Send us a text

In this lively installment of “Phishing for Answers,” our host kicks things off with a quirky, AI-generated rap—then challenges guest Dean Sapp, SVP of Information Security at Filevine, to a game of “Stock or Not?” to test just how convincing AI images can get. But the conversation quickly turns serious as Dean reveals how scammers are weaponizing these same AI tools to spin up highly targeted—and eerily authentic—phishing emails and counterfeit websites.

Drawing on his years of experience building cybersecurity programs and guiding law firms, Dean walks us through a jaw-dropping story of an “unhackable” client who thought strong passwords alone would stop an open-enrollment benefits scam. Spoiler: it didn’t. Along the way, he pinpoints the big blind spots many companies miss, from unpatched software on the perimeter to that shady old printer on a forgotten VLAN. Whether you’re running a small legal practice or a high-traffic SaaS platform, Dean’s bottom line is the same: turn on multi-factor authentication, build empathy-driven awareness programs, and keep everything—from firmware to browsers—patched and hardened. Because in this age of AI-fueled cybertricks, your best defense is a well-prepared, forward-thinking human.

Joshua Crumbaugh is a world-renowned ethical hacker and a subject matter expert in social engineering and behavioral science. As the CEO and Founder of PhishFirewall, he brings a unique perspective on cybersecurity, leveraging his deep expertise to help organizations understand and combat human-centered vulnerabilities in their security posture. His work focuses on redefining security awareness through cutting-edge AI, behavioral insights, and innovative phishing simulations.

PhishFirewall uses AI-driven micro-training and continuous, TikTok-style video content to eliminate 99% of risky clicks—zero admin effort required. Ready to see how we can fortify your team against phishing threats? Schedule a quick demo today!

Send us a text

In this special Security Awareness Month edition of “Phishing for Answers,” we reel in Norman Kromberg—a finance-whiz-turned-CISO who blends down-to-earth Midwest values with sharp cybersecurity insight. Raised in Lincoln, Nebraska, Norman cut his teeth in banking before jumping into IT governance and risk compliance. Now, he’s applying that business-first mindset to keep organizations one step ahead of threat actors.

Ever wonder how revenue-minus-expense ties into your malware defenses? Norman breaks down how understanding the core equation of any business not only helps you talk risk at the board level—it ensures you’re investing in security where it actually matters. From empathizing with accidental clickers to mapping out which roles pose the biggest insider-threat risks, Norman shows you how to craft a security program that’s both human-friendly and hacker-hostile. It’s a candid, engaging chat that proves financial smarts and cybersecurity savvy can—and should—work hand in glove. Because in the battle against phishing, you can’t just think like a hacker—you’ve also got to think like a CEO.

Joshua Crumbaugh is a world-renowned ethical hacker and a subject matter expert in social engineering and behavioral science. As the CEO and Founder of PhishFirewall, he brings a unique perspective on cybersecurity, leveraging his deep expertise to help organizations understand and combat human-centered vulnerabilities in their security posture. His work focuses on redefining security awareness through cutting-edge AI, behavioral insights, and innovative phishing simulations.

PhishFirewall uses AI-driven micro-training and continuous, TikTok-style video content to eliminate 99% of risky clicks—zero admin effort required. Ready to see how we can fortify your team against phishing threats? Schedule a quick demo today!

Send us a text

In today's digital age, cyber threats are becoming more sophisticated, and the stakes have never been higher. Amid advancing technology and evolving attack vectors, one factor remains critically important yet often overlooked: the human element. People can be the weakest link in cybersecurity, but with the right approach, they can also become the most formidable line of defense.

In a recent episode of the "Phishing for Answers" podcast, our CEO at PhishFirewall, Joshua Crumbaugh, had an inspiring conversation with cybersecurity expert Chris Nicolaou the CISO of CloudSpace. They delved into how organizations can shift the narrative—from viewing employees as potential vulnerabilities to empowering them as proactive defenders against cyber threats.

The Human Factor: Turning Weakness into Strength

Chris kicked off the discussion by sharing a personal story that highlights how even cybersecurity professionals aren't immune to sophisticated attacks. He almost fell victim to a phishing attempt involving multiple suspicious MFA (Multi-Factor Authentication) alerts at odd hours.

"Even with all my training and experience, I was tempted to approve the login because it caught me off guard," Chris admitted. "It reminded me that attackers exploit our natural tendencies and trust."

This anecdote underscores a vital point: security isn't just about systems and software—it's about people. Attackers often target human psychology, using social engineering to manipulate individuals into unwittingly compromising security.

At PhishFirewall, we understand that the key to bolstering cybersecurity lies in empowering your people. By focusing on education and awareness, you can transform your team from potential targets into active participants in your organization's defense.

Microtraining: Keeping Security Top of Mind

Traditional annual training sessions are no longer sufficient in a world where threats evolve daily. Chris emphasized the value of continuous education through microlearning—short, focused training sessions that keep security awareness fresh.

"Embedding security reminders into everyday activities makes a huge difference," he suggested. "Whether it's quick tips on elevator screens or brief modules accessible anytime, the goal is to integrate learning into the flow of work."

PhishFirewall embraces this philosophy with our spaced learning approach, delivering high-impact, bite-sized lessons that are both engaging and memorable. By making training accessible and non-intrusive, we help ensure that cybersecurity stays at the forefront of your employees' minds.

Role-Based Training: Relevant and Effective

One size doesn't fit all when it comes to security training. D

Joshua Crumbaugh is a world-renowned ethical hacker and a subject matter expert in social engineering and behavioral science. As the CEO and Founder of PhishFirewall, he brings a unique perspective on cybersecurity, leveraging his deep expertise to help organizations understand and combat human-centered vulnerabilities in their security posture. His work focuses on redefining security awareness through cutting-edge AI, behavioral insights, and innovative phishing simulations.

PhishFirewall uses AI-driven micro-training and continuous, TikTok-style video content to eliminate 99% of risky clicks—zero admin effort required. Ready to see how we can fortify your team against phishing threats? Schedule a quick demo today!

Send us a text

Reducing Human Error through Behavioral Science: A Conversation with Pieter VanIperen

In the latest episode of the "Phishing for Answers" podcast, PhishFirewall’s CEO, Joshua Crumbaugh, sat down with cybersecurity expert Pieter VanIperen, CISO of Own Company, to discuss how understanding human behavior can significantly enhance cybersecurity. Their conversation delved into the heart of what makes organizations vulnerable: the human element. They explored how leveraging behavioral science, role-based training, and positive reinforcement can transform employees from potential risks into robust defenders against cyber threats.

‍

Behavioral Science and Cybersecurity Psychology

• Joshua and Pieter emphasized the crucial role of behavioral science in cybersecurity.
• While technology is essential, understanding the human psyche is paramount in preventing breaches.
• Many security incidents occur due to human errors rooted in natural behavior patterns.
• Concepts like the Identical Elements Theory suggest that learning is more effective when training closely mimics real-world scenarios.
• Using frequent, bite-sized training sessions—known as spaced learning—employees can subconsciously develop instincts to recognize and avoid security threats.
• PhishFirewall incorporates these principles to embed security awareness into daily routines without overwhelming staff.

Role-Based Training and Contextual Awareness

• The conversation shifted to the importance of tailoring security training to specific job roles.
• Generic training often fails to address the unique challenges different departments face.
• Pieter provided examples:some text
  • Accounting teams need to be vigilant against invoice fraud and spear-phishing attempts.
  • Marketing departments should be aware of phishing attempts targeting campaign data or customer information.
  • IT staff must focus on configuration errors and internal threats.
• PhishFirewall makes it effortless to deploy role-based training.
• By providing contextually relevant education, employees can better relate to the material, leading to higher engagement and retention.

Gamification and Positive Reinforcement

• The effectiveness of gamification in training programs was highlighted.
• Traditional punitive approaches often lead to resistance and concealment of mistakes.
• Incorporating game-like elements and rewards can motivate employees to participate actively.
• Positive reinforcement creates a collaborative atmosphere where employees feel valued and are more likely to adopt security best practices.

Joshua Crumbaugh is a world-renowned ethical hacker and a subject matter expert in social engineering and behavioral science. As the CEO and Founder of PhishFirewall, he brings a unique perspective on cybersecurity, leveraging his deep expertise to help organizations understand and combat human-centered vulnerabilities in their security posture. His work focuses on redefining security awareness through cutting-edge AI, behavioral insights, and innovative phishing simulations.

PhishFirewall uses AI-driven micro-training and continuous, TikTok-style video content to eliminate 99% of risky clicks—zero admin effort required. Ready to see how we can fortify your team against phishing threats? Schedule a quick demo today!

Send us a text

In this insightful episode of Phishing for Answers, I had the opportunity to sit down with Steve Cobb, CISO of Security Scorecard, to explore the critical role human behavior plays in modern cybersecurity. With the rise of sophisticated cyber threats, particularly AI-driven phishing attacks, Steve underscores how the human element remains both the weakest link and the most powerful defense in protecting an organization.

Steve shares an impactful story about a near-miss phishing attack where a quick-thinking employee made all the difference by promptly reporting the suspicious activity. This real-world example demonstrates the significance of creating a workplace culture where employees are encouraged to report potential threats without fear of punishment. It’s about turning employees into vigilant defenders—what Steve calls “human firewalls.”

We also discuss the growing importance of security awareness training, particularly the use of gamification and storytelling to make cybersecurity more engaging and relatable for employees. Steve emphasizes that people learn best when they are not only informed but also entertained, which is why PhishFirewall’s gamified micro-training sessions can be so effective in reinforcing good security habits.

Another key takeaway from this conversation is the shift in focus from merely punishing employees for mistakes to empowering them to be proactive in detecting threats. As phishing attacks evolve, Steve explains how AI and machine learning have changed the game by crafting more convincing, tailored phishing attempts, making traditional red flags—like typos and awkward language—less reliable. This means organizations need to invest more in continuous education and behavioral reinforcement to stay ahead of the threats.

In a world where technology alone can’t save us, building a security-conscious workforce is paramount. Steve and I explore how positive reinforcement, cultural shifts, and innovative training approaches are crucial in making cybersecurity second nature for employees at all levels.

This episode is packed with actionable insights and strategies for turning employees into your organization’s greatest asset against cyber threats, reinforcing that cybersecurity isn’t just an IT problem—it’s a company-wide responsibility. #PhishFirewall #CyberSecurity #SecurityAwarenessMonth #HumanFirewall

Joshua Crumbaugh is a world-renowned ethical hacker and a subject matter expert in social engineering and behavioral science. As the CEO and Founder of PhishFirewall, he brings a unique perspective on cybersecurity, leveraging his deep expertise to help organizations understand and combat human-centered vulnerabilities in their security posture. His work focuses on redefining security awareness through cutting-edge AI, behavioral insights, and innovative phishing simulations.

PhishFirewall uses AI-driven micro-training and continuous, TikTok-style video content to eliminate 99% of risky clicks—zero admin effort required. Ready to see how we can fortify your team against phishing threats? Schedule a quick demo today!

Send us a text

In this episode of Phishing for Answers, I sit down with Joe Evangelisto, CISO of NetSPI, to discuss some surprising insights on phishing susceptibility within organizations. We dive into the two most vulnerable groups—sales and developers—and how their different day-to-day responsibilities lead to unique phishing risks. Joe and I explore real-world examples of employees falling for sophisticated attacks, the psychology behind why they click, and how cybersecurity professionals can better protect their teams through awareness and behavioral insights.

We also cover how AI is changing the phishing landscape, making attacks more convincing than ever. Plus, we share tips on how to improve phishing simulations to effectively prepare employees without relying on fear-driven tactics.

Tune in to learn about the importance of a carrot-over-stick approach, real-time security reminders, and fostering a positive security culture that empowers employees to report threats.

Joshua Crumbaugh is a world-renowned ethical hacker and a subject matter expert in social engineering and behavioral science. As the CEO and Founder of PhishFirewall, he brings a unique perspective on cybersecurity, leveraging his deep expertise to help organizations understand and combat human-centered vulnerabilities in their security posture. His work focuses on redefining security awareness through cutting-edge AI, behavioral insights, and innovative phishing simulations.

PhishFirewall uses AI-driven micro-training and continuous, TikTok-style video content to eliminate 99% of risky clicks—zero admin effort required. Ready to see how we can fortify your team against phishing threats? Schedule a quick demo today!

Send us a text

In this Security Awareness Month edition of Phishing for Answers, Joshua Crumbaugh sits down with Christopher Russell, CISO of tZERO Group, to discuss his path from military intelligence to mastering corporate cybersecurity. Christopher shares some of the latest tactics he’s seen, including a shocking snail mail phishing attack, and why bad actors continue to exploit human vulnerabilities. They dive into the importance of role-based phishing simulations, how tailored training can drastically reduce incidents, and why fostering a culture of awareness is essential in today’s evolving cyber landscape. This episode is a must-listen for anyone serious about staying ahead of modern threats!

PhishFirewall helps organizations stop phishing attacks in their tracks with innovative, AI-driven, behavioral science-based security training that delivers real results—stopping incidents, stopping clicks, and stopping ransomware.

#CyberSecurity #PhishingAwareness #CISO #InfoSec #RansomwareDefense #SecurityCulture #SocialEngineering #RiskManagement #SecurityAwarenessMonth #tZERO #PhishFirewall

Joshua Crumbaugh is a world-renowned ethical hacker and a subject matter expert in social engineering and behavioral science. As the CEO and Founder of PhishFirewall, he brings a unique perspective on cybersecurity, leveraging his deep expertise to help organizations understand and combat human-centered vulnerabilities in their security posture. His work focuses on redefining security awareness through cutting-edge AI, behavioral insights, and innovative phishing simulations.

PhishFirewall uses AI-driven micro-training and continuous, TikTok-style video content to eliminate 99% of risky clicks—zero admin effort required. Ready to see how we can fortify your team against phishing threats? Schedule a quick demo today!

Send us a text

In this episode of Phishing for Answers, Joshua Crumbaugh, CEO and Founder of PhishFirewall, interviews Paul Sheth, the CISO of the Women’s Tennis Association (WTA). They explore Paul’s journey from infrastructure to cybersecurity leadership, diving into the critical role of risk management, the threats of phishing and ransomware, and the rise of AI-driven cyberattacks. Learn how balancing security with usability can protect organizations and how a human-centered approach to security awareness is key.

Joshua Crumbaugh is a world-renowned ethical hacker and a subject matter expert in social engineering and behavioral science. As the CEO and Founder of PhishFirewall, he brings a unique perspective on cybersecurity, leveraging his deep expertise to help organizations understand and combat human-centered vulnerabilities in their security posture. His work focuses on redefining security awareness through cutting-edge AI, behavioral insights, and innovative phishing simulations.

PhishFirewall uses AI-driven micro-training and continuous, TikTok-style video content to eliminate 99% of risky clicks—zero admin effort required. Ready to see how we can fortify your team against phishing threats? Schedule a quick demo today!

Send us a text

In this insightful episode of Phishing for Answers, Joshua Crumbaugh, CEO and Founder of PhishFirewall, world-renowned ethical hacker, and expert on social engineering and behavioral science, speaks with Paul James, the CISO of TTEC. They delve into the evolving landscape of cybersecurity, focusing on the challenges of phishing, AI-driven threats, and the balance between usability and security. Paul shares his expertise on how to manage these risks in large-scale organizations, emphasizing the importance of security awareness and the human element in mitigating attacks.

Joshua Crumbaugh is a world-renowned ethical hacker and a subject matter expert in social engineering and behavioral science. As the CEO and Founder of PhishFirewall, he brings a unique perspective on cybersecurity, leveraging his deep expertise to help organizations understand and combat human-centered vulnerabilities in their security posture. His work focuses on redefining security awareness through cutting-edge AI, behavioral insights, and innovative phishing simulations.

PhishFirewall uses AI-driven micro-training and continuous, TikTok-style video content to eliminate 99% of risky clicks—zero admin effort required. Ready to see how we can fortify your team against phishing threats? Schedule a quick demo today!

Send us a text

In this episode of Phishing for Answers, BZ Fabien, Navy Reserve Cyber Warfare Commander and cybersecurity expert, shares his fascinating journey from pre-med to military service and eventually becoming a key figure in Silicon Valley’s tech leadership. BZ discusses the critical importance of security awareness, the challenges of integrating cybersecurity across industries, and the future role of AI in safeguarding organizations. His insights offer a deep dive into how leadership and technology intersect to defend against modern threats.

Hosted by Joshua Crumbaugh, Founder of PhishFirewall, this episode highlights the evolving landscape of cybersecurity and the human element in risk management.

Joshua Crumbaugh is a world-renowned ethical hacker and a subject matter expert in social engineering and behavioral science. As the CEO and Founder of PhishFirewall, he brings a unique perspective on cybersecurity, leveraging his deep expertise to help organizations understand and combat human-centered vulnerabilities in their security posture. His work focuses on redefining security awareness through cutting-edge AI, behavioral insights, and innovative phishing simulations.

PhishFirewall uses AI-driven micro-training and continuous, TikTok-style video content to eliminate 99% of risky clicks—zero admin effort required. Ready to see how we can fortify your team against phishing threats? Schedule a quick demo today!