Sign up to save your podcasts
Or
Share 25 - Building a Reward-Driven Security Culture
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
25 - Building a Reward-Driven Security Culture
Phishing has been one of the most reliable tools in an attacker's arsenal for decades. Despite endless simulations, mandatory trainings and a growing set of tools, the problem hasn't gone away. AI-driven targeting makes it smarter, faster and more personal. But the issue isn't just the threat itself. It's how we teach people to recognize and respond to it.
In this episode, we sit down with Craig Taylor, a 30-year cybersecurity veteran and co-founder of CyberHoot, to explore why traditional phishing exercises fail to change behavior and how shame-based or punitive approaches are undermining security culture. Craig explains how a multidisciplinary, psychology-backed approach can transform user engagement, reward good behavior and build real security resilience.
Whether you're leading a security program, responsible for awareness training, or simply curious about how phishing has evolved in the age of AI, this conversation will change the way you think about user education.
Highlights:
- Why traditional phishing simulations often hurt security culture
- How AI is reshaping phishing attacks at scale
- The psychology behind behavior change and what most programs get wrong
- Why positive reinforcement works better than punishment
- How to build a learning-driven, user-friendly security culture
- Practical steps organizations can take to modernize phishing education
Craig Taylor is a seasoned cybersecurity leader with over 30 years of experience across web hosting, finance, manufacturing, and more. He is the co-founder of CyberHoot, a cyber literacy platform for small businesses and MSPs, and has served as a virtual CISO for more than 50 organizations.
CyberHoot Resources
- 20% Off CyberHoot for 1 year using code "Cyber Compliance and Beyond"
- Main Website: https://cyberhoot.com/
- Individual Registration (Free Personal Training for Life): https://cyberhoot.com/individuals/
- Businesses and Managed Service Providers: https://nest.cyberhoot.com/autopilot-signup/
- Newsletter Sign Up: https://cyberhoot.com/newsletters/
- Blog: https://cyberhoot.com/blog/
- Cybrary: https://cyberhoot.com/cybrary/
View all episodes
By KratosPhishing has been one of the most reliable tools in an attacker's arsenal for decades. Despite endless simulations, mandatory trainings and a growing set of tools, the problem hasn't gone away. AI-driven targeting makes it smarter, faster and more personal. But the issue isn't just the threat itself. It's how we teach people to recognize and respond to it.
In this episode, we sit down with Craig Taylor, a 30-year cybersecurity veteran and co-founder of CyberHoot, to explore why traditional phishing exercises fail to change behavior and how shame-based or punitive approaches are undermining security culture. Craig explains how a multidisciplinary, psychology-backed approach can transform user engagement, reward good behavior and build real security resilience.
Whether you're leading a security program, responsible for awareness training, or simply curious about how phishing has evolved in the age of AI, this conversation will change the way you think about user education.
Highlights:
- Why traditional phishing simulations often hurt security culture
- How AI is reshaping phishing attacks at scale
- The psychology behind behavior change and what most programs get wrong
- Why positive reinforcement works better than punishment
- How to build a learning-driven, user-friendly security culture
- Practical steps organizations can take to modernize phishing education
Craig Taylor is a seasoned cybersecurity leader with over 30 years of experience across web hosting, finance, manufacturing, and more. He is the co-founder of CyberHoot, a cyber literacy platform for small businesses and MSPs, and has served as a virtual CISO for more than 50 organizations.
CyberHoot Resources
- 20% Off CyberHoot for 1 year using code "Cyber Compliance and Beyond"
- Main Website: https://cyberhoot.com/
- Individual Registration (Free Personal Training for Life): https://cyberhoot.com/individuals/
- Businesses and Managed Service Providers: https://nest.cyberhoot.com/autopilot-signup/
- Newsletter Sign Up: https://cyberhoot.com/newsletters/
- Blog: https://cyberhoot.com/blog/
- Cybrary: https://cyberhoot.com/cybrary/