Subscribe Share Full episode and show notes Training , Security Strategy, Plan, Budget , Endpoint/Device Security From Shame to Fame: Changing Behaviors and RSAC Interviews from Tanium and Illumio – Craig Taylor, Tim Morris, Andrew Rubin – BSW #444 Why have security awareness training programs failed? Maybe we need to understand human psychology. Humans don’t like tricks, or to be shamed, or negative emotions. Humans want to be rewarded, but yet our training and phishing programs are not built for reward. Maybe it’s time to rethink cyber literacy. Craig Taylor, CEO and Co-founder at CyberHoot, joins Business Security Weekly to discuss why we need to shift our Cyber Literacy industry from shame and punishment towards gamification, positive reinforcement, and small rewards. If we truly aspire to change behaviors, then we need a different approach. Craig will discuss how a multi-disciplinary approach rooted in science is the future ... April 22, 2026 This episode is sponsored by Full Segment Notes Why have security awareness training programs failed? Maybe we need to understand human psychology. Humans don't like tricks, or to be shamed, or negative emotions. Humans want to be rewarded, but yet our training and phishing programs are not built for reward. Maybe it's time to rethink cyber literacy. Craig Taylor, CEO and Co-founder at CyberHoot, joins Business Security Weekly to discuss why we need to shift our Cyber Literacy industry from shame and punishment towards gamification, positive reinforcement, and small rewards. If we truly aspire to change behaviors, then we need a different approach. Craig will discuss how a multi-disciplinary approach rooted in science is the future of training and phishing programs. Segment Resources: Individual Registration (Free Personal Training for Life): https://cyberhoot.com/individuals/ Newsletter Registration: https://cyberhoot.com/newsletters/ Blog Articles: https://cyberhoot.com/blog/ Cybrary (Library of 1000+ Cybersecurity Terms in non-technical language): https://cyberhoot.com/cybrary/ Special Podcast Offer: 20% off CyberHoot for 1 year using the podcast’s unique coupon code: "Business Security Weekly" From Reactive to Autonomous: Real-Time Endpoint Intelligence in the Age of AI As organizations experiment with agentic AI and autonomous security operations, many are discovering a difficult reality: AI is only as effective as the data and visibility behind it. Yet most enterprises still struggle to answer basic questions about their endpoints in real time. In this conversation, we’ll explore how IT and security teams are evolving from reactive operations toward proactive, preventative, and ultimately autonomous models. The journey begins with real-time endpoint intelligence—the ability to see, understand, and act across every endpoint in seconds. This segment is sponsored by Tanium. Visit https://securityweekly.com/taniumrsac to learn more about them! Hard Truths: The Lies We Keep Buying in Cybersecurity Cybersecurity isn’t broken because of a lack of technology—it’s broken because the industry avoids hard truths. Fear still drives budgets. AI is oversold as a cure‑all while foundations remain weak, and CISOs are held accountable without the authority to change outcomes. In this conversation, Illumio CEO and founder Andrew Rubin breaks down what must change to build real resilience—because the next breach won’t just impact the business, it could end a career. For more information about Illumio, please visit: https://securityweekly.com/illumiorsac Guests Craig Taylor CEO and Co-Founder at CyberHoot Craig Taylor is a Certified Information Systems Security Professional (CISSP) since 2001 and a 30-year veteran of cybersecurity. In 2014, he co-founded CyberHoot, a cybersecurity awareness training company built on a simple but powerful premise: people learn better through positive reinforcement than through fear. Today, CyberHoot trains end users worldwide in 17 different languages. Craig also leads a cybersecurity consultancy that has delivered virtual Chief Information Security Officer (vCISO) services to more than 50 companies across a wide range of industries and sizes. Throughout his career, Craig has led cybersecurity organizations at the intersection of high stakes and high complexity. He built and led security teams in web hosting at CSC, financial services at JP Morgan Chase, and manufacturing at Vistaprint, each environment demanding a different approach to culture, risk tolerance, and human behavior. Those experiences taught him that the hardest cybersecurity problems are rarely technical. They are organizational. Getting people to change behavior, make better decisions under pressure, and take ownership of their role in security requires the same skills as any leadership challenge: trust, clear communication, and a culture where doing the right thing is rewarded rather than punished. That insight is the foundation CyberHoot was built on. Beyond the business, Craig brings a lifelong commitment to service and personal development. He is a Toastmaster, a Rotarian in Portsmouth, NH, and a 12-year Pan-Mass Challenge rider who has raised more than $150,000 for Dana-Farber Cancer Institute, covering 192 miles every August in support of cancer research. Tim Morris Chief Security Advisor at Tanium Tim is a visionary leader and an IT and cyber security expert, with decades of experience across industries. He joined Tanium after retiring from Wells Fargo, where he was an SVP and led several teams in cyber operations, engineering, and research. He holds 25 US patents and has written many articles on cyber security topics. He is also a trusted source of insights and opinions for major publications and web shows, where he shares his knowledge and passion for the field. Tim started his IT career as a developer and sysadmin in manufacturing, then moved to banking, where was a software packaging, scripting, active directory administration, and M&A projects. He has been dedicated to cybersecurity since 2009, specializing in areas such as detection and response, systems and patch management, vulnerability assessment, web-content filtering, malware analysis, red-teaming, and digital forensics. Andrew Rubin CEO and Founder at Illumio As Founder, CEO, and Board Member of Illumio, Andrew is responsible for the overall strategy and vision of the company. With deep expertise in Zero Trust, segmentation, network security, and regulatory and compliance management, Andrew is the Executive Sponsor of many of Illumio’s largest customers worldwide, including Citi, HSBC, Salesforce, and Microsoft. Andrew frequently participates in panels, articles, and podcasts for leading industry events and publications. Andrew was named to Goldman Sachs’ “100 Most Intriguing Entrepreneurs” seven times as part of its Builders & Innovators program and received Ernst & Young’s Bay Area Entrepreneur of the Year 2024. Andrew serves as a Board Member of Emigrant Bank, as well as an advisor to several cyber and technology start-ups, and is an active angel investor. Andrew graduated from Washington University in St. Louis with a BSBA in Finance, and he is both a guest lecturer on entrepreneurship and a National Council member of the Skandalaris Center for Entrepreneurial Studies at the university. Hosts Matt Alderman Ben Carr Jason Albuquerque Summer Fowler Announcements If you’re a CISO in financial services, you’re under pressure from every direction, AI-powered fraud, relentless phishing, regulatory scrutiny, and a threat landscape that’s evolving faster than your defenses. The question is... are your current strategies actually keeping up? Join us on April 22 for the FinSec Virtual Cybersecurity Summit. Hear how leading CISOs are tackling real-world challenges like third-party risk, identity exposure, and operational resilience without burning out their teams or budgets. Get practical strategies, earn CPE credits, and walk away with a clearer path forward. Security Weekly listeners can register for free at https://securityweekly.com/finsec using the promo code: CSS26-SW Show More Stay in the Know, No Smoke and Mirrors – Join Our Newsletter Get expert insights and technical breakdowns straight to your inbox. Join Now Related Segments Leadership Not All CISO Gigs Are Created Equal and RSAC Interviews from ESET and Mimecast – Joanna Chen, Tony Anscombe, Rob Juncker – BSW #443 Training SC Awards Finalist: Best Professional Certification Program – ISACA – Mary Carmichael – SCA26 #1 Training Beyond the Hype: Measuring Cyber Readiness in the Age of AI – Gibb Witham – RSAC26 #4 Related Content MSSP Cynomi AI Agents Give MSSPs, MSPs Autonomous, CISO-Level Expertise Security Operations ISC2 integrates AI security into cybersecurity certifications Data Security Your DLP can’t stop a smartphone: The data-leak crisis no one talks about You can skip this ad in 5 seconds