Roger Grimes

Data-Driven Defense Evangelist

Roger A. Grimes is Data-Driven Defense Evangelist at KnowBe4. He is a 30-year computer security professional, author of 13 books and over 1,200 national magazine articles. He frequently consults with international organizations of all sizes and many of the world’s militaries. Grimes regularly presents at national computer security conferences, and is known for his often contrarian, fact-filled viewpoints.

Request This Speaker

On-Demand Webinars

See All KnowBe4 Webinars

Books

Find all of Roger's books on Amazon

Beware of "Get to Know Me" Surveys

Jan 11, 2024 1:46:46 PM By Roger Grimes

Trained security awareness professionals are aware that whatever someone says about themselves and personal experiences can be used against them in a social engineering scam. It is always ...

Beyond the Scams: Unraveling the Dark Tactics of Real-World Kidnapping Scams and Virtual Extortion

Jan 10, 2024 2:53:03 PM By Roger Grimes

The world can be a scary and dangerous place. Its unethical scammers have no problem doing almost anything to make a buck, but sometimes, their plots seem to be extra messed up.

Beware of Fraudulent Charge Messages

Jan 5, 2024 1:19:09 PM By Roger Grimes

Be careful of emails, SMS messages, or calls claiming to be from your bank about your card being used fraudulently. If this ever happens, call the phone number on the back of your card.

A Dream Team Security Awareness Training Program?

Jan 2, 2024 1:29:27 PM By Roger Grimes

Every person and organization is different and requires slightly different methods and ways of learning. But every person and organization can benefit by more frequent security awareness ...

We Do What We Are Trained To Do

Dec 27, 2023 3:45:17 PM By Roger Grimes

When I was young, I was an oceanfront lifeguard, firefighter and EMT paramedic. All disciplines involved frequent education and training.

Why Security Awareness Training Is Effective in Reducing Cybersecurity Risk

Dec 14, 2023 1:14:38 PM By Roger Grimes

Security awareness training (SAT) works! A well-designed security awareness training campaign will significantly reduce cybersecurity risk.

How To Fight Long-Game Social Engineering

Dec 13, 2023 8:08:40 AM By Roger Grimes

CISA sent out a warning about a Russian advanced persistent threat (APT) called Star Blizzard warning about their long-game social engineering tactics.

Phishing Defense: Train Often to Avoid the Bait

Dec 8, 2023 3:40:51 PM By Roger Grimes

Surveys, unfortunately, show that the vast majority of organizations do little to no security awareness training. The average organization, if it does security awareness training, does it ...

Phishing-Resistant MFA Will Not Stop Phishing Attacks

Dec 7, 2023 10:25:31 AM By Roger Grimes

You would be hard-pressed to find an author and organization (KnowBe4) that has pushed the use of phishing-resistant multi-factor authentication (MFA) harder.

New SEC Rules Will Do More Than Result in Quick Breach Reporting

Dec 5, 2023 5:12:47 PM By Roger Grimes

On July 26, the U.S. Security & Exchange Commission (SEC) announced several new cybersecurity rules, taking affect mid-December 2023, that will significantly impact all U.S. ...

Security Awareness Training Can Help Defeat Deepfake and AI Phishing

Dec 1, 2023 12:26:58 PM By Roger Grimes

There is no doubt that more pervasive deepfake and AI technologies will make for more realistic, sophisticated, phishing attacks, and add to an already huge problem.

[HEADS UP] FBI Warns About Callback Phishing

Nov 10, 2023 11:28:35 AM By Roger Grimes

In a recent official advisory, the FBI warned about the threat of callback phishing (among other threats). Below is the relevant excerpt.

Should You Use Controversial Simulated Phishing Test Emails?

Oct 13, 2023 1:34:39 PM By Roger Grimes

The Wall Street Journal recently published an article about using highly-emotionally charged, “controversial”, subjects in simulated phishing tests. Controversial topic examples include ...

Malicious URLs In Phishing Emails: Hover, Click and Inspect Again

Oct 5, 2023 8:19:48 AM By Roger Grimes

The most often recommended piece of anti-phishing advice is for all users to “hover” over a URL link before clicking on it. It is great advice.

[Cybersecurity Awareness Month] Spoofy Steve's Business Email Compromise Scams You Need to Watch Out For

Oct 4, 2023 9:13:04 AM By Roger Grimes

Like a ghost, most business email compromise (BEC) scams are able to sneak through most technical defenses and end up in end-user inboxes.

How Secure Is Your Authentication Method?

Sep 6, 2023 8:53:21 AM By Roger Grimes

I frequently write about authentication, including PKI, multi-factor authentication (MFA), password managers, FIDO, Open Authentication, and biometrics. I have written dozens of articles ...

Social Engineering Is the Number One Cybersecurity Problem by Far

Aug 23, 2023 1:10:11 PM By Roger Grimes

The number one way that hackers and malware compromise people, devices, and networks is social engineering. No one argues that anymore, but it was not always known or discussed that way. ...

[GUIDE] Scary SEO and Waterhole Attacks: What You Need to Know Now

Aug 11, 2023 8:22:22 AM By Roger Grimes

Most social engineering scams search out their potential victims, often sending emails to known email addresses, sending chat messages to them or calling known phone numbers. The ...

How KnowBe4 Can Help You Fight Spear Phishing

Jul 27, 2023 8:00:00 AM By Roger Grimes

This blog was co-written by KnowBe4's Data-Driven Defense Evangelist Roger A. Grimes and Chief Learning Officer John Just. Social engineering is involved in 70% to 90% of successful ...

Want To Stop All Scams? Here Is How!

Jun 23, 2023 2:25:52 PM By Roger Grimes

There are many ways to be socially engineered and phished, including email, websites, social media, SMS texts, chat services, phone calls and in-person. These days, it is hard to sell ...

Security Awareness Training Blog

View Topics