Every negative connection - message, training, nudge, alert, etc. - between employees and infosec is not just a missed opportunity but pushes employees further from security. And, given the state and scale of direct user threats today, every employee should be more closely aligned with security.

Data is, or at least should be, the lifeblood of an effective information security program. One source of data that is typically missing from an infosec program is user, or employee driven data. Your employees are on the front lines. They see things you may not be able to see .

Device security has evolved over the last 10-20 years. With new devices (employee-owned smartphones) and new technologies (SaaS and the cloud), the role of devices in modern work and the field and approaches to device security have shifted almost entirely.

The dark web is a treasure trove of information, data, and malicious software. Most people do not know about the dark web and, if they do, they don’t really know what is available on it. For both professional and personal reasons, I worry about the dark web a lot. Here's why.

Phishing campaigns and phishing simulators have become a part of security awareness training. Using phishing campaigns to continuously iterate and improve your security awareness program will reduce your human risk in a compounding trajectory.

Holiday shopping kicks off this month. One of the major events is Black Friday in which shops offer special sales and discounts.Every year, as retailers try to get you to buy something on Black Friday, Cyber attackers try to scam you using fake messages, links, and websites.

Security awareness companies need core LMS features to enable customers to be able to get value from their training content. But what is an LMS? An LMS has a set of core required features, which we listed above. A Slack LMS integrates Slack into the workflows of all of these features.

The real risk of human actions has increased as more technology has moved to the cloud and more workflows have moved to SaaS (Slack, Google Workspace, Microsoft 365, Salesforce, Workday, etc.). Human risk today is driven by user decisions in SaaS apps. And security awareness hasn't kept pace.

The most recent Forrester Wave: Security Awareness & Training (SA&T) report was released a few months ago. The report lands at the following conclusion: security awareness training market is in need of disruption. We could not agree more.

The magazine Fast Company was recently hacked. After gaining access, the attackers sent offensive push notifications to users via the Apple News app. Apple disabled the Fast Company news account. It was easy for the attackers because Fast Company used default, easy to guess passwords.

If you are shopping for a security awareness vendor, you have Netflix-style variety at your fingertips. The problem is, users aren’t looking for new forms of content to teach them the same lessons. Security awareness needs a new approach, not new content covering the same topics.

My First Million is a popular business and technology podcast. In a recent episode, Shaan Puri (@ShaanVP) and Steph Smith (@stephsmithio) of a16z discussed social engineering and the phishing simulation market that grew to try to address it. We break down what we learned from hearing them talk.

🎃 Happy Halloween!In the spirit of the season, we wanted to debunk, and de-scare, some of the myths about social engineering. Social engineering is:the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.

👩‍💻 Optus, a huge telcom in Australia, recently had a data breach. Last week, Optus was adamant that “human error” was not a factor in the breach - “Optus has strenuously denied "human error" being a contributing factor in a data breach….”. Wait, what?!?!

Security is a core competency that every person should possess. This does not mean every person should be a security or cybersecurity expert. The primary way to accomplish this is with a security mindset. And building a security mindset is a lot like building strength in a muscle.

An LMS is a learning management system. It is general purpose and can be used for any training topic. Security awareness is a form of training focused on security related topics. This post dissects how to run both concurrently because they are fundamentally different tools with different features.

While phishing simulations have value as a part of a broader security awareness program, continuous forms of security training are more effective at building a security mindset and better security hygiene. Phishing simulations should be seen as a means to measure effectiveness of security training.

The thing that is missing in the security training landscape is simple - it’s connecting security to employees. All too often security training is designed, at worst, to check boxes and, at best, it is done outside the context of work.

We're excited about our new product - Workflows! Workflows continue our path towards delivering continuous, engaging, effective training in the context of modern work. Workflows extend the Haekka platform to new applications, new flows of work, and new opportunities for user engagement.

Users love ❤️ learning in Slack. We hear this consistently from our users. The interactions are fast and the content is digestible.Games in Slack are a natural extension of this. The logic, coupled with the conversational interactions in Slack, make logic-based games a good fit.

Knowing how to read a URL has become an essential skill for everybody. In this post, we will walk you through how to read a URL. Reading a URL, which breaks it down into its constituent parts, makes it easy to decide if a URL is real or fake.

The big news this week regarding Twilio’s data breach led us to dig into what happened. The breach resulted from a successful phishing attack sent via text message — a technique referred to as smashing. In this post, we dig into Twilio’s publicly available material on its security program.

Twilio announced a massive data breach this week. Most of the news focuses on how Twilio employees were scammed using SMS-based phishing attacks. That's only part of the story. The Twilio data breach highlights the multifactorial world of data breaches.

It’s hard to imagine without seeing it but Slack functions very well as a learning management system (LMS). An LMS built on top of Slack instantly has apps for all platforms - web, Mac, Windows, iOS, and Android. This post walks through all the features of Slack that make it a great LMS.

In this post, we discuss why you should be conducting employee risk and security surveys and why Slack is a great tool to do it. We conclude with an example survey template that can be used to kickstart surveys at your company.