Elevating Cybersecurity Awareness Training: Insights from Bob Fabien and Joshua Crumbaugh

In a recent episode of Phishing for Answers, Joshua Crumbaugh sat down with Bob Fabien (BZ), Navy Reserve Cyber Warfare Commander, to dive deep into the critical aspects of cybersecurity that often go overlooked. Their conversation highlighted the importance of human-centric training and simulation as the bedrock of effective defense strategies.

The Role of Training in Cybersecurity

BZ emphasized a key lesson from his career: the human element is both the weakest link and the greatest asset in cybersecurity. Attackers often bypass technical defenses by exploiting individuals through phishing or social engineering attacks. As BZ put it, “Sometimes I wish we had security patches for the brain.” While that’s not possible, the solution lies in effective training.

Simulations, as BZ explained, are a way to “plant human virus definitions”—a method of embedding recognition patterns into people’s minds so that they instinctively recognize and resist phishing attempts. He drew a parallel to the identical elements theory, which explains how repetition can engrain behaviors, much like recognizing a car model after you’ve bought one.

Behavioral Science and Effective Training

Crumbaugh, drawing from his extensive experience in ethical hacking and red teaming, expanded on the idea of using behavioral science to combat social engineering. By employing principles such as spaced learning theory, PhishFirewall delivers micro-training sessions in short, high-frequency intervals. These TikTok-style videos are not only engaging but incredibly effective in ensuring users retain the information they need to stay safe.

As Crumbaugh noted, “We’re not just checking compliance boxes; we’re changing behavior.” This is where PhishFirewall’s value proposition comes into play. Through a combination of Zero-Campaign Management and Security AI-wareness Training, PhishFirewall reduces the number of incidents, improves time-to-detection, and, ultimately, stops ransomware before it can cause damage.

Culture of Cybersecurity

Both experts agreed that building a culture of cybersecurity is crucial. This includes rewarding positive behavior, not penalizing mistakes. BZ discussed how he encourages organizations to make cybersecurity fun and interactive, creating a supportive environment where users feel comfortable reporting phishing attempts.

At the heart of their conversation was the belief that every employee is part of the cybersecurity team, whether they realize it or not. This philosophy is why PhishFirewall’s human-first approach to cybersecurity is so effective. By focusing on education, engagement, and behavioral change, PhishFirewall ensures that every team member—from executives to entry-level employees—becomes a formidable line of defense.

BZ and Crumbaugh’s conversation offers a powerful reminder that cybersecurity isn’t just about technology—it’s about people. PhishFirewall takes this principle to heart, using micro-training, AI-powered simulations, and a behavioral science-based approach to stop phishing attacks and ransomware in their tracks.

‍