Tag

Employee Cybersecurity Training

Employee cybersecurity training posts help organizations educate their workforce on recognizing threats and following security protocols. Content covers onboarding training modules, role-based instruction, ongoing reinforcement techniques, and methods for reducing human error in security incidents.

posts

Employee Cybersecurity Training

Employee Cybersecurity Training: What Actually Works

In May 2024, a single employee at a major healthcare provider clicked a phishing link disguised as a routine benefits update. Within 72 hours, the organization lost access to 14 million patient records and ended up paying a multimillion-dollar ransom. The employee had technically "passed" their annual compliance

Carl B. Johnson Aug 17, 2025 8 min read
Insider Threat Awareness

Insider Threat Awareness: What Your Team Isn't Telling You

The Threat Already Inside Your Firewall In January 2025, a former employee of a U.S. infrastructure firm was charged with attempting to sabotage water treatment systems — months after being terminated. His credentials were never revoked. The damage was caught, but barely. This isn't an edge case. It&

Carl B. Johnson Jun 12, 2025 7 min read
Cybersecurity Culture

Cybersecurity Culture in the Workplace: A Practical Guide

The Breach That Started With a Single Slack Message In September 2022, a threat actor convinced a Uber contractor to approve a multi-factor authentication push notification. That single moment of human failure gave the attacker access to Uber's internal systems, including their Slack workspace, vulnerability reports, and financial

Carl B. Johnson Mar 29, 2025 8 min read
Phish Setlist

Phish Setlist for Security: Building Your Attack Plan

What a Phish Setlist Is — And Why Your Security Team Needs One In March 2024, a mid-size accounting firm lost $2.1 million after an employee clicked a single phishing email disguised as a DocuSign request during tax season. The firm had no phishing simulation program. No playbook. No plan.

Carl B. Johnson Oct 17, 2024 7 min read
Phishing Awareness Program

Phishing Awareness Program: Build One That Works

In January 2024, a single phishing email led to the breach of roughly 26 billion records in what researchers dubbed the "Mother of All Breaches" — a compilation leak aggregating data from LinkedIn, Twitter, Dropbox, and dozens of other platforms. That staggering number puts something into sharp focus: every

Carl B. Johnson May 02, 2024 7 min read
Social Engineering Attacks

Social Engineering Attacks: How They Actually Work

The Phone Call That Cost One Company $25 Million In early 2024, an employee at British engineering firm Arup joined a video call with what appeared to be the company's chief financial officer and several colleagues. Every face on the screen was a deepfake. The employee, convinced by

Carl B. Johnson Apr 08, 2024 7 min read
Employee Cybersecurity Training

Employee Cybersecurity Training: What Actually Works

In January 2024, a finance employee at a multinational firm in Hong Kong transferred $25 million to threat actors after a deepfake video call convinced him his CFO had authorized the payment. No malware. No zero-day exploit. Just a well-trained employee who wasn't trained well enough. That incident

Carl B. Johnson Mar 24, 2024 7 min read