@dguido This is like giving a midterm at the end of the first day of math class and concluding that math education is worthless.
I've never heard of a pentest failing because "aw shucks, they trained their users." Have you? IMHO it's a placebo.
-
-
The times I've been consistently stopped/caught phishing/onsite social engineering is regular testing/training.
-
if they're not getting better, it might be just that crappy training is crappy.
- 2 more replies
New conversation -
-
-
Have you ever heard of teaching someone an important skill by training them on it one day a year? Of course it fails.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Yes, absolutely - the part of the pentest that concerns relying on users as the weak link (soceng)
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
A total myth that comes from doing phishing training badly.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Phishing training is just one of many layers. It doesn't have to be 100% effective to have value.
-
a more thorough security-mindedness is needed, not just a one-off training session, I concur with you there
End of conversation
New conversation -
-
-
I'd argue a security control can have value with 20% efficacy or less. Depends on how it works, context, other factors.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
also, willing to share my direct experiences over DM with examples
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.