Inside the episode: What I learned from speaking with Stefano Mazzucco
I recently had the pleasure of sitting down with Stefano Mazzucco, the security team lead at Mindera, for an episode of our Communicating Cyber series. Our conversation covered a lot of ground, moving from the intricacies of distributed systems to the deeply human elements of trust and psychological safety.
Stefano’s perspective is particularly fascinating because he operates in an environment that completely flips the traditional corporate structure on its head. Hearing how cyber security functions in a company with no bosses, was a brilliant reminder that when we strip away the heavy policies and hierarchies, our work ultimately comes down to how well we communicate with each other.
Here are a few of my reflections from our chat.
A non-linear path to cyber security
Stefano’s journey into cyber security was anything but typical. He started out studying physics in Italy, followed by a stint in France researching nanotechnology as a postdoc, and then moved to the US to continue his work in nanoscience. It sounds worlds away from what we do, but he pointed out some incredibly valuable transferable skills.
What I really learned was learning how to learn, Stefano told me. We had to solve problems, figure things out that nobody had figured out before, and build things that did not exist. That innate curiosity gave him a massive head start when it came to the discovery and problem-solving aspects of cyber security.
Eventually wanting to move closer to home, he transitioned out of academia and into software engineering. He worked on distributed systems for content delivery networks, where security was a massive priority, and later joined a health data startup as their first employee. Dealing with highly sensitive health information meant he had to learn how to protect, anonymise, and encrypt data on the fly. He quickly learned that ensuring resilience and building secure systems from the ground up requires a deep understanding of complex, interconnected parts.
Navigating a teal organisation
After working in everything from three-person agile startups to large, traditional corporations spread across the globe, Stefano landed at Mindera. Mindera is what is known as a teal organisation, which essentially means they operate on a self-organisation model.
For a company of around 1,200 people spread across four continents, this is quite a radical approach. As Stefano explained, they completely do away with the traditional hierarchy. There is no CEO, CTO, or CISO issuing directives from the top down. Instead, each team is autonomous, though not independent, so they work aligned to fulfil the business needs.
If you have a problem, you do not escalate it to a manager. If I have a problem, I don’t go to my boss because I don’t have a boss, Stefano shared. I need to figure out who is the best person to talk to, contact them, speak with them, and coordinate if there are actions that need to be carried out. It requires a tremendous amount of communication, openness, and trust.
Security without the stick
In traditional environments, cyber security often relies on a command-and-control structure. We write the policies, we tell people what they can and cannot do, and we use line management to enforce those rules and I was genuinely curious about how Stefano manages alignment and accountability without those formal levers to pull.
He explained that at Mindera, personal responsibility is a very strong feeling that each person has. When someone joins the company, they are told clearly how things operate. The environment demands self-starters who are comfortable navigating a bit of ambiguity.
Because the security team cannot simply dictate terms, they have to collaborate. Stefano views his role not as an enforcer, but as a coordinator and an advisor. The team engages directly with developers and business owners, doing risk-based analyses and explaining the cost-benefit of security decisions. If a team is building something and security sees a flaw, they sit down and discuss it like adults figuring out the risks together and deciding on the best path forward.
Building trust and psychological safety
Perhaps the most impactful part of our conversation was discussing how a ‘teal’ organisation handles mistakes. We all know that human error is inevitable, but how leadership responds to it dictates the entire security culture of a business.
Stefano noted that their approach is always to start from a principle that there is no ill intent behind what someone said or did. This creates an incredible foundation of psychological safety, and he mentioned the example of developers needing administrative rights on their machines. Mindera’s approach is to grant those rights with the mindset of, this is your laptop, get things done.
When something goes wrong, like a misconfiguration or a clicked phishing link, the reaction is entirely constructive. If a developer makes a mistake, they come forward immediately because they know they will not be punished. The security team steps in to help sort it out. Our approach is what happened, how did it happen, Stefano said and this makes us an organisation trusting its employees and making them feel safe.
Hearing Stefano describe this dynamic was a breath of fresh air, it proves that you do not need an iron fist to run a secure organisation. By treating people with respect, fostering genuine psychological safety, and communicating openly, you can build a culture where security is a shared, deeply felt responsibility.
