What you’ll learn in this episode: How to use Bottom Line Up-Front (BLUF) to get faster decisions from executives and the board - and when not to. Turning “security talk” into business outcomes: mapping risk to revenue, resilience, and cost. Metrics that matter: designing KPIs that show behavior change, not just completion rates. Building a non-judgmental reporting culture (and why “Report, Don’t Click” works). Instant feedback loops: faster reinforcement without punishment in phishing drills. Story-first, stat-supported narratives that land across technical and non-technical audiences. Practical cadences and mediums: what to send to execs, managers, and the whole org and how often. Using analogies (brakes & airbags) to make layered defense memorable and actionable.

This week on The Awareness Angle, attackers ditch malware and pick up the phone. Optimizely confirms a breach after a vishing attack, proving again that the helpdesk is now the attack surface.

OAuth phishing abuses legitimate Microsoft and Google login flows to gain API access without stealing credentials, often bypassing MFA. Learn how it works and how to defend.

The security awareness training space is evolving, but can we rely on outdated methods? In this episode, we unpack why some studies claim that training doesn’t work, what to focus on instead, and how we can rebuild programs to make a real impact.