Tag

Cybersecurity Training

Covers cybersecurity training programs, techniques, and best practices designed to equip employees and individuals with the skills to recognize and respond to cyber threats. Topics include security awareness curricula, simulation exercises, and measuring training effectiveness.

posts

Social Engineering Attacks

Social Engineering Attacks: What Actually Works in 2021

The Phone Call That Cost One Company $75 Million In 2020, a teenager orchestrated one of the most high-profile social engineering attacks in history. He called Twitter employees, posed as IT staff, and convinced them to hand over credentials to internal tools. Within hours, he'd hijacked accounts belonging

Carl B. Johnson Apr 12, 2021 7 min read
Social Engineering Examples

Social Engineering Examples: Real Attacks That Worked

In July 2020, a 17-year-old from Florida convinced Twitter employees to hand over internal credentials. Within hours, the accounts of Barack Obama, Elon Musk, Joe Biden, and Apple were all posting Bitcoin scam messages. The attacker didn't exploit a software vulnerability. He exploited people. These social engineering examples

Carl B. Johnson Apr 12, 2021 6 min read
Pretexting Attacks

Pretexting Attack Examples: Real Scams That Bypass Security

In 2020, a teenager and two accomplices convinced a Twitter employee they were from the company's IT department. That single phone call gave them access to internal tools, which they used to hijack 130 high-profile accounts — including those of Barack Obama, Elon Musk, and Apple — netting over $100,

Carl B. Johnson Apr 12, 2021 7 min read
Cybersecurity Training

How to Train Employees on Cybersecurity That Sticks

In December 2020, a SolarWinds employee reportedly used the password "solarwinds123" on an update server — a detail that surfaced during Congressional hearings about one of the most devastating supply chain attacks in history. Thousands of organizations, including multiple U.S. government agencies, were compromised. The root cause wasn&

Carl B. Johnson Apr 02, 2021 7 min read
Password Security

Password Security Best Practices That Actually Work

The Breach That Started With a Single Reused Password In December 2020, the SolarWinds breach dominated every security headline on the planet. But while the world fixated on nation-state threat actors and supply chain attacks, I kept thinking about a detail that emerged early: a SolarWinds intern had reportedly set

Carl B. Johnson Jan 14, 2021 7 min read
Cybersecurity Glossary

Cybersecurity Glossary for Beginners: 40+ Terms

When the Colonial Pipeline ransomware attack shut down fuel distribution across the U.S. East Coast in 2021, news anchors stumbled over terms like "ransomware," "threat actor," and "zero trust." Millions of people realized they didn't have the vocabulary to understand the

Carl B. Johnson May 11, 2020 8 min read
Cybersecurity Terms Explained

Cybersecurity Terms Explained: A Practical Guide

When the Colonial Pipeline attack shut down fuel distribution across the Eastern United States in 2021, news anchors stumbled over words like "ransomware," "threat actor," and "zero trust." Millions of people realized they didn't speak the language of cybersecurity — and that ignorance

Carl B. Johnson May 08, 2020 7 min read
Adware vs Spyware

Adware vs Spyware: What Security Teams Must Know

In 2023, a seemingly harmless browser extension called "PDF Toolbox" was downloaded over two million times from the Chrome Web Store before researchers at Palant discovered it was quietly injecting tracking code and redirecting ad revenue — a textbook adware operation that crossed hard into spyware territory. That single

Carl B. Johnson May 08, 2020 7 min read
Cross-Site Scripting

Cross-Site Scripting Explained: A Real-World Guide

The Attack That Hides in Plain Sight on Your Website In 2018, British Airways disclosed a breach that compromised the personal and financial data of roughly 380,000 customers. The attack vector? A modified JavaScript injected into the airline's payment page — a textbook cross-site scripting attack that skimmed

Carl B. Johnson Mar 04, 2020 7 min read
Phishing Awareness

How to Spot a Phishing Email: 9 Red Flags to Catch

The Email That Cost One Company $37 Million In 2024, the FBI's Internet Crime Complaint Center reported that business email compromise — a sophisticated form of phishing — accounted for over $2.9 billion in adjusted losses. That's not a typo. Billions. And it all starts with a

Carl B. Johnson Mar 04, 2020 7 min read