Blog

Photo credit: Laura Buitrago   This past Saturday, I was lucky enough to be given the chance to give a talk7 at the Day of Shecurity conference ― what’s a “talk7”? That’s seven 45 minute presentations 😅. While it’s still fresh in my mind, I wanted to jot down my thoughts on the day. It...Read More

You roll out a brand-new phishing test to your users, the results start to come in…and they’re worse than the last test. What happened? You’ve educated them about phishing, regularly alert them of new attacks, yet it seems they’re still not getting it…or are they? Phishing tests can serve two purposes- education on the latest...Read More

Changing jobs is tough! It’s a high-pressure situation with lots of ambiguity and expectations of the candidate, yet hardly any transparency about what the candidate can expect. I’ve been there, too. I’ve been verbally offered roles right after I interview, and then three weeks later the company hasn’t given me paperwork yet. I’ve had cases...Read More

Working as a security practitioner for nearly a decade now,  I’ve been able to talk to employees at all ranks of an organization about the importance of security. In those conversation, I was often struck by how different the discussions with someone who “got security” were as opposed to someone who totally “didn’t get it.”...Read More

For decades, security awareness programs have been based on the assumption that employees simply don’t know the correct course of action, but with the right training, they will start performing more securely. But does that actually happen in real life? Nope, not even close. The same poor decisions are made because of the same old...Read More

You know what industry reminds me of security awareness? The coal industry. What? Yeah, coal. The coal industry, despite obvious pollution concerns and better alternatives, has stuck around. It even has new legs with “clean coal” (in the software industry, we’d call it “coal 2.0”, “new school coal” or “modern coal”), which despite tremendous costs...Read More

I’m often asked what it takes to actually get employees to practice better security. Security practitioners have tried for decades to push the latest and greatest training programs on their employees only to see them practicing the same old behaviors. Phishing links still get clicked, passwords are reused across accounts, and laptops remain unlocked in...Read More

  In my former life as a CISO and security executive, I really disliked the phrase “security awareness”. I’m close to saying I hated it and I don’t think I’m alone. I’m not entirely sure where it stems from, but I’d guess it’s a combination of a) the bad taste in my mouth from all...Read More

Here’s the conundrum most CISOs face: despite hours and hours of training, most employees still don’t know how to avoid today’s security threats. In an age of increasingly dangerous attacks, the million-dollar question is — how can you transform your team into real security advocates if training doesn’t work? Our mission is to change the...Read More