Spring is event season in Stockholm. Almost every afternoon there is a conference or a hackathon or a meetup, and most evenings you can find an afterwork too. It is a good time to learn and to meet people you would not otherwise cross paths with.
Last week I went to Miro's Midsommar Drinks, an evening built around the theme of team AI-amplification. Two founders Miro later acquired spoke: Jakob Knutzen of Butter and Florian van Schreven of Uizard. Leaders from H&M and Postnord talked about how Miro and its AI capabilities help them innovate faster. The part that stayed with me, though, was the session Mark Strande ran. Strande is Miro's CISO, and we share a lot of perspective. That includes innovation principles he carried out of his time at Klarna, which map closely onto the Amazon Working Backwards method I have written about in how Working Backwards transforms an innovation engine.
His most interesting point was how he now reads his own title. He describes the modern CISO as a Chief Innovation and Security Officer. The question he keeps asking himself and his team is how to make every other team able to move and build faster, rather than how to lock things down. He models the behaviour himself by experimenting and shipping prototypes that speed up the solutions his organisation needs.
That is a real shift, and it connects to one of the Amazon leadership principles I return to often: Insist on the Highest Standards. The principle reads:
Leaders have relentlessly high standards - many people may think these standards are unreasonably high. Leaders are continually raising the bar and drive their teams to deliver high quality products, services, and processes. Leaders ensure that defects do not get sent down the line and that problems are fixed so they stay fixed.
I have written before about what this principle asks when AI multiplies how much a team can produce. That earlier piece was about output volume and verification. The Miro conversation pointed me at a different edge of the same idea. The line about delivering high quality work is exactly the mandate a security team needs to enable fast and safe innovation, rather than to act as the brake on it.
How a security team enables velocity
Miro works with a lot of enterprise and public sector customers, so its security bar has to be high. That is the interesting constraint. The easy version of security is to add a gate and call the risk managed. The harder and more useful version keeps the bar high while helping everyone else go faster. I have used Miro with customers for a while, and I have watched their pace of innovation grow even as they add more AI capability. I mentioned Miro AI back in November 2025, and after this conversation I understand better how they keep shipping it without lowering their standards.
The mental model that helps here comes from Sounil Yu at JupiterOne, where he is CISO and head of research. He has a clean way to frame the job. A security function can reduce a vulnerability so the weakness is gone. It can reduce a threat so the attacker never gets the chance. Or it can reduce the impact, so that when an incident happens anyway, it stays small. For years the focus sat almost entirely on the first two. His argument is that the real opportunity now is in reducing impact. His metaphor is the one I keep repeating to leaders. You do not make a car safe by bolting more locks onto it. You make it safe by giving it good brakes, so people can drive it fast.
He goes a step further and brings innovation methods into security itself. He applies Systematic Inventive Thinking (SIT) to security problems, using moves like subtraction and multiplication to find options that are not obvious from inside the usual playbook. I enjoyed that part, because SIT has been in my own innovation toolbox for years, and it is rare to hear a security leader reach for it.
The same change is reaching software engineers
Security is one example of a function that has to rethink its job as the cost of building drops. The same question is now in front of experienced software engineers, whose role shifts from writing most of the code to holding the quality bar while far more code gets produced around them. It is also in front of executives who are starting to build things themselves. I go deeper into that side of the story in this issue's piece on executives and vibe coding. The pattern there is the one Mark described. You keep the standard while changing how you enforce it, so more people can build.
What ties these together is a move away from inspecting everything by hand, towards mechanisms that hold the line at speed. A security leader who insists on reviewing every change personally becomes the bottleneck the moment the organisation can build ten times faster. The leader who has built good guardrails and fast recovery can say yes far more often without lowering the bar.
Your action step
If you are responsible for security, pick one mechanism this quarter that you can redesign around reducing impact rather than only reducing vulnerability. Something like a blast radius limit or a fast rollback path lets a team move quickly while keeping the downside small. Choose one, and make it the thing that finally lets a team ship something they were previously blocked on.
If you are a CEO or a functional leader who needs your CISO to act more like an innovation enabler, open the conversation directly. Ask them what they would need to say yes faster, and offer to run a joint security and innovation workshop or hackathon to try a few enabling technologies together. The goal is a shared scoreboard where security and speed count as one outcome, instead of two teams negotiating against each other.
If your security and innovation functions are still pulling in opposite directions, that is a conversation I have often with leadership teams in AI strategy advisory engagements, and one I bring to conference stages and offsites as a keynote speaker across Europe.