Security Awareness Training. PHOTO: Cybercrime Magazine.

Dishing On Phishing: Humans Are The Strongest Link In The Security Chain

Javvad Malik is a one-of-a-kind Security Advocate for KnowBe4

Steve Morgan, Editor-in-Chief

Sausalito, Calif. – Nov. 15, 2019

We hear this repeatedly: “Humans are the weakest link in the information security chain.” Meaning, they haven’t been properly trained, and therefore phishing scams on users initiate more than 90 percent of all cyberattacks.

But, there’s another way to look at this, which we learned at KB4-CON earlier this year, when we headed south to the world’s largest security awareness user conference produced by KnowBe4.

Humans are the strongest link in the information security chain when it comes to educating others on cyber risks and consequences. At least when you have the right people, of course. We only needed a few minutes with Javvad Malik, security advocate for KnowBe4, to realize as much.

Malik explained that phishing simulation is a really effective tool as part of the overall awareness and training of employees. “Most people won’t have a home alarm installed until after they’ve been burgled,” he says. It’s worth watching the video just to hear him say “burgled” with that great British accent! But how true it is. Do you really want to be hacked into getting your users trained?



If you need a good analogy to share with your users, then Malik has plenty of them. “So it’s like you’re walking down the subway and you see a sign: Beware, Pickpockets Operate in This Area — and it’s suddenly like OK” as he pats his pockets checking to see if his money and wallet are still there. Point being, users need signs from their employers or they’re going to be phished.

We couldn’t get enough of Malik. So when we returned home, we looked him up on LinkedIn. And no surprise to see he’s got quite a fan club in the cybersecurity community.

“Javvad has a weapons-grade sense of humor that slays everyone in its path, but underneath that he’s also got a brain that won’t quit,” writes Wendy Nather, head of advisory CISOs, Duo Security at Cisco. “His creative contributions to the security community have won him a lot of fans, myself included. He has both the technical knowledge and the businesslike pragmatism that are so hard to find in combination. Javvad would be a shining star in any organization that truly values security.”

Others call Malik a “rare gem in our field,” a “creative genius,” an “amazing and knowledgeable analyst,” “a great inspiration in the security field,” a “highly capable idea man,” one of life’s disruptive influences,” and an “incredible ambassador of security” — not to mention he’s given a “gold star rating as a human being.”

When people watch Malik, they laugh and learn about security. We took that to heart and implemented it in our own security awareness training back home. Hundreds of others did as well.

As the year end approaches, it’s time to start looking ahead to KB4-CON 2020. Hopefully, we’ll get to see Malik again.

The takeaway here isn’t all about Javvad Malik, although he’s definitely deserving. Rather, it’s about crowning a security advocate in your organization. Who’s going to be your strongest link?

Dishing On Phishing Archives

Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.

Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.


Sponsored by KnowBe4

KnowBe4 is the world’s largest security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering. We are a leader in the Gartner Magic Quadrant and the fastest-growing vendor in this space. We are proud of the fact that more than 50 percent of our team are women.



Send this to a friend