Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.
posts
The MOVEit Breach Started With One Overlooked Web Flaw In 2023, a single SQL injection vulnerability in the MOVEit Transfer web application led to one of the largest mass exploitation events in history. Over 2,600 organizations were compromised. Sensitive data from government agencies, banks, and healthcare providers was exfiltrated
The Breach That $300K in Security Tools Didn't Stop In 2023, a mid-sized healthcare firm in the Midwest spent over $300,000 annually on products from multiple computer security companies. Endpoint detection, SIEM, email gateway filtering — the full stack. Then an employee clicked a phishing link inside a
A Single Stolen Password Cost One Company $150 Million In 2024, Change Healthcare suffered a catastrophic breach that disrupted pharmacy operations across the United States for weeks. The entry point? A compromised credential on a system lacking multi-factor authentication. That single oversight in cyber security led to what UnitedHealth Group
In 2023, the FBI's Internet Crime Complaint Center received over 880,000 complaints with potential losses exceeding $12.5 billion — a 22% increase from the year prior. A massive chunk of those incidents started with something deceptively simple: a computer virus delivered through a phishing email, a malicious
The Breach That Started With a "Managed Security" Contract In 2024, Change Healthcare — a company with dedicated security vendors and enterprise-grade tools — suffered a ransomware attack that disrupted healthcare claims processing across the entire United States. UnitedHealth Group confirmed the breach affected roughly 100 million individuals. The attackers
The Breach That Started With a Single Reused Password In January 2024, a midsize accounting firm lost access to every client file it had. A single employee reused their corporate email password on a third-party scheduling app. That app got breached. Within 48 hours, a threat actor used those stolen
In 2023, MGM Resorts had world-class computer security software deployed across its entire infrastructure. Firewalls, endpoint detection, SIEM platforms — the works. A single social engineering phone call bypassed all of it, leading to an estimated $100 million in losses. That incident should have been a wake-up call for every organization
The Hiring Manager Doesn't Care Where You Sat in Class I've reviewed over a thousand resumes for security analyst and incident response roles. Not once — not a single time — have I rejected a candidate because their online computer security degree wasn't earned in a
The Misconfiguration That Exposed 100 Million Records Updated for 2026 In 2019, a former Amazon Web Services employee exploited a misconfigured web application firewall to steal personal data from over 100 million Capital One customers and applicants. The breach cost Capital One more than $270 million in settlements and remediation.
Updated for 2026 A Single Email Cost This Company $121 Million In 2019, Rubin Schron's Cammeby's International Group wired $121 million to a fraudulent account after receiving what appeared to be a routine email from their attorney. The email was a phish. No malware. No zero-day
