If phishing simulations work, why do they need a mandate?
Phishing simulations produce compliance artifacts, and that's why they persist even though they don't protect users. The technical case for moving the trust decision off the content an attacker controls.
Ben Hathaway
Chief Technology Officer

