Tag

Phishing Simulation

Learn how phishing simulations help organizations measure employee susceptibility to email-based attacks. Articles cover simulation design, realistic phishing templates, campaign scheduling, result analysis, and strategies for turning simulation data into stronger security behaviors.

posts

Insider Threat Awareness

Insider Threat Awareness: What Your Team Isn't Telling You

The Threat Already Inside Your Firewall In January 2025, a former employee of a U.S. infrastructure firm was charged with attempting to sabotage water treatment systems — months after being terminated. His credentials were never revoked. The damage was caught, but barely. This isn't an edge case. It&

Carl B. Johnson Jun 12, 2025 7 min read
Cybersecurity Training Compliance

Cybersecurity Training Compliance: What Regulators Want

In October 2024, the FTC finalized a settlement with Marriott International and its subsidiary Starwood Hotels over data breaches that exposed the personal information of 344 million customers. Among the FTC's requirements: Marriott had to implement a comprehensive information security program — including mandatory employee training. That wasn'

Carl B. Johnson May 10, 2025 7 min read
Securing Cloud Applications

Securing Cloud Applications: A Practical 2025 Guide

The Snowflake Breach Changed How I Think About Cloud Risk In mid-2024, threat actors compromised over 165 organizations by exploiting stolen credentials against Snowflake cloud accounts that lacked multi-factor authentication. Ticketmaster, AT&T, Santander — massive names, massive data losses. The root cause wasn't some exotic zero-day. It

Carl B. Johnson Apr 22, 2025 7 min read
Security Awareness Metrics

Security Awareness Metrics That Actually Prove ROI

In 2024, IBM's Cost of a Data Breach Report pegged the global average breach cost at $4.88 million — the highest ever recorded. That same report found that organizations with security awareness training programs saved an average of $258,629 per breach compared to those without. Yet when

Carl B. Johnson Mar 29, 2025 8 min read
Security Awareness Training

How to Measure Security Awareness Training Effectively

In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered the company's IT help desk with a single phone call. The attackers didn't exploit a zero-day vulnerability. They exploited a person. That incident should make every security leader ask a blunt question:

Carl B. Johnson Mar 29, 2025 7 min read
Cybersecurity Training ROI

Cybersecurity Training ROI: The Numbers That Matter

A $4.88 Million Problem With a Training-Shaped Solution IBM's 2024 Cost of a Data Breach Report pegged the global average breach cost at $4.88 million — the highest figure ever recorded. Meanwhile, the average investment in security awareness training per employee sits somewhere between $15 and $50

Carl B. Johnson Mar 25, 2025 7 min read