In this episode of Cybersecurity Today, host Jim Love explores the complex dynamics of cybersecurity training with guests Michael Joyce and David Shipley. They discuss the importance of continuous awareness and the temporal decay of training effects. The conversation highlights the critical balance between training frequency and effectiveness, with data suggesting that monthly phishing simulations and quarterly training interventions offer optimal results. Despite recent headlines claiming phishing training is ineffective, the discussion underscores the nuanced understanding required to navigate cybersecurity education. The episode also delves into academic versus business perspectives, emphasizing the importance of empirical research and critical thinking in developing effective cybersecurity strategies.

00:00 Understanding Human Vigilance and Awareness Decay 00:33 Introduction to Cybersecurity Today 00:46 Meet the Experts: Michael Joyce and David Shipley 01:39 Exploring the Human-Centric Cybersecurity Partnership 03:38 The Role of Liberal Arts in Cybersecurity 04:23 Challenges in Cybersecurity: Technology vs. Human Behavior 06:34 The Importance of Independent Research in Cybersecurity 12:30 Analyzing Cybersecurity Awareness Month 18:32 Phishing Simulations and Security Fatigue 23:14 The Impact of Training on Phishing Awareness 39:38 Experimenting with Phishing Training Frequency 39:51 Critiques and Insights on Cybersecurity Training 41:51 Optimal Training Intervals and Their Impact 43:23 The Role of Awareness in Cybersecurity 44:13 Understanding Phishing Reporting and Skills Decay 45:22 Ethical Considerations in Phishing Simulations 46:38 New Data on Why People Click Phishing Links 55:52 The Importance of Psychological Safety 57:23 Debunking Misleading Headlines on Phishing Training 01:05:44 The Complexity of Cybersecurity Research 01:16:41 Final Thoughts and Recommendations

The Evolving Landscape of Cybersecurity Training: Effective Strategies and Misleading Headlines