Tag

Phishing Simulation

Learn how phishing simulations help organizations measure employee susceptibility to email-based attacks. Articles cover simulation design, realistic phishing templates, campaign scheduling, result analysis, and strategies for turning simulation data into stronger security behaviors.

posts

Employee Cybersecurity Training

Employee Cybersecurity Training: What Actually Works

In December 2020, FireEye disclosed one of the most sophisticated supply chain attacks in history — the SolarWinds breach. Threat actors compromised a trusted software update, slipping past automated defenses at over 18,000 organizations including multiple U.S. government agencies. But here's the detail that gets buried: investigators

Carl B. Johnson Apr 02, 2021 7 min read
Cybersecurity Training

How to Train Employees on Cybersecurity That Sticks

In December 2020, a SolarWinds employee reportedly used the password "solarwinds123" on an update server — a detail that surfaced during Congressional hearings about one of the most devastating supply chain attacks in history. Thousands of organizations, including multiple U.S. government agencies, were compromised. The root cause wasn&

Carl B. Johnson Apr 02, 2021 7 min read
Cybersecurity Awareness Month

Cybersecurity Awareness Month: What Actually Works

One Month Won't Save You — But It Can Start Something That Does In October 2020, during Cybersecurity Awareness Month, a major hospital chain — Universal Health Services — was fighting off one of the largest ransomware attacks in U.S. healthcare history. The Ryuk ransomware hit over 400 facilities. Staff

Carl B. Johnson Apr 02, 2021 6 min read
Shadow IT Risks

Shadow IT Risks: The Hidden Threat Draining Your Budget

Your Employees Already Built a Second IT Department A marketing manager signs up for an AI writing tool using her corporate email. A sales rep stores client contracts in a personal Dropbox. An engineering team spins up an AWS instance without telling anyone. None of these people are malicious. Every

Carl B. Johnson Oct 27, 2020 7 min read
Security Awareness Metrics

Security Awareness Metrics That Prove ROI in 2026

When the SEC fined SolarWinds' CISO for misleading investors about cybersecurity practices, it sent a shockwave through every security department in America. The message was unmistakable: vague assurances about security posture aren't enough anymore. Boards, regulators, and cyber insurers now demand evidence. That's why security

Carl B. Johnson Oct 10, 2020 8 min read
Security Awareness Training

How to Measure Security Awareness Training Effectively

Your Training Program Is Worthless Without Proof In 2023, MGM Resorts lost an estimated $100 million after a social engineering attack that started with a single phone call to the help desk. The company almost certainly had a security awareness program in place. So did Caesars Entertainment, which paid a

Carl B. Johnson Oct 02, 2020 7 min read