Question Everything: Redefining Cybersecurity Training with Wendy Nather and Joshua Crumbaugh

In this compelling episode of Phishing for Answers, Wendy Nather, an icon in the cybersecurity industry, joins PhishFirewall CEO Joshua Crumbaugh to challenge the assumptions and practices that define cybersecurity awareness today. With insights from her decades-long career, Wendy brings fresh perspectives on how the industry can do better at empowering people, fostering secure behaviors, and building effective defense mechanisms.

Why Traditional Training Falls Short

The conversation opens with an eye-opener: research suggests traditional security training might actually increase susceptibility to phishing. Wendy recounts her experience running extensive, optional security awareness classes, only to discover that attendees were more likely to fall for phishing simulations. Joshua shares similar findings, noting that traditional awareness methods have changed little in decades and are often too complex, leading to disengagement.

“The key is making training accessible and engaging—not creating an overload that drives people away from learning,” Joshua notes. “PhishFirewall’s approach keeps it simple, targeted, and relevant to each user’s role.”

Role-Based Training: A Game-Changer

Both Wendy and Joshua stress the importance of role-based training tailored to the specific needs of different departments, from IT to finance. Wendy discusses her research, which found that companies implementing role-based training see measurable improvements. When employees understand how security affects their day-to-day work, they are more vigilant and empowered to protect themselves and their organization.

“Nothing is more rewarding than when an employee comes forward to report something suspicious,” Wendy reflects, highlighting the importance of a safe and open environment in cybersecurity.

Changing the Narrative: Users as Assets, Not Weak Links

The traditional view of employees as the “weakest link” in cybersecurity needs to change. Wendy and Joshua agree that employees are a company’s greatest asset—if given the right tools and environment. Wendy advocates for creating a safe space where users feel comfortable reporting their mistakes, which is crucial to fostering a strong security culture.

“We should praise users for reporting suspicious activity, not shame them,” Joshua adds. “Building confidence is key, and PhishFirewall prioritizes positive reinforcement in all its training.”

Redefining Awareness with PhishFirewall

This episode underscores the innovative methods PhishFirewall uses to modernize cybersecurity training. From personalized, role-based microtraining to AI-driven simulations, PhishFirewall’s approach ensures that training is not only effective but continuously evolving to stay ahead of threats.

For a deeper dive into these insights, listen to the full episode of Phishing for Answers with Wendy Nather and Joshua Crumbaugh. Learn why questioning everything in cybersecurity is not just encouraged—it’s essential.

‍

Learn more about PhishFirewall here

https://www.phishfirewall.com/landing-page/podcast

‍