Mrs Mouse at worksigh
mav 
@MrsMouse samesies
Is knowbe4 the greatest scam the industry ever pulled?
Iron_Squid@mav @MrsMouse
Knowbe4 has a mountain of cringe in 98 percent of the videos they host. But the Sim phishing platform is pretty convenient when you have about 1,500 users you want to phish. After running a sec awareness program for a few years I learned that when I run a PowerPoint filled with stupid memes and talk to people like they are humans they seem to learn better than strapping them to a chair like the Clockwork Orange and force feeding them corporate logo here videos.
Knowbe4 has a mountain of cringe in 98 percent of the videos they host. But the Sim phishing platform is pretty convenient when you have about 1,500 users you want to phish. After running a sec awareness program for a few years I learned that when I run a PowerPoint filled with stupid memes and talk to people like they are humans they seem to learn better than strapping them to a chair like the Clockwork Orange and force feeding them corporate logo here videos.
@squid_iron @MrsMouse That's fair. I have ... feelings about phishing assessments, but they're also a requirement in a lot of cases. The standard model for doing them is very negative, and I don't think that really benefits users.
I saw someone at saintcon talking about gamifying phishing tests in order to get your users buy-in, and I really like that idea, but I don't see a lot of orgs that are really interested in the work or the model.
We took the gamified approach to phishing. Even so far as giving users small monitary prizes for catching three fake phishes in a row or going x months without failing a test etc etc. I strongly feel the best approach is carrots instead of sticks. Treating people like crap because they made a mistake is the worst because when they click a real malicious email they are not going to say a thing if they got put on the chopping block for a fake one.
Do you have thoughts on an optimal to teach office people about this stuff that doesn't involve Sim phishing or boring slogs of stock photo videos?
@squid_iron I wish I had any really an ideas but to be honest I'm in the dark about that. Those things seem like the only thing we have at all.
@mav I was thinking about having a day were I thought people to use a phishing kit to show how easy it is, but that got a lot of push back 😂
@squid_iron it's weird how anti-education people are right under the surface.
It's kind of hilarious how people fear seeing others exposed to security tools because they don't want them to become bad guys... and then turn that argument completely inside out the second someone talks about guns.