Oh boy, IA training!

Because the training should be for people who fail the “random” tests not for everyone.

All the test email come from mail.nova.phishme.com so I have an outlook rule that sends all those emails to junk, effectively making the test useless but makes me look like someone who has a 100% reporting rate.

Awareness training is often a red herring to blame systemic failures on individual employees. No matter how much training you give, people are still going to click those phishing links. That’s because phishing emails are often indistinguishable from real emails and clicking links is a regular part of their job.

It is much more effective to use technical controls. Prevent phishing emails from ever landing in the inbox. Give employees the proper tools and disable footguns. Have a procedure for when an employee inevitably does get phished.

You have no soul Kermit. you’re a puppet.