In this episode, host Jim Love discusses the importance of cybersecurity awareness and training, featuring insights from Michael Joyce of the Human-Centric Cybersecurity Partnership at the University of Montreal and David Shipley of Beauceron Security. They explore the impact of cybersecurity awareness programs, the decay of sustained vigilance post-training, and the nuances between phishing reporting and clicking behaviors. The conversation also critiques recent research claims that question the efficacy of phishing training, emphasizing the need for continuous, empirically supported approaches in cybersecurity education. The episode highlights the value of balanced, layered defenses involving both technical solutions and informed user behavior.

00:00 Introduction and Podcast Announcement
00:14 Sponsorship Acknowledgment
00:35 The Nature of Cybersecurity Awareness
01:09 Introduction to the Research Show
01:21 Guest Introductions
02:15 Human-Centric Cybersecurity Partnership
03:46 The Importance of Canadian Research
04:40 Cybersecurity and Culture
05:27 The Role of Research in Cybersecurity
07:12 David's Research and Collaboration with Michael
08:46 The Value of Independent Research
13:33 Cybersecurity Awareness Month Impact
17:23 Phishing Simulation and Reporting
23:49 Awareness Decay and Vigilance
30:55 The Importance of Reporting and Feedback Loops
40:00 Optimal Frequency for Cybersecurity Training
40:27 Critiques and Misconceptions in Phishing Training
42:00 Empirical Data and Training Effectiveness
43:19 Insights from Phishing Simulations
47:14 Understanding Why People Click
52:43 Challenges in Cybersecurity Research
01:04:06 The Importance of Layered Defenses
01:17:17 Concluding Thoughts on Cybersecurity Training