Episode 31 - Fixing Cybersecurity Training: From Punishment to Results with Craig Taylor

Most cybersecurity training doesn’t work… and it may actually be making your organization less secure.

Craig Taylor of CyberHoot joins Matt O’Neill to break down why phishing tests, punishment-based training, and compliance checklists fail to change employee behavior. With 30+ years in cybersecurity and a background in psychology, Craig shares a different approach focused on engagement, reinforcement, and real-world outcomes.

In this episode of Detonation Point presented by Elastio, you’ll learn how to build a security-first culture, why positive reinforcement beats punishment, and the simple controls like password managers and MFA that help prevent real-world breaches.

Resources

Learn more about CyberHoot or request a demo:

• https://cyberhoot.com

Use referral code DETONATION POINT to receive 20% off your first year when you sign up for a free trial.

Takeaways

• Most cybersecurity training fails because it doesn’t change behavior
• Punishment-based approaches reduce engagement and create risk
• Positive reinforcement and gamification drive better security habits
• Password managers and MFA are critical to preventing real-world breaches
• Compliance doesn’t equal security - culture and behavior matter most

Chapters

00:00 Intro to Cybersecurity Expert Craig Taylor

01:55 The Human Element in Cybersecurity

03:15 Why Security Training Fails

06:09 The Psychology Behind User Mistakes

07:32 Real Phishing Attack Example

08:35 Fixing Security Culture (Reward vs Punish)

11:29 Gamification and Engagement in Cyber Training

13:38 Work vs Personal Email Security Habits

16:19 Advanced Phishing, AI & Social Engineering

21:00 Preventing Fraud (Safe Words & Verification)

25:21 SMB Risks, Passwords & MFA

30:35 Compliance vs Security in Cyber Practices

35:57 Outro & More Information

About Our Founding Sponsor, Elastio 

This podcast is proudly presented by Elastio, the control point for cyber resiliency—because survival depends on clean recoveries. As our Founding Sponsor, Elastio continuously validates backups, bridging the gap between security tools and immutable storage. With AI-driven detection and zero-day recovery, Elastio ensures data is clean, uncompromised, and always recoverable. Learn more: www.elastio.com