Tag

Cybersecurity Training

Covers cybersecurity training programs, techniques, and best practices designed to equip employees and individuals with the skills to recognize and respond to cyber threats. Topics include security awareness curricula, simulation exercises, and measuring training effectiveness.

posts

Shadow IT Risks

Shadow IT Risks: The Invisible Threat Draining Your Budget

A Marketing Team's Slack Alternative Nearly Took Down an Entire Hospital Network In 2023, a regional healthcare system discovered that its marketing department had been using an unapproved messaging platform for over 14 months. Nobody in IT knew. The platform stored patient-adjacent data with no encryption, no access

Carl B. Johnson Apr 16, 2026 5 min read
Cybersecurity Training

How to Train Employees on Cybersecurity in 2026

The Breach That Started With a Single Click In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered an IT help desk employee with a phone call that lasted about ten minutes. The attacker didn't exploit a zero-day vulnerability. They didn&

Carl B. Johnson Apr 11, 2026 5 min read
Social Engineering Examples

Social Engineering Examples: 7 Real Attacks That Worked

In September 2022, a teenager allegedly convinced an Uber employee to hand over access credentials through a simple text message. No zero-day exploit. No sophisticated malware. Just a convincing story and a target who didn't verify the request. That single social engineering attack gave the threat actor access

Carl B. Johnson Apr 06, 2026 5 min read
Social Engineering Examples

Social Engineering Examples That Fool Even Experts

The Phone Call That Cost MGM Resorts $100 Million In September 2023, a threat actor called MGM Resorts' IT help desk, impersonated an employee they found on LinkedIn, and convinced the technician to reset credentials. That single phone call triggered a ransomware attack that disrupted operations across Las Vegas

Carl B. Johnson Apr 04, 2026 5 min read
Phishing Training for Employees

Phishing Training for Employees: What Actually Works

The Click That Cost One Company $47 Million In 2023, MGM Resorts was brought to its knees — not by a sophisticated zero-day exploit, but by a social engineering phone call that led to credential theft and a devastating ransomware attack. The estimated cost exceeded $100 million. The attack vector? A

Carl B. Johnson Apr 02, 2026 5 min read
Cybersecurity Terms Explained

Cybersecurity Terms Explained: A Practical Guide

Last year, a hospital administrator told me she ignored an alert about a credential stuffing attack because she didn't know what that phrase meant. Three days later, her organization was dealing with a ransomware incident that shut down patient scheduling for two weeks. The jargon gap in cybersecurity

Carl B. Johnson Mar 31, 2026 5 min read
Cybersecurity Awareness Quiz

Cybersecurity Awareness Quiz: Test Your Team Now

93% of Breaches Start With a Person, Not a Firewall In 2023, Verizon's Data Breach Investigations Report confirmed what security professionals have been screaming about for years: the human element was involved in 74% of all breaches. By 2024, that figure remained stubbornly high. A cybersecurity awareness quiz

Carl B. Johnson Mar 28, 2026 5 min read
Phish Tour

Phish Tour: A Guided Walk Through Modern Attacks

Welcome to the Phish Tour Nobody Asked For In March 2025, a finance employee at a mid-size manufacturing firm received a Microsoft Teams message from someone impersonating the CFO. The message included a link to a SharePoint page that looked flawless. Within 90 seconds, the employee entered their credentials. Within

Carl B. Johnson Jan 18, 2026 7 min read
Phishing

Definition of a Phishing Attack: What It Really Looks Like

The MGM Breach Started With a Single Phone Call In September 2023, a threat actor called the MGM Resorts help desk, pretended to be an employee, and talked their way into a credential reset. Within hours, the Scattered Spider group had deep access to MGM's systems. The result:

Carl B. Johnson Jan 17, 2026 7 min read
Fake Mail

Fake Mail: How to Spot It Before It Costs You

In May 2025, the FBI's Internet Crime Complaint Center reported that business email compromise — a sophisticated form of fake mail — accounted for over $2.9 billion in adjusted losses in 2023 alone. That number has only grown. I've personally worked cases where a single convincing email

Carl B. Johnson Dec 27, 2025 7 min read