Building SafeHabits.eu from Czechia
Hi r/Startups_EU,
Solo founder here, building SafeHabits (safehabits.eu) alongside a full-time role as security engineer.
The problem I'm trying to solve:
In IT risk management practice, companies focus mostly on technical controls. But 60%+ of security incidents are human-related. At the same time, companies only train people annually to check a compliance box. This training is usually a boring necessary evil: an LMS that people don't enjoy and try to click through as fast as possible. So there's no clue whether the training actually had any effect on the security posture of the company.
What I'm trying to do:
Build habit-based, Duolingo-style training that lets employees learn and internalize best practices in a non-invasive way. The data then resurfaces the effectiveness of the training, identifies human risk patterns, and lets the company connect human risk management to IT risk management. For example: where to strengthen controls based on identified weak points, or where to better train people or clarify internal processes (e.g., incident response). The final byproducts are auditable artifacts that map to NIS2, ISO 27001, and SOC 2, plus a stronger sense of security ownership across the company/security culture building.
Any comments or critiques would be really appreciated. I’d also be glad to connect with founders working on security, compliance, or similar problems!