Training on Fiction While the Real Threat is in Your Inbox (opens in new tab)

In this blog, Josh Bartolomie argues that many security awareness programs rely on predictable phishing simulations that inflate success metrics without improving real-world defense. They highlight that modern phishing attacks, increasingly powered by AI and real-world context, have outpaced these outdated training methods, leaving organizations exposed despite “good” results. Bartolomie advocates for threat intelligence–driven training and emphasizes measuring employee reporting behavior, po...