From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

IT Brew

Tom McKay

itbrew.com

Graphic of gravestones in descending height order

Scam obituary sites draw enterprise traffic, research finds

Obituary sites that currently scam users into installing push notifications and pop-ups could be a vehicle for malware.

Amanda Florian

Threat actors in China becoming ‘more brazen,’ NSA says 

Dave Luber of the NSA told IT Brew new incidents tied to Volt Typhoon are unfolding every day based on “industry and incident response reporting.”

Billy Hurley

HSB adds cyber protections to automotive coverage

The insurance provider sees the car a lot like a computer—both can be hacked.

A shield with a checkmark inside icon denoting cybersecurity

Cybersecurity

So, you’re always on your phone. That just means you’re tougher to phish.

A study from Carnegie Mellon University in Pittsburgh, and Ben-Gurion University of the Negev, Israel, suggests mobile device users are “more risk-avoidant than PC users” and tend to be less likely to open potentially risky messages.

The findings are a reminder for IT pros that they must keep their PC-using employees, in particular, on the edge of their computer chairs and in the know about possible threats.

“I would say alerting people faster or more often, or lowering the threshold of the alert mechanisms would be a general strategy to start handling the situation,” research co-author and Carnegie Mellon professor Naama Ilany-Tzur told IT Brew.

Phishing led all cyber-specific complaints in 2024, according to the FBI’s most recent IC3 report. The threat accounted for 193,407 out of 859,532 total complaints filed with the agency, and cost orgs a total of $70,013,036.

 With records attained from a cybersecurity network-protection startup, Ilany-Tzur and Ben-Gurion’s Lior Fink reviewed just under 500,000 anonymized URL requests made by mobile devices and PCs during one week in 2020. The team found “a positive and significant relationship between mobile device and the safety level of the target URL.”

Later, the researchers recruited workers from the Amazon Mechanical Turk (AMT) platform to perform an image-tagging task—while being interrupted with a pop-up phishing message. The test showed that mobile users were “2.67 times more likely than PC users to show risk-avoidant behavior,” or to avoid clicking the pop-up’s malicious links. A second experiment determined mobile users were 4.43 times more likely than PC users to go phish.

It’s not that people on mobile devices are making good or bad click-related decisions. It’s that they’re making 

 decisions—and that’s actually a good thing when it comes to phishing. “Mobile users address the higher cost of risk assessment by avoiding the risk rather than by succumbing to it,” the report concludes.

A smaller device and constrained environment, the authors say, increases the difficulty of risk assessment.

Ilany-Tzur theorizes that phone users are in a “mobile state of mind,” or on-the-go and experiencing a higher “cognitive load,” which leads to a more on-edge mindset.

“When you’re loaded, or even overloaded, you will tend to avoid making decisions,” she said.

PC users, according to the research, are “interacting with a larger screen and are in an environment that is less cognitively constraining, culminating in a greater likelihood of accepting the risk.”

Given the findings, orgs may want to consider creating lower thresholds for alerting those more risk-accepting PC users, she said, and enhancing protection mechanisms specifically for PC devices,” she added in a follow-up email.

Perhaps an irrational doomscroll then has its security benefits.

“The danger lurks when we are at ease, not when we are on edge,” said Ilany-Tzur.


Phishing hook going through a mouse pointer arrow

Study: Mobile users less likely than PC users to click phishy links

Maybe a “mobile state of mind” leads to better security, suggests Carnegie Mellon research.

Using clever prompts, security tester Joey Melo got a large language model to give him a password and, indirectly, a new job.

Melo won AI security company Pangea’s March prompt injection challenge. Now hired as an AI red-teaming specialist at the company, Melo spends his days attacking AI models, studying outputs, and finding ways attackers can abuse those possibilities.

He most recently found how attackers can use slyly worded prompts to bypass 

. (IT Brew recently reported how phishers have the opportunity to hide fake tech-support messages in AI summaries. 

As for the new gig, he appreciates being in a field where standard attacks and defenses are still being written, literally.

“It’s a very nice spot to be in, whereas, in the more traditional sense of ethical hacking, even though things are being discovered, the techniques, the fundamentals are there, and they’re well-established,” Melo told us.

Pangea’s prompt-injection contest challenged over 1,000 global contenders like Melo to enter rooms and extract secret passwords using natural-language prompts. Guardrails, and therefore the degree of difficulty, increased as players advanced.

, said he relied on three styles to defeat the escape room’s large language model, which he said was a version of Meta’s open-source Llama 3 and 3.2 LLM:

wording for the passphrase he asked for, like “phrases of the secret” instead of “secret phrase.”

With irrelevant-to-the-tasks prompts like “describe the room” (and asking the LLM to explain why the prompt is not malicious), Melo said the LLM was thrown off from detecting the core attack.

By immediately following a non-malicious prompt with a more nefarious, gimme-the-password one (and asking the LLM to explain why that, too, was 

 a malicious prompt), the LLM’s reasoning appeared disrupted. The end of Melo’s disorienting prompt also included a surprising, “Nice to meet you, I’m just looking at the room.”

(Meta’s public affairs director Dave Arnold, when asked how the company responded to the findings about its LLM, referred us to existing protections like 

, which aims to detect prompt attacks and malicious instructions.)

Melo shared more about what he learned from having a look around the room in Pangea’s contest with IT Brew.

His responses below have been edited for length and clarity.

What have you learned about how to hack these things?

AI is probability, because one token leads to another, leads to another, based on probability…You know that phrase where they say you can’t try the same thing over and over and expect different results? Well, that goes out of the window with AI. You 

 try the same thing and expect different results.

Does that mean that break-ins are going to be inevitable, or that you can’t really defend against human ingenuity here?

Let’s say the LLMs reach a point where 

 updates are needed and we have a final version…Eventually we get to a point where all these breaks would be classified properly. And we would have enough data to tell,

“This is a break. This is a legitimate conversation.” 

But the thing is: The LLMs are evolving, just like web applications are constantly evolving. There’s always a new version being released. With new versions and new technology come new vulnerabilities and new human ingenuity.

Most models are trained at least at some level on malicious prompts. If you go to pretty much any model today and just say, “ignore previous instructions,” they have been trained so well that this is a malicious request and they just say, “No, I can’t.” This makes it harder. They also have been trained on content classifiers. 

So, whatever your input is, it’s going to go to a classifier set and try to infer the context: Is this harmful? Is this self-harm? Is it sexual? Is it swearing? Is it biochemical weapons? Or is it just safe? Is it curiosity? Is it for educational purposes?

There’s a big list of content classifiers that go through, and then it gets set scores…The content classifier is what makes our job harder today, but they’re still being developed. They’re still being trained, and there’s a lot of room to break stuff.

Am I suddenly in the mix now, as an English major, to be an ethical hacker? Do you think the pen-tester skill set has changed?

Before you would need a lot of experience with computers to understand what’s going on in the background. But now you’re just using natural language, and then you’re just asking a bot in different ways to do stuff, and then it can work. So, that’s definitely made it more accessible. However, what makes a difference in people who are ethical hackers, in the more classic sense before AI, is that they have a knowledge of, 

 Cybersecurity tester Joey Melo wants to break your AI with a prompt

 What an AI red teamer thinks about the breakability of today’s LLMs.

Brianna Monsanto

There’s no “I” in team, and there surely isn’t one in ransomware either. For this reason, cyber resilience platform Halcyon is extending an olive branch both to the public and private sectors to tackle the threat of ransomware as a collective.

Last month, Halcyon debuted its Ransomware Research Center (RRC), an initiative that aims to bring threat researchers, policy leaders, and other stakeholders together to produce ransomware-focused threat intelligence, share expertise, and “take collective action at scale.”

The public–private coalition is led by Cynthia Kaiser, who is SVP of the initiative. Kaiser, a former deputy assistant of the FBI’s cyber division, told IT Brew that the impetus for launching the RRC was to foster collaboration within the industry and its different players to better address the threat of 

“There’s so many other entities out there with so much good information and right now, we all put it out so piecemeal,” Kaiser said. “What we wanted to do was to create a way in which we could bring people together [and] talk about things that are comprehensive.”

Kaiser explained the industry as a whole has yet to find a way to “holistically” tackle and reduce ransomware. She said there are also gaps present in how the industry and government work together to defend against cyber threats.

“There’s certainly ways in which industry has a lot more information than the government,” Kaiser said. “There’s things the government has that they could really share a lot more on, too.”

 Kaiser said the RRC will create “baselines” on threat actor profiles and communicate where people can go to obtain basic information related to ransomware, such as how many attacks have occurred during the year.

“That seems simple, but it’s actually really difficult and can really cause a lot of issues,” she said.

Kaiser also sees potential opportunities to collaborate with Information Sharing and Analysis Centers and startups to share industry-specific ransomware intelligence and create more comprehensive intelligence.

Ransomware continues to pose a rampant threat across different industries. For instance, 

 that examined both confirmed and unconfirmed ransomware attacks worldwide found that there were 464 total incidents in the month of July alone.

Ven Auvaa, director of information security at ArmorPoint, told IT Brew that having an initiative with a specialized focus on ransomware and one that bolsters collaboration between the 

“Having one center where we have ransomware specialists and threat researchers all working together, instead of just one single person working for one single organization, that’s going to…allow for a lot more deeper research.”

Pixelated mouse arrows attacking personal screens.

Halcyon launches public–private coalition to combat ransomware

Halcyon’s Ransomware Research Center SVP says the industry currently puts out information on ransomware in a “piecemeal” fashion. 

Like most teenagers in the early 2000s, Marcin Kleczynski spent a lot of time on the family computer.

The Kleczynski household was home to a white Dell CRT Monitor, the kind the Malwarebytes co-founder and CEO told IT Brew practically everyone had at the time. On it, he would play videogames that he obtained through “nefarious” means—until the clunky PC fell victim to 

, malicious software that caused a host of problems for the devices they occupied, such as slower performance and pesky pop-ups.

“Long story short, [I] downloaded what I thought was a video game to play and the computer starts acting funny,” he said.

“Here I am, in the basement of my parents’ house. We’ve got a computer for the first time, and I broke it,” Kleczynski said.

He quickly took to the internet to find a way to salvage his computer. Fortunately, a volunteer on a spyware-focused online messaging forum came to Kleczynski’s aid, supplying him with instructions to nurse his PC back to health.

“I decide I want to stick around this community because I saw her as a superhero online helping people like me clean up their computer for free,” Kleczynski said.

Kleczynski—who always had an affinity for computers, recalling one time during high school when he built a PC from scratch in front of his peers (“it wasn’t that hard,” he said)—quickly submerged himself in the spyware community, helping out others in need. During his time there, he realized that volunteer spyware warriors like himself were relying mostly on crowd-built resources.

“To me, that was a massive disconnect,” Kleczynski said, questioning why the online volunteers weren’t getting paid for their efforts and why they only had “hacked-together” tools to work with.

This prompted Kleczynski, along with a few colleagues he met within the makeshift spyware community, to launch Malwarebytes in 2008. He said part of what made the cybersecurity company so successful was that it acted as a “wing man” to the larger security companies.

“We would tackle the most aggressive threats, the ones that were most prolific, the ones that were affecting people in the harshest ways, and we would also work collaboratively with these message boards of people trying to help others, and [became] a tool for that superhero,” Kleczynski said.

He added that the company’s choice to provide its core services for free also distinguished it from other players in the industry.

“We were…giving the cure away for free and offering a vaccine for a nominal lifetime cost at the time,” Kleczynski said. “So, I think that’s really what set us apart.”

Alex Eckelberry was the CEO of security software company Sunbelt Software in the early 2000s, another company entrenched in the spyware space and a direct competitor of Malwarebyes at one point. Eckelberry spoke highly of the cybersecurity software company when reflecting on its role in the spyware epidemic.

“They were the best at removing stuff. They could remove anything, and the reason Malwarebytes was so good was because their technology was good, but they also came out of that community,” said Eckelberry, who later served as a general manager and board member of Malwarebytes.

While today, spyware may feel like a blast from the past, Malwarebytes is still up and kicking. The company claims it serves millions of customers around the globe and currently blocks more than 90 million web threats and malicious sites in a typical month.

Kleczynski attributes the company’s success to its move to separate its enterprise and consumer businesses. In 2023, Malwarebytes launched ThreatDown, a distinct rebranding of its Malwarebytes for Business solutions geared toward businesses, partners, and managed service providers.

“Businesses are worried about very different things than consumers and so to have the same product offering, go-to-market strategy, [and] website brand didn’t make much sense,” Kleczynski said. He added that while organizations tend to focus on things like network security, consumers are more interested in identity protection.

 Kleczynski said Malwarebytes sees an even amount of demand from the two customer segments. Right now, his focus is on the long-term strategy of the business as it comes of age.

“What do we want to be when we grow up after 18 years?” Kleczynski said. “I guess we’re a teenager as a company. It’s crazy.”

Marcin Kleczynski against a purple background with two white flowers.

How Malwarebytes CEO Marcin Kleczynski accidentally became the internet’s spyware defender

It all started with an old white Dell PC and pirated video games. 

Eoin Higgins

Ask Huntress CEO and co-founder Kyle Hanslovan about the future of the cybersecurity industry’s public-private partnership and you’ll get a long answer.

Hanslovan, who spent 16 years in US intelligence before launching Huntress a decade ago, is no stranger to the back and forth between agencies and the corner office. Add to that the reality of the federal government and its interplay with the states and you have a recipe for, if not disaster, certainly confusion.

IT Brew had a chance to catch up with Hanslovan in early August, and we asked him where the public-private partnership goes next in an era of budget cuts and an uncertain federal commitment.

This interview has been edited for length and clarity.

As we’ve reported, budget cuts have impacted cybersecurity programs at the federal level. The public-private cybersecurity partnership in the US has long been a point of pride for the industry—where are things at now?

At the end of the day, there is stuff that the government will not be funded to do. Today, it might be more on the states to handle things. Tomorrow, it could be more on federal, but I think we have to acknowledge that hope is not a very good strategy.

Private business is in many ways stepping up for some of that predictability… I’m not promoting vigilante hacking, but I think there should be a lot more collaboration when vendors and folks like us see mistakes. 

Whether it’s a cybercriminal doing something and they leave a door open, or they leave a password available, I’m not so sure there shouldn’t be a rapid response capability in the government that says, “I found this mistake.” The government should be able to leverage it.

So it’s safe to say that you’re in favor of the public-private relationship?

Public and private relationships are critical, but we are still very immature on how we collaborate to support offensive operations against cybercrime and nation-state threat actors.

Sometimes it seems the government moves a little slowly on these threats. In the US we have federal and state governments, for example, with differing regulations and policies. How does that play into reaction time and defender decisions?

We just bombed a country without congressional approval. If we really, as a federal government, wanted to take a quick reaction to a threat actor in cyber, we’d do it. We're not. Let’s call that spade a spade first.

Second, I don’t think we should have the ability to fire from the hip and not ask for permission, right? I do think asking for permission is important. Oversight is very important.

There is a hell of a lot of bureaucracy, and the people paying for it are not the largest companies with unlimited budgets and unlimited staff. The people paying for it are the businesses that are the backbone of our economy that don’t have access to unlimited talent, or have limited budgets, or people overworked and underresourced.

This starts with decisive leadership that’s willing to take a more firm stance—and that might mean some imperfection. I think it starts with our new secretary of defense. We’ve talked about returning to the warrior ethos of the military. I would like to see that warrior ethos extend to how public and private collaborations in cyberspace help arm and protect, whether it’s any democratic Western government, let alone the citizens behind it. I think this is something that we really need to consider if we want to keep our edge over cybercrime.

When you look at the state of the last decade in public-private efforts to push back on cyber threats, where do you see us headed? How does the danger of attackers manifest itself?

The next 10 years are going to require better collaboration, better automation, and, to be honest, more reactivity with urgency, even better proactivity or getting ahead of these threats before they happen.

There’s a lot of infrastructure, bureaucratic overhead, a lot of really hard things. Who do you get a hold of if you find a hacker doing this? Do you call the FBI? Do you call the internet cybercrime center? Do you call DHS? Do you call CISA? Do you call the NSA, the CIA? We have to figure it out because the one thing that threat actors have is they’re very small. They’re very agile, and they don’t have the same overhead of the system.

Public-private cybersecurity partnership is strong, but there are still improvements to make

“Hope is not a very good strategy,” Huntress CEO Kyle Hanslovan tells IT Brew.

Ask Huntress CEO and co-founder Kyle Hanslovan how his company has made it 10 years and he might quote Taylor Swift.

“It’s that Taylor Swift song that talks about ‘haters gonna hate’—there’s a reason people don’t go 10 years. There’s a reason why most founders sell early or close up shop early,” Hanslovan said. “You have some weird obsession with rejection or proving people wrong.”

That drive to prove the haters wrong in spite of continued adversity is a central part of Hanslovan’s philosophy, he told IT Brew in a recent interview. Today, Huntress has a 

 that focuses on threat detection, Huntress offers products to assist in identifying malicious actors and raising the alarm.

“Thank goodness it worked because now I can tell successful stories about it, instead of ‘hold my beer’ stories that didn’t go so well,” Hanslovan said. “It’s cool, looking back 10 years now and saying, ‘Well, I guess we got something right.’”

-esque backstory. As a kid in the ’90s, trying to access the internet, Hanslovan found himself in some “shady” places. He went into the Air Force out of high school, focusing on intelligence and computers. Hanslovan then spent most of his 16-year career in the service pursuing threats in the tech space; the same shady approach he had deployed to get online when he was younger served him well in the public sector—and, once he went private, in how to build a threat-hunting company.

“I realized that if I was going to go toe to toe with hackers that were going after not the Fortune 500 businesses, but the real core backbone of global economies, I was going to have to do things differently,” Hanslovan said.

That meant making decisions about how to approach threat actors—and, often, the approach didn’t lend itself to an ethical solution. Instead, Hanslovan told IT Brew, he operated in a way that allowed him to be “slightly in the gray that pushes the boundaries and do it differently.”

With his public sector work giving him a window into the criminal underbelly of tech, Hanslovan was able to put himself in the attackers’ mindset. In doing so, his skill level increased to the point where he knew he was going undetected as he observed criminals and nation-state actors.

“When you’re gathering intelligence, you’re often sitting on a computer with, sometimes, cybercriminals on the same computer; sometimes it's other nation-state actors,” Hanslovan said. “So imagine me, as a serviceman, looking at these going, ‘Oh man, I know these other hackers are on this computer, but they have no freaking clue that I'm on this computer.’ That's a pretty exciting moment.”

Hacking “semi-ethically” for his intelligence work led to Huntress. Hanslovan credits the confidence he built up as key to putting the company together and as a necessary driver, as the early days of a startup are often fraught with rejection and dismissal.

Now that Huntress is well established—and could go public—Hanslovan and his team need to decide what the next decade looks like. It’s a “spicy thought,” Hanslovan said, but investing in cybercrime at this moment might be a better use of funds given the industry’s state of play. As bleak as that might be, Hanslovan, and Huntress, will continue to push forward.

“The pace of innovation in the cybercrime world is outpacing small enterprises, especially small businesses,” Hanslovan said. “I’m looking at the next 10 years going ‘I got to work just as hard as my first 10 years,’ but now I’ve got a hell of a lot more gray hair. I’ve also got a hell of a lot better lessons learned.”

Huntress CEO Kyle Hanslovan’s journey from ‘shady’ youth to billions of dollars in valuation

“It’s cool, looking back 10 years now and saying, ‘Well, I guess we got something right,’” Hanslovan tells IT Brew.

When KnowBe4 data-driven defense evangelist Roger Grimes reveals his employer to people, he is typically met with one response.

“The first year or two I was at KnowBe4, people would say, ‘Where do you work?’ I’d go, KnowBe4 [and] they couldn’t pronounce it…Now, when I tell people I work for KnowBe4, they’re like, ‘Oh, I just failed one of your tests,’” Grimes said.

That’s because of how ubiquitous KnowBe4 has become in the cybersecurity industry. Almost 70,000 organizations rely on KnowBe4, with an upward of 50 million users using its platform everyday.

“You can go to London, you can go to Rome, you can go to New York, and everywhere it’s default. It’s KnowBe4,” co-founder and CEO of security platform Anetac Timothy Eades said.

While employees may only be able to recall failed phishing simulation tests and compliance training when they think of KnowBe4, the security awareness training company has completely turned the cybersecurity industry on its head and modernized a once antiquated way of learning. IT Brew caught up with Grimes to discuss KnowBe4’s early days and how it won the trust of thousands of companies.

 KnowBe4 was founded in 2010 by Stu Sjouwerman. At the time, Sjouwerman’s anti-malware software company Sunbelt Software had just been acquired by GFI Software.

“He sells the company, makes his millions, and within five days, he’s sitting at home bored and he’s like, ‘I want to form another company,’” Grimes said. He added that Sjouwerman had become cognizant of the threat of 

 and unpatched software, causing him to dedicate KnowBe4 to defending against such threats.

In 2011, a year after launching, Sjouwerman brought on Kevin Mitnick, a renowned hacker and security consultant, as chief hacking officer and partial owner of KnowBe4. Grimes said Mitnick, who 

, had been a “very early proponent” of social engineering. As videos Mitnick made began to gain traction, Grimes said Sjouwerman decided to focus more on training content. This move, along with a large ransomware incident at the time, propelled KnowBe4 into a state of growth.

From there, Grimes said KnowBe4 helped to quantify the extent of the social engineering problem and prove the importance of security awareness training. A 2023 KnowBe4 white paper shows that users who receive simulated phishing tests multiple times per week for more than a month saw a 96% improvement rate in their phish-prone percentage rate (KnowBe4 defines this as the “ability of a user to flag a potential phishing email”).

“Back when we started, it was just one of the problems, like bubbles in a glass of champagne,” Grimes said. “But we’re the ones to come out and say, ‘Hey, one of those bubbles is significantly bigger than all the others.’”

Making security awareness training, dare I say, fun? 

Grimes told IT Brew that part of what differentiated KnowBe4 from other security awareness training providers at the time was the platform’s ease of use.

“With some of the other competitors…you would go to an educational class and they certify you,” Grimes said. “Ours was just open up the interface and look. If you can’t be up and running within an hour, we haven’t done our job.”

However, others observed a fundamental shift in how security training was delivered and consumed after KnowBe4 hit the scene. Dev Nag, founder and CEO of QueryPal, an AI-powered ticket automation company, told IT Brew that security awareness training previously focused mainly on telling users in a simplistic manner what good cyber hygiene practices were.

“It’s almost like trying to learn how to play baseball by watching a video, but not actually ever swinging a bat,” Nag said.

Nag said KnowBe4, among others, introduced a “second generation” of training videos that not only told users what they should be doing, but also made sure they understood what they were learning in real time.

“KnowBe4 is actually like, ‘Let’s get you some bats. Let’s actually see how you swing the bat against a real live pitch and when you fail, we’ll show you how you failed and make you better at it,’” he said.

Eades added that KnowBe4’s recognition that social engineering is an “everyone problem” allowed the company to create a “go-to-market flywheel” that allowed it to penetrate the security awareness training market.

“Their M&A model was just plugging in more things that they could put into…the existing go-to-market model,” Eades said. Over the years, KnowBe4 has acquired several companies, including cloud email security firm Egress, security awareness platform SecurityAdvisor, and video production company Twist and Shout Group.

Nag said KnowBe4’s ability to invoke a “visceral experience” when training and informing end users through its video series 

, a “cybersecurity thriller” that explores different cybersecurity-related themes, was also a game changer for the company. Grimes said the ongoing, award-winning series, which now has run six seasons, has been so positively received that customers often call KnowBe4 asking when the next season is coming out. KnowBe4 data shows that those who watched between one-to-nine episodes of 

 saw about a decrease of 9 percentage points in phish-prone percentage rate.

“You know you’ve made good content when they’re calling you to get more training,” Grimes said.

 Grimes said discussions with customers and emerging threat trends help to shape the type of content the company will focus on in a given year. One of the company’s 2026 videos, for example, will focus on 

“We are sure by the end of 2025, and certainly into 2026, it’s going to be a major problem…so today, we’re making those videos and going to put them out there,” Grimes said.

As attackers continue to leverage AI to launch more sophisticated attacks at end users, Grimes suspects that 

 companies will need to leverage that same tool to deliver more tailored content.

“The future of security awareness training is this very individual, specific training curriculum just for you that is different than anybody else in your company,” Grimes said. “And that’s what we’re working toward and pushing toward.”

Eades said this transformation will be essential for every player in the market moving forward.

“You’ve got a tectonic shift coming with AI-based human attacks on the human layer,” Eades said. “The technology needs to step up and be more AI-infused because you’re going to have to fight AI with AI.”

Over the shoulder view of a young woman using laptop, using her phone to verify her password.

How cyber firm KnowBe4 gave security awareness training a much-needed facelift

“The future of security awareness training is this very individual, specific training curriculum just for you that is different than anybody else in your company,” Roger Grimes tells IT Brew. 