What happened
Fable Security appointed Jacob Berry as its Chief Information Security Officer (CISO).
Berry joins the company with 18 years of experience across technology and cybersecurity. His background includes incident response, cyber operations, governance, compliance, and broader security program leadership.
Fable Security is a secure behavior management platform focused on reducing cybersecurity threats caused by employee behavior. In his new role, Berry will support customers as they address risky employee behavior and security habits, while also helping ensure Fable Security continues building a secure and effective platform.
Berry said most initial access comes from employees with good intent making mistakes, choosing convenience and speed, or misjudging risk rather than acting maliciously. He described secure behavior as both a psychological and behavioral problem.
Fable Security CEO Nicole Jiang said Berry brings experience helping organizations solve complex security challenges and shares the company’s view that secure behavior management is one of the most critical issues for security teams.
The company said secure behavior remains a major cybersecurity challenge, with roughly two-thirds of successful breaches originating from human error. It also warned that employees are increasingly targeted by personalized phishing, impersonation, and other social engineering attacks as threats become more sophisticated and AI-driven.
Fable Security said traditional security training cannot keep pace with rapidly evolving threats. Its platform uses AI and behavioral science to identify behavioral risk in real time and deliver targeted interventions that help change security habits and reduce human-driven risk.
Who is affected
Fable Security customers, employees, partners, and security stakeholders are affected by the appointment.
The appointment is especially relevant to organizations using or evaluating Fable Security for secure behavior management, human risk reduction, employee security habits, phishing resilience, and social engineering defense.
Security teams working to reduce employee-driven risk may also be affected because Berry’s role will involve helping customers address risky behaviors while supporting the security of Fable’s own platform.
Why CISOs should care
This appointment is notable because human-driven risk remains one of the hardest problems in cybersecurity. Fable Security framed the issue around employees making mistakes, choosing convenience, or misjudging risk, rather than treating employee behavior as purely a training or compliance problem.
For CISOs, the focus on real-time behavioral insight is important. Traditional annual security awareness training may not be enough when attackers use personalized phishing, impersonation, and AI-driven social engineering to target employees in the moment.
Berry’s background across incident response, cyber operations, governance, compliance, and security leadership aligns with the operational challenge of turning behavior management into measurable risk reduction.
The appointment also reflects a broader shift from generic security awareness toward secure behavior management, where companies use AI, data, and behavioral science to identify risky habits and deliver targeted interventions at scale.
3 practical actions
- Measure risky behavior instead of relying only on training completion: Fable Security said traditional security training cannot keep pace with evolving threats. CISOs should track behavior-based indicators such as phishing response patterns, unsafe credential handling, risky application usage, and repeated policy workarounds.
- Use targeted interventions for high-risk employee actions: Fable’s platform is positioned around real-time behavioral insights and personalized interventions. Security teams should move beyond one-size-fits-all awareness content and deliver guidance at the moment risky behavior occurs.
- Treat human risk as part of the security program, not a side campaign: Berry’s role covers both customer support around risky behavior and Fable’s own secure platform development. CISOs should integrate human risk management with incident response, governance, compliance, identity controls, and security operations.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.