Roger Grimes

Data-Driven Defense Evangelist

Roger A. Grimes is Data-Driven Defense Evangelist at KnowBe4. He is a 30-year computer security professional, author of 13 books and over 1,200 national magazine articles. He frequently consults with international organizations of all sizes and many of the world’s militaries. Grimes regularly presents at national computer security conferences, and is known for his often contrarian, fact-filled viewpoints.

Request This Speaker

On-Demand Webinars

See All KnowBe4 Webinars

See All

Books

Find all of Roger's books on Amazon

See All

Beware of Fake Forwarded Phishes

Sep 17, 2020 3:29:13 PM By Roger Grimes

There are many specific, heightened challenges of spear phishing emails coming from compromised, trusted third parties. Trusted third-party phishing emails usually come from the ...

Check Your Email Rules for Maliciousness

Sep 2, 2020 4:07:15 PM By Roger Grimes

Email rules have been used maliciously for decades. Learn about email rules and what you need to do to defend your organization against their malicious misuse.

How to Defend Against Phishes Coming from Trusted Partners

Aug 31, 2020 9:54:51 AM By Roger Grimes

One of the most frequent concerns I hear from IT security practitioners and CISOs is the rise of phishing attacks coming from compromised trusted partners and contractors. The attackers ...

Watch Out for OAuth Phishing Attacks and How You Can Stay Safe

Aug 19, 2020 3:53:03 PM By Roger Grimes

A steadily growing phishing trend involves phishing emails which attempt to modify your OAuth permissions. Simply clicking on one Allow button or hitting ENTER by mistake can ...

Phishing Golden Hour

Aug 12, 2020 6:08:44 PM By Roger Grimes

In emergency healthcare settings, the “golden hour” is the time between when a patient suffering a life threatening event (e.g., heart attack, stroke, aneurysm, etc.) is most likely to ...

Like Twitter, MFA Will Not Save You!

Jul 16, 2020 1:24:50 PM By Roger Grimes

I’m sure we are all interested in the latest Twitter hack. As the author of the soon to be released Wiley book called Hacking Multifactor Authentication, I have to laugh at the “experts” ...

How To Improve Employee Engagement in Security Awareness Training

Jun 24, 2020 12:37:10 PM By Roger Grimes

One of the most common questions I get asked working for a security awareness training company is, how do I make employees more engaged with and care about the training? I get it. Who ...

Top 12 Most Common Rogue URL Tricks

Jun 19, 2020 3:18:27 PM By Roger Grimes

It’s nearly impossible to find an Internet scam or phishing email that doesn’t involve a malicious Uniform Resource Locator (URL) link of some type. The link either directs the user to a ...

Increase in BLM Domain Names Forecasts BLM Phishing Attacks

Jun 16, 2020 3:26:04 PM By Roger Grimes

There has been a significant increase in DNS domain names containing blacklivesmatter or George Floyd’s name and there’s a good chance some of those are owned by people with malicious ...

The Three Pillars of the Three Computer Security Pillars

May 18, 2020 8:31:59 AM By Roger Grimes

Much of the world, or at least the United States, is coalescing around the NIST Cybersecurity Framework. It’s a pretty good one to follow out of the many dozens that have been proposed ...

What is the Right Password Policy?

May 7, 2020 8:15:00 AM By Roger Grimes

What is the right password policy? Conventional password policies say you must have a password at least 8-12 characters long…16 characters or longer if it belongs to an elevated ...

Q&A With Data-Driven Evangelist Roger Grimes on the Great Password Debate

May 6, 2020 10:03:21 AM By Roger Grimes

I get asked a lot about password policy during my travels around the globe giving presentations and from people who email after webinars. Many of the questions are the same and I’ve ...

Is That COVID-19 Email Legitimate or a Phish?

May 1, 2020 8:39:23 AM By Roger Grimes

It’s no surprise that phishers and scammers are using the avalanche of new information and events involving the global coronavirus pandemic as a way to successfully phish more victims. ...

The Best and First Defenses You Should Implement

Apr 24, 2020 8:43:14 AM By Roger Grimes

Every good defense has three pillars of controls: policy, technical, and education. People are always asking what they should do for each to minimize cybersecurity events the most and ...

Third-Party Risk Management Questionnaire for Extended Emergencies

Apr 21, 2020 8:39:05 AM By Roger Grimes

Here’s a questionnaire you can send to suppliers during extended work from home (WFH) periods.

Share the Red Flags of Social Engineering Infographic With Your Employees

Apr 8, 2020 8:43:49 AM By Roger Grimes

Social engineering and phishing are responsible for 70% to 90% of all malicious breaches , so it’s very important to keep your employees at a heightened state of alert against this type ...

The Best Computer Security Solvers Look Beyond the Problem

Apr 1, 2020 8:44:06 AM By Roger Grimes

Who doesn’t love a good computer security “cowboy”? That’s a man or a woman who is a recognized authority in their field of expertise, who groks their subject, who is truly a subject ...

70% to 90% of All Malicious Breaches are Due to Social Engineering and Phishing Attacks

Mar 31, 2020 8:50:03 AM By Roger Grimes

If you’ve heard me speak the last two years, read any of my articles, or watched any of my webinars, you’ve probably heard me say, “Seventy to ninety percent of all malicious breaches are ...

Every Computer Defense Has Three Main Pillars

Mar 26, 2020 8:32:15 AM By Roger Grimes

Defense-in-Depth is a dogmatic term used in the computer defense industry to indicate that every computer defense has to be made up of multiple, overlapping defenses positioned to best ...

The Effectiveness of Educating End Users With a Test-Out Quiz

Mar 17, 2020 12:54:14 PM By Roger Grimes

Use a “test-out” quiz as a way to get people who are normally resistant to training to proactively take the training. They think they are taking a quiz to avoid the training, but in ...

Security Awareness Training Blog

View Topics