Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Password Manager

Why Use a Password Manager: Stop Reusing Passwords

The Breach That Started With One Reused Password In 2023, a single employee at Norton LifeLock's parent company, Gen Digital, reused a personal password across multiple accounts. Attackers used credential stuffing to compromise nearly 925,000 customer accounts. One password. Nearly a million victims. If you've

Carl B. Johnson Jul 02, 2026 5 min read
Types of Malware

Types of Malware: What Every Organization Must Know

In 2023, MGM Resorts lost an estimated $100 million after a social engineering attack opened the door to ransomware that crippled casino floors, hotel check-ins, and digital room keys for days. The attackers didn't use some exotic, never-before-seen weapon. They used well-known types of malware — the same categories

Carl B. Johnson Jul 02, 2026 5 min read
Phishing Awareness Program

Phishing Awareness Program: Build One That Works

The Click That Cost One Company $47 Million In 2023, MGM Resorts was brought to its knees — not by a sophisticated zero-day exploit, but by a single social engineering phone call that led to credential theft. The resulting breach caused an estimated $100 million in damages. And it started with

Carl B. Johnson Jul 01, 2026 5 min read
Remote Work Cybersecurity Tips

Remote Work Cybersecurity Tips That Actually Work

Your Home Office Is Now the Attack Surface In 2023, a single remote employee at MGM Resorts answered a social engineering call from a threat actor impersonating IT support. That one interaction led to a ransomware attack that cost the company over $100 million in losses. The attacker didn'

Carl B. Johnson Jul 01, 2026 5 min read
Phishing

What Is Phishing? A Security Pro's Real-World Guide

A Single Email Cost This Company $121 Million In 2019, a Lithuanian national named Evaldas Rimasauskas pleaded guilty to stealing over $121 million from Google and Facebook. His weapon wasn't malware. It wasn't a zero-day exploit. It was phishing — forged emails impersonating a legitimate hardware vendor,

Carl B. Johnson Jun 29, 2026 6 min read
Phish Setlist

Phish Setlist for Security: Building Your Attack Plan

What a Phish Setlist Actually Means for Your Security Team When the band Phish takes the stage, they never play the same setlist twice. Every show is crafted for the audience. Your phishing simulation program should work the same way. A phish setlist — a curated, rotating collection of phishing attack

Carl B. Johnson Jun 28, 2026 5 min read