Sign up to save your podcasts
Or
Share Social Engineering for Good: How Psychology Beats Technology
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Social Engineering for Good: How Psychology Beats Technology
Send us Fan Mail
Psychology has become the new firewall in our digital world. When sophisticated security systems block 99.9% of attacks, hackers focus on the fraction that reaches humans – making your brain the ultimate cybersecurity tool.
Cybersecurity expert Tate Jaro shares his journey from Army infantry officer to Secret Service special agent investigating major financial crimes like the JP Morgan intrusion case, which compromised over 100 million records. Through these experiences, he developed a critical insight: while technical defenses are essential, human behavior ultimately determines whether an organization stays secure.
The conversation reveals how traditional security awareness approaches often fail because they focus on compliance rather than behavior change. Most people want to be secure but struggle with complexity, lack of immediate consequences, and competing priorities. The solution? Treating security awareness like marketing – focusing on influencing behaviors and capturing attention through psychology rather than technical jargon.
"We're not hacking systems, we're hacking behaviors," explains Jaro, highlighting how simple changes like enabling captions on training videos can improve effectiveness by 35%. Controversial practices like "gotcha" phishing simulations that trick employees often backfire by creating distrust and fear rather than building security confidence.
Building a security-minded culture requires creating social proof – demonstrating that security awareness is valued and expected within an organization. When employees who report potential threats are celebrated, vigilance becomes part of the organizational identity. Equally important is destigmatizing security mistakes by discussing incidents openly, removing the shame that prevents people from reporting problems.
Want to strengthen your personal digital defenses? Check out onlinesafety.substack.com for weekly, actionable privacy and security tips from a true expert. Remember that small improvements in your security habits create ripple effects across both your personal and professional digital life.
Joshua Crumbaugh is a world-renowned ethical hacker and a subject matter expert in social engineering and behavioral science. As the CEO and Founder of PhishFirewall, he brings a unique perspective on cybersecurity, leveraging his deep expertise to help organizations understand and combat human-centered vulnerabilities in their security posture. His work focuses on redefining security awareness through cutting-edge AI, behavioral insights, and innovative phishing simulations.
PhishFirewall uses AI-driven micro-training and continuous, TikTok-style video content to eliminate 99% of risky clicks—zero admin effort required. Ready to see how we can fortify your team against phishing threats? Schedule a quick demo today!
View all episodes
By Joshua Crumbaugh, Founder & CEO of PhishFirewallSend us Fan Mail
Psychology has become the new firewall in our digital world. When sophisticated security systems block 99.9% of attacks, hackers focus on the fraction that reaches humans – making your brain the ultimate cybersecurity tool.
Cybersecurity expert Tate Jaro shares his journey from Army infantry officer to Secret Service special agent investigating major financial crimes like the JP Morgan intrusion case, which compromised over 100 million records. Through these experiences, he developed a critical insight: while technical defenses are essential, human behavior ultimately determines whether an organization stays secure.
The conversation reveals how traditional security awareness approaches often fail because they focus on compliance rather than behavior change. Most people want to be secure but struggle with complexity, lack of immediate consequences, and competing priorities. The solution? Treating security awareness like marketing – focusing on influencing behaviors and capturing attention through psychology rather than technical jargon.
"We're not hacking systems, we're hacking behaviors," explains Jaro, highlighting how simple changes like enabling captions on training videos can improve effectiveness by 35%. Controversial practices like "gotcha" phishing simulations that trick employees often backfire by creating distrust and fear rather than building security confidence.
Building a security-minded culture requires creating social proof – demonstrating that security awareness is valued and expected within an organization. When employees who report potential threats are celebrated, vigilance becomes part of the organizational identity. Equally important is destigmatizing security mistakes by discussing incidents openly, removing the shame that prevents people from reporting problems.
Want to strengthen your personal digital defenses? Check out onlinesafety.substack.com for weekly, actionable privacy and security tips from a true expert. Remember that small improvements in your security habits create ripple effects across both your personal and professional digital life.
Joshua Crumbaugh is a world-renowned ethical hacker and a subject matter expert in social engineering and behavioral science. As the CEO and Founder of PhishFirewall, he brings a unique perspective on cybersecurity, leveraging his deep expertise to help organizations understand and combat human-centered vulnerabilities in their security posture. His work focuses on redefining security awareness through cutting-edge AI, behavioral insights, and innovative phishing simulations.
PhishFirewall uses AI-driven micro-training and continuous, TikTok-style video content to eliminate 99% of risky clicks—zero admin effort required. Ready to see how we can fortify your team against phishing threats? Schedule a quick demo today!