BattlePhish™ — Gamified Phishing

Roughly speaking, the how… Random split of your org: Team A, Team B. Team A votes on the the phish (from choice 3) and the time it’s sent out (they don’t need the day) They then get to find out how successful they’ve been. Repeat with team B. Next month, randomise again…. Above, is the… Continue reading BattlePhish™ — Gamified Phishing

ETTS™ Framework

The Email Threat Training System™ is learning framework that provides employees with a structured understanding of the risks they face within their email world. Stage 1. The Viewers Reality (Where their beliefs live)The first part of establishing the viewers reality is to simply state the problem that email or even SMS, has. That being you… Continue reading ETTS™ Framework

Authentic tales from my time as a social engineer + lessons I’ve learnt as a email security professional.

After social engineering my way into the inboxes of White House staff and Banking CEOs I then went to work in email security — it was very much the fairy tail ending. For 3 years I manipulated BEC (Business Email Compromise) cyber-criminals into revealing specific intelligence which was then passed on to global financial institutions… Continue reading Authentic tales from my time as a social engineer + lessons I’ve learnt as a email security professional.