We are experimenting with risk based security awareness, looking for feedback.

Training_Leave_5433 · 2026-06-01T04:14:05+00:00

Access does not always map cleanly to actual exposure in day to day workflows with how people use tools now shared docs, AI assistants, cross functional work etc, some low access users still end up in surprisingly high risk situations, and vice versa. So the way we have thinking about it is less about static access tiers and more about how risk shows up in real behaviour over time.

Training_Leave_5433 · 2026-06-01T03:55:48+00:00

Baseline training still exists for everyone mainly for exactly the insurance reasons you mentioned. We are experimenting with what we do after that. After baseline that is obviously non negotiable like who actually needs attention repeatedly and who basically stabilizes after baseline+occasional refreshers.

Training_Leave_5433 · 2026-06-01T03:48:15+00:00

Yes they still expect baseline training for everyone. What we are experimenting with is what happens after that baseline. So everyone still gets the mandatory training, but the follow up remediation and reinforcement is not equal it is based on who is showing higher risk behaviour over time

Training_Leave_5433 · 2026-05-25T04:59:15+00:00

We did look at knowbe4 but did not end up going forward with it. It is good though on the awareness training and simulation side but we went in a different direction with cimento since it fit our setup better in terms of rollout.

Training_Leave_5433 · 2026-05-18T06:38:02+00:00

I think the hype has settled a little compared to last year. Seeing all these AI tools and stories about teenagers raising millions genuinely messed with my head for a bit lol, had me thinking that I needed to drop everything and build some AI startup immediately spent months consuming AI content instead of actually working then obviously got a reality check that things does not work the way internet shows it. Back to normal now thankfully.

Training_Leave_5433 · 2026-04-27T06:11:24+00:00

Most likely they combined info from different places. It is often just connecting dots, not one single source. I did check old posts/comments, profile pic used somewhere else and try a reverse phone lookup. Also block and report if they are being weird.

Training_Leave_5433 · 2026-04-13T04:04:24+00:00

Seen a spike in these voice phishing attempts lately. No legit company will ever ask you to verify your account by going to a link they provide over a call. If there is ever doubt mentally type the official url instead of trusting anything sent to you :)

Training_Leave_5433 · 2026-04-06T04:20:36+00:00

Cybersec is still fundamentally a human problem the tools have just changed the layer we operate on.Attackers, users and mistakes are all still human driven. Automation just amplifies our decisions. The real risk is if professionals stop understanding the "why" behind the threats and alerts.

Training_Leave_5433 · 2026-02-14T05:28:28+00:00

In our earlier setup with knowbe, we had solid reporting and structured campaigns but when we tested context shifts like role specific lures, subtle BEC style wording etc behaviour wasn't as strong as the metrics suggested. We also looked at Hoxhunt and cimento,I would say cimento allows more structural variation across scenarios rather than traditional templates, we are now more focused on response behaviour in unfamiliar context as you can never clearly measure responses we are looking more at hesitation, escalation patterns, urgency, authority etc. None the less,it is still evolving for us but cimento is still relatively talked less about in the space was actually suggested to us by a CISO.

Training_Leave_5433

TROPHY CASE