on answering a few questions and reflecting their role—will be very helpful for adoption,” Roos explained.

Roald’s appreciation for expert-crafted and engaging lessons remains clear: “I could stand behind the desk and preach about security culture, but having experts create lessons and templates is extremely beneficial. It would take us a lot of time to develop the materials ourselves, and the quality wouldn’t come close to what SoSafe offers with gamification, quizzes, and videos,” he added.

And behind it all, Roald never forgets where the real line of defence lies: “Between the screen and keyboard is your strongest link—the human—and almost every attack can start or finish there,” Roald emphasised. “People need to be aware of how to behave in case of a real incident, so a risk management process is crucial, as well as increasing the overall security culture.”

“SoSafe has been our catalyst for lasting security behaviour change—building awareness, tailoring training, and guiding us every step of the way,” he concluded. “The hands-on support we’ve received has been invaluable in guiding us through every step of the process. SoSafe’s tailored training and analytics have been key in helping us achieve lasting change.”

SoSafe’s Behavioural Security Awareness Platform integrates phishing simulations, personalised e-learning, gamified content, and real-time analytics to help organisations build lasting security habits, foster a proactive security culture, and meet regulatory compliance standards.

When Fellowmind needed to unify its diverse teams under one strong security culture, they found a partner in SoSafe. For them, building real security meant changing everyday habits; not just passing audits. Their experience is a reminder that the real risk isn’t the next attack—it’s whether people are ready for it.