At revel8, we believe security starts with people. And the individuals who truly make organizations safer deserve the spotlight. One of those people is Dr. Peter Dornheim - CISO at STIHL, cybersecurity culture researcher, and one of Europe’s clearest voices for human-centric security.
With over 15 years of experience, a freshly minted PhD, and a résumé that spans Daimler, SAP, Festo, and now STIHL, Peter blends academic rigor with real-world leadership. But what truly sets him apart is his mission: to move cybersecurity out of the server room and into the culture of the organization.
We spoke to Peter about what drives him, what keeps him up at night, and what he’s learned from building a security mindset across thousands of employees.
“I didn’t fall into it - I slowly progressed towards it. For me, security has always been about more than just technology. I really wanted to understand how organizations change, how people learn, and how to embed security in daily behaviour. This is why I took on a PhD on cybersecurity culture in addition to my regular CISO position. During several roles in IT security teams of large organizations like SAP or Stihl, I learned that I am very interested in managing IT security as a whole. For me, a secure IT infrastructure goes hand in hand with a functioning cybersecurity culture.”
“It’s not one single attack type - it’s negligence. When people think security is ‘someone else’s job,’ when awareness becomes just another checkbox, or when we rely too much on tools without building the right mindset. We don’t need fear - but we do need a living, breathing security culture. That’s where I focus my energy.”
“No two days are the same and I love that. I switch between C-suite strategy, crisis exercises, compliance management, and hands-on workshops with my team. I’m also a cybersecurity lecturer at DHBW. What matters most to me is staying connected: to the people, the pulse, the pressure. Security shouldn’t live in a silo - it needs to be in the room where decisions happen.”
“Awareness isn’t something you teach once,
it’s something you co-create over time”
- Dr. Peter Dornheim, CISO Stihl AG
“That awareness doesn’t come from telling people what not to do or writing policies but from helping them see why it matters. One breakthrough came when we started collecting everyday security stories from our employees. Suddenly, people felt seen - and the concept of security became personal. Culture isn’t enforced. It’s built.”
“The rise of cybersecurity culture as a strategic priority. Finally. More CISOs are realizing that technology isn’t enough without trust, clarity, and strong leadership values. Yes, AI is a hot topic - and it’s useful - but only when it empowers humans, not replaces them. Human-centric security will be the operating system of the next decade.”
“Don’t just raise awareness - spark a dialogue. Awareness isn’t a one-off training or a poster on the wall. It has to live in the flow of work. What’s worked for us is shifting from generic advice to realistic simulations that mirror threats employees actually face on a day-to-day basis. When people experience cyberthreats firsthand and start discussing about it, that’s when it really clicks for them.”
“Probably that I enjoy diving deep into academic research but only if I can connect it to practice. I like challenging ideas and turning them into tangible outcomes. That’s why I’m passionate about real-time learning formats. An attack simulation is more than a test - it’s an opportunity to reflect, adapt, and grow. When we give employees space to learn in the moment, we’re not just informing them. We're empowering them to become part of the security story.”
Discover how a deepfake cyber attack on your company could look like.
