Roger Grimes

Data-Driven Defense Evangelist

Roger A. Grimes is Data-Driven Defense Evangelist at KnowBe4. He is a 30-year computer security professional, author of 13 books and over 1,200 national magazine articles. He frequently consults with international organizations of all sizes and many of the world’s militaries. Grimes regularly presents at national computer security conferences, and is known for his often contrarian, fact-filled viewpoints.

Request This Speaker

On-Demand Webinars

See All KnowBe4 Webinars

Books

Find all of Roger's books on Amazon

More Targeted Phishing Attacks Are Coming!

May 24, 2021 9:40:11 AM By Roger Grimes

I have been in the cybersecurity business for 34 years. I am not an innately brilliant, but one of the things I seem to do well is to spot trends as they happen early in their cycle. It ...

Paying the Ransom Is Not Just About Decryption

May 14, 2021 1:02:38 PM By Roger Grimes

I just read that a well-known pipeline company paid $5M to the ransomware hacker group. And despite that, they are still having to use their backups because the decryption process is too ...

Your Organization Needs to Take Security Awareness Training More Seriously

May 11, 2021 4:08:50 PM By Roger Grimes

Your organization needs to take security awareness training (SAT) more seriously. I mean truly serious, really serious, and not relegated to some quasi-, semi-serious status that the vast ...

Why Should We Care About Personal Smishing Attacks?

Apr 29, 2021 10:33:34 AM By Roger Grimes

I am not sure what is going on these days, but for several weeks, I have received far more SMS-based phishing (i.e., smishing) attacks than usual.

There Is No Herd Immunity in the Digital World

Mar 30, 2021 4:31:46 PM By Roger Grimes

When I was first starting off in my career, I wanted to be a doctor. As life often goes, I got waylaid. Wanting to be a doctor turned in an accounting major and CPA certification, quickly ...

Forensically Investigating Phishing To Better Protect Your Organization

Mar 25, 2021 11:37:24 AM By Roger Grimes

The single best thing you can do to reduce cybersecurity risk in your environment is to prevent and mitigate social engineering – phishing in particular. The first and best thing any IT ...

Many Ways To Hack MFA

Mar 22, 2021 10:35:56 AM By Roger Grimes

I have spent a lot of time thinking about how to hack multifactor authentication (MFA) solutions. I have done so my whole career, deploying dozens, if not hundreds, of MFA projects. Also, ...

Make No Mistake, This Changes Everything: Nation-State 2.0

Mar 17, 2021 8:00:00 AM By Roger Grimes

Every organization needs to figure out their increased cyber risk from nation-state warfare attacks and deploy mitigations.

6 Advanced Email Phishing Attacks

Mar 16, 2021 10:32:51 AM By Roger Grimes

No matter how good your policies and technical defenses are, some amount of phishing will get to your end users in a given month. They must be trained to recognize social engineering ...

The Good, the Bad, and the Ugly About MFA

Mar 8, 2021 11:48:24 AM By Roger Grimes

I have been in computer security for over 34 years now. Yeah, even I cannot believe how long it has been. I have been a penetration tester over 20 of those years and worked on dozens of ...

Caught by a CAPTCHA?

Feb 15, 2021 3:15:42 PM By Roger Grimes

Be aware of being involved in malicious CAPTCHA solving.

It’s Not Only About the URL

Feb 11, 2021 3:01:41 PM By Roger Grimes

You have to look at the totality of an email to determine whether it is a phishing attack or not.

The Three Best Things You Can Do To Improve Your Computer Security

Feb 9, 2021 7:48:35 AM By Roger Grimes

The three best things you can do to improve your computer security, bar anything, have been the same three things you should have already been doing for the entirety of computers. The top ...

One-Fourth of a SOC’s Life Is Researching Sketchy Emails

Feb 5, 2021 1:52:21 PM By Roger Grimes

This is a pretty amazing stat – nearly one-fourth of a security operation center’s (SOC’s) time is spent preventing, detecting, responding to, and researching potentially malicious ...

Beware the Long Con Phish

Jan 28, 2021 8:00:00 AM By Roger Grimes

Social engineering and phishing happen when a con artist communicates a fraudulent message pretending to be a person or organization which a potential victim might trust in order to get ...

Motivations of Phishing Criminals

Jan 22, 2021 8:44:00 AM By Roger Grimes

Phishers, people who are phishing other people (i.e., victims), have reasons for doing so. They are all criminals…cons…each pretending to be something they are not in order to trick ...

The Many Ways You Can Be Phished

Jan 22, 2021 8:38:17 AM By Roger Grimes

Social engineering and deception are as old as humanity itself. Phishing is social engineering and deception via digital means and has been with us since the beginning of computers. After ...

2020 Top Phishing and Vishing Attacks And Trends

Dec 31, 2020 10:06:25 AM By Roger Grimes

It’s an extra challenging year, harder than most, to choose the most impactful cybersecurity events. The year ended with a bang – the Solarwinds supply chain attack – which possibly ...

How Can You Be More at Risk With MFA?

Dec 23, 2020 1:43:26 PM By Roger Grimes

In my recent comment on the Solarwinds’ cyber attack, I made the claim that using multifactor authentication (MFA) can sometimes make you more at risk than using a simple login name and ...

Solarwinds MFA Bypass Attack Pushes Limits

Dec 16, 2020 12:59:35 PM By Roger Grimes

Excellent, long-time, tech reporter Dan Goodin reported in Ars Technica that the recent Solarwinds’ supply chain attack involved hackers bypassing a popular multi-factor authentication ...

Security Awareness Training Blog

View Topics