Episode 173: Scammer Jousting as Human Risk Management
In episode 173 of Cybersecurity Where You Are, Sean Atkinson is joined by Roger Grimes, CISO Advisor at KnowBe4. Together, they discuss "scammer jousting," a term coined by Tony Sager which describes empowering organizations to manage human risk using simulated phishing.
Here are some highlights from our episode:
- 01:05. How simulated phishing and scammer jousting manage human risk
- 03:48. The shift in perception of security awareness training over the past 20 years
- 06:19. The need for testing to build capability and resiliency amongst employees
- 09:27. The many faces of phishing attacks and the impact of generative artificial intelligence
- 15:00. How gamification is proven to help users learn more in their cybersecurity training
- 16:57. How data empowers organizations to communicate the potential impact of a phish
- 19:57. The use of behavior engineering to foster a stronger security culture
- 23:56. The value of customer feedback in continuously enhancing phishing training
- 29:52. Continuous and hyper-personalized training as the future of spammer jousting
Resources
- Episode 77: Data's Value to Decision-Making in Cybersecurity
- Episode 98: Transparency as a Tool to Combat Insider Threats
- A Short Guide for Spotting Phishing Attempts
- CIS Controls v8.1 Security Awareness Skills Training Policy Template
- SANS Workforce Security and Risk Training
- The Evolving Role of Generative Artificial Intelligence in the Cyber Threat Landscape
- Episode 110: How Security Culture and Corporate Culture Mesh
If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
As of June 23, 2025, the MS-ISAC has introduced a fee-based membership. Any potential reference to no-cost MS-ISAC services no longer applies.