Episode 173: Scammer Jousting as Human Risk Management
Wed Feb 04 2026
In episode 173 of Cybersecurity Where You Are, Sean Atkinson is joined by Roger Grimes, CISO Advisor at KnowBe4. Together, they discuss "scammer jousting," a term coined by Tony Sager which describes empowering organizations to manage human risk using simulated phishing.
Here are some highlights from our episode:
01:05. How simulated phishing and scammer jousting manage human risk03:48. The shift in perception of security awareness training over the past 20 years06:19. The need for testing to build capability and resiliency amongst employees09:27. The many faces of phishing attacks and the impact of generative artificial intelligence15:00. How gamification is proven to help users learn more in their cybersecurity training16:57. How data empowers organizations to communicate the potential impact of a phish19:57. The use of behavior engineering to foster a stronger security culture23:56. The value of customer feedback in continuously enhancing phishing training29:52. Continuous and hyper-personalized training as the future of spammer joustingResources
Episode 77: Data's Value to Decision-Making in CybersecurityEpisode 98: Transparency as a Tool to Combat Insider ThreatsA Short Guide for Spotting Phishing AttemptsCIS Controls v8.1 Security Awareness Skills Training Policy TemplateSANS Workforce Security and Risk TrainingThe Evolving Role of Generative Artificial Intelligence in the Cyber Threat LandscapeEpisode 110: How Security Culture and Corporate Culture MeshIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
More
In episode 173 of Cybersecurity Where You Are, Sean Atkinson is joined by Roger Grimes, CISO Advisor at KnowBe4. Together, they discuss "scammer jousting," a term coined by Tony Sager which describes empowering organizations to manage human risk using simulated phishing. Here are some highlights from our episode: 01:05. How simulated phishing and scammer jousting manage human risk03:48. The shift in perception of security awareness training over the past 20 years06:19. The need for testing to build capability and resiliency amongst employees09:27. The many faces of phishing attacks and the impact of generative artificial intelligence15:00. How gamification is proven to help users learn more in their cybersecurity training16:57. How data empowers organizations to communicate the potential impact of a phish19:57. The use of behavior engineering to foster a stronger security culture23:56. The value of customer feedback in continuously enhancing phishing training29:52. Continuous and hyper-personalized training as the future of spammer joustingResources Episode 77: Data's Value to Decision-Making in CybersecurityEpisode 98: Transparency as a Tool to Combat Insider ThreatsA Short Guide for Spotting Phishing AttemptsCIS Controls v8.1 Security Awareness Skills Training Policy TemplateSANS Workforce Security and Risk TrainingThe Evolving Role of Generative Artificial Intelligence in the Cyber Threat LandscapeEpisode 110: How Security Culture and Corporate Culture MeshIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.