cdt.ca

California Dept. of Technology effectively bans phishing training for state employees In October 2020 the California Department of Technology issued an update to the State Information Management Manual (SIMM): **SIMM 5320-A** which can be found at this link on their site: [https://cdt.ca.gov/wp-content/uploads/2020/10/SIMM5320-A-Phishing-Exercise-Standard\_2020-0930.pdf](https://cdt.ca.gov/wp-content/uploads/2020/10/SIMM5320-A-Phishing-Exercise-Standard_2020-0930.pdf) This is almost genius level maladministration because while the policy pretends to facilitate phishing training it makes it all but impossible to ever run an effective phishing campaign. It used to be that security experts would criticize state agencies for never running phishing exercises or for using such obvious, lame, and infrequent phishing exercises that the effort was practically meaningless. Now that more of their state agencies are using sophisticated training programs like Terranova Security, SANS, and KnowBe4 there's been pressure from non-technical managers to reduce or eliminate phishing exercises and most of the reason for this is the people who click on sh!t the most are the upper managers and they can't stand being embarrassed or shown up as incompetent. The proper response to political appointees and managers being embarrassed is not for these people to step up their skills but to remove the very thing that can hold them accountable for their actions. The way this works is phishing exercises will require so many levels of conditions and approvals that no one is going to want to even try to carry out a phishing exercise. If they do try it then you can rest assured that their request will die a slow, silent death courtesy of the same bureaucracy that sent millions of dollars in unemployment payments to prison inmates. No wonder why nothing works in California these days!

California Dept. of Technology effectively bans phishing training for state employees In October 2020 the California Department of Technology issued an update to the State Information Management Manual (SIMM): **SIMM 5320-A** which can be found at this link on their site: [https://cdt.ca.gov/wp-content/uploads/2020/10/SIMM5320-A-Phishing-Exercise-Standard\_2020-0930.pdf](https://cdt.ca.gov/wp-content/uploads/2020/10/SIMM5320-A-Phishing-Exercise-Standard_2020-0930.pdf) This is almost genius level maladministration because while the policy pretends to facilitate phishing training it makes it all but impossible to ever run an effective phishing campaign. It used to be that security experts would criticize state agencies for never running phishing exercises or for using such obvious, lame, and infrequent phishing exercises that the effort was practically meaningless. Now that more of their state agencies are using sophisticated training programs like Terranova Security, SANS, and KnowBe4 there's been pressure from non-technical managers to reduce or eliminate phishing exercises and most of the reason for this is the people who click on sh!t the most are the upper managers and they can't stand being embarrassed or shown up as incompetent. The proper response to political appointees and managers being embarrassed is not for these people to step up their skills but to remove the very thing that can hold them accountable for their actions. The way this works is phishing exercises will require so many levels of conditions and approvals that no one is going to want to even try to carry out a phishing exercise. If they do try it then you can rest assured that their request will die a slow, silent death courtesy of the same bureaucracy that sent millions of dollars in unemployment payments to prison inmates. No wonder why nothing works in California these days!

California Dept. of Technology effectively bans phishing training for state employees In October 2020 the California Department of Technology issued an update to the State Information Management Manual (SIMM): **SIMM 5320-A** which can be found at this link on their site: [https://cdt.ca.gov/wp-content/uploads/2020/10/SIMM5320-A-Phishing-Exercise-Standard\_2020-0930.pdf](https://cdt.ca.gov/wp-content/uploads/2020/10/SIMM5320-A-Phishing-Exercise-Standard_2020-0930.pdf) This is almost genius level maladministration because while the policy pretends to facilitate phishing training it makes it all but impossible to ever run an effective phishing campaign. It used to be that security experts would criticize state agencies for never running phishing exercises or for using such obvious, lame, and infrequent phishing exercises that the effort was practically meaningless. Now that more of their state agencies are using sophisticated training programs like Terranova Security, SANS, and KnowBe4 there's been pressure from non-technical managers to reduce or eliminate phishing exercises and most of the reason for this is the people who click on sh!t the most are the upper managers and they can't stand being embarrassed or shown up as incompetent. The proper response to political appointees and managers being embarrassed is not for these people to step up their skills but to remove the very thing that can hold them accountable for their actions. The way this works is phishing exercises will require so many levels of conditions and approvals that no one is going to want to even try to carry out a phishing exercise. If they do try it then you can rest assured that their request will die a slow, silent death courtesy of the same bureaucracy that sent millions of dollars in unemployment payments to prison inmates. No wonder why nothing works in California these days!

California Dept. of Technology effectively bans phishing training for state employees In October 2020 the California Department of Technology issued an update to the State Information Management Manual (SIMM): **SIMM 5320-A** which can be found at this link on their site: [https://cdt.ca.gov/wp-content/uploads/2020/10/SIMM5320-A-Phishing-Exercise-Standard\_2020-0930.pdf](https://cdt.ca.gov/wp-content/uploads/2020/10/SIMM5320-A-Phishing-Exercise-Standard_2020-0930.pdf) This is almost genius level maladministration because while the policy pretends to facilitate phishing training it makes it all but impossible to ever run an effective phishing campaign. It used to be that security experts would criticize state agencies for never running phishing exercises or for using such obvious, lame, and infrequent phishing exercises that the effort was practically meaningless. Now that more of their state agencies are using sophisticated training programs like Terranova Security, SANS, and KnowBe4 there's been pressure from non-technical managers to reduce or eliminate phishing exercises and most of the reason for this is the people who click on sh!t the most are the upper managers and they can't stand being embarrassed or shown up as incompetent. The proper response to political appointees and managers being embarrassed is not for these people to step up their skills but to remove the very thing that can hold them accountable for their actions. The way this works is phishing exercises will require so many levels of conditions and approvals that no one is going to want to even try to carry out a phishing exercise. If they do try it then you can rest assured that their request will die a slow, silent death courtesy of the same bureaucracy that sent millions of dollars in unemployment payments to prison inmates. No wonder why nothing works in California these days!

California Dept. of Technology effectively bans phishing training for state employees In October 2020 the California Department of Technology issued an update to the State Information Management Manual (SIMM): **SIMM 5320-A** which can be found at this link on their site: [https://cdt.ca.gov/wp-content/uploads/2020/10/SIMM5320-A-Phishing-Exercise-Standard\_2020-0930.pdf](https://cdt.ca.gov/wp-content/uploads/2020/10/SIMM5320-A-Phishing-Exercise-Standard_2020-0930.pdf) This is almost genius level maladministration because while the policy pretends to facilitate phishing training it makes it all but impossible to ever run an effective phishing campaign. It used to be that security experts would criticize state agencies for never running phishing exercises or for using such obvious, lame, and infrequent phishing exercises that the effort was practically meaningless. Now that more of their state agencies are using sophisticated training programs like Terranova Security, SANS, and KnowBe4 there's been pressure from non-technical managers to reduce or eliminate phishing exercises and most of the reason for this is the people who click on sh!t the most are the upper managers and they can't stand being embarrassed or shown up as incompetent. The proper response to political appointees and managers being embarrassed is not for these people to step up their skills but to remove the very thing that can hold them accountable for their actions. The way this works is phishing exercises will require so many levels of conditions and approvals that no one is going to want to even try to carry out a phishing exercise. If they do try it then you can rest assured that their request will die a slow, silent death courtesy of the same bureaucracy that sent millions of dollars in unemployment payments to prison inmates. No wonder why nothing works in California these days!

California Dept. of Technology effectively bans phishing training for state employees In October 2020 the California Department of Technology issued an update to the State Information Management Manual (SIMM): **SIMM 5320-A** which can be found at this link on their site: [https://cdt.ca.gov/wp-content/uploads/2020/10/SIMM5320-A-Phishing-Exercise-Standard\_2020-0930.pdf](https://cdt.ca.gov/wp-content/uploads/2020/10/SIMM5320-A-Phishing-Exercise-Standard_2020-0930.pdf) This is almost genius level maladministration because while the policy pretends to facilitate phishing training it makes it all but impossible to ever run an effective phishing campaign. It used to be that security experts would criticize state agencies for never running phishing exercises or for using such obvious, lame, and infrequent phishing exercises that the effort was practically meaningless. Now that more of their state agencies are using sophisticated training programs like Terranova Security, SANS, and KnowBe4 there's been pressure from non-technical managers to reduce or eliminate phishing exercises and most of the reason for this is the people who click on sh!t the most are the upper managers and they can't stand being embarrassed or shown up as incompetent. The proper response to political appointees and managers being embarrassed is not for these people to step up their skills but to remove the very thing that can hold them accountable for their actions. The way this works is phishing exercises will require so many levels of conditions and approvals that no one is going to want to even try to carry out a phishing exercise. If they do try it then you can rest assured that their request will die a slow, silent death courtesy of the same bureaucracy that sent millions of dollars in unemployment payments to prison inmates. No wonder why nothing works in California these days!

California Dept. of Technology effectively bans phishing training for state employees In October 2020 the California Department of Technology issued an update to the State Information Management Manual (SIMM): **SIMM 5320-A** which can be found at this link on their site: [https://cdt.ca.gov/wp-content/uploads/2020/10/SIMM5320-A-Phishing-Exercise-Standard\_2020-0930.pdf](https://cdt.ca.gov/wp-content/uploads/2020/10/SIMM5320-A-Phishing-Exercise-Standard_2020-0930.pdf) This is almost genius level maladministration because while the policy pretends to facilitate phishing training it makes it all but impossible to ever run an effective phishing campaign. It used to be that security experts would criticize state agencies for never running phishing exercises or for using such obvious, lame, and infrequent phishing exercises that the effort was practically meaningless. Now that more of their state agencies are using sophisticated training programs like Terranova Security, SANS, and KnowBe4 there's been pressure from non-technical managers to reduce or eliminate phishing exercises and most of the reason for this is the people who click on sh!t the most are the upper managers and they can't stand being embarrassed or shown up as incompetent. The proper response to political appointees and managers being embarrassed is not for these people to step up their skills but to remove the very thing that can hold them accountable for their actions. The way this works is phishing exercises will require so many levels of conditions and approvals that no one is going to want to even try to carry out a phishing exercise. If they do try it then you can rest assured that their request will die a slow, silent death courtesy of the same bureaucracy that sent millions of dollars in unemployment payments to prison inmates. No wonder why nothing works in California these days!

California Dept. of Technology effectively bans phishing training for state employees In October 2020 the California Department of Technology issued an update to the State Information Management Manual (SIMM): **SIMM 5320-A** which can be found at this link on their site: [https://cdt.ca.gov/wp-content/uploads/2020/10/SIMM5320-A-Phishing-Exercise-Standard\_2020-0930.pdf](https://cdt.ca.gov/wp-content/uploads/2020/10/SIMM5320-A-Phishing-Exercise-Standard_2020-0930.pdf) This is almost genius level maladministration because while the policy pretends to facilitate phishing training it makes it all but impossible to ever run an effective phishing campaign. It used to be that security experts would criticize state agencies for never running phishing exercises or for using such obvious, lame, and infrequent phishing exercises that the effort was practically meaningless. Now that more of their state agencies are using sophisticated training programs like Terranova Security, SANS, and KnowBe4 there's been pressure from non-technical managers to reduce or eliminate phishing exercises and most of the reason for this is the people who click on sh!t the most are the upper managers and they can't stand being embarrassed or shown up as incompetent. The proper response to political appointees and managers being embarrassed is not for these people to step up their skills but to remove the very thing that can hold them accountable for their actions. The way this works is phishing exercises will require so many levels of conditions and approvals that no one is going to want to even try to carry out a phishing exercise. If they do try it then you can rest assured that their request will die a slow, silent death courtesy of the same bureaucracy that sent millions of dollars in unemployment payments to prison inmates. No wonder why nothing works in California these days!

California Dept. of Technology effectively bans phishing training for state employees In October 2020 the California Department of Technology issued an update to the State Information Management Manual (SIMM): **SIMM 5320-A** which can be found at this link on their site: [https://cdt.ca.gov/wp-content/uploads/2020/10/SIMM5320-A-Phishing-Exercise-Standard\_2020-0930.pdf](https://cdt.ca.gov/wp-content/uploads/2020/10/SIMM5320-A-Phishing-Exercise-Standard_2020-0930.pdf) This is almost genius level maladministration because while the policy pretends to facilitate phishing training it makes it all but impossible to ever run an effective phishing campaign. It used to be that security experts would criticize state agencies for never running phishing exercises or for using such obvious, lame, and infrequent phishing exercises that the effort was practically meaningless. Now that more of their state agencies are using sophisticated training programs like Terranova Security, SANS, and KnowBe4 there's been pressure from non-technical managers to reduce or eliminate phishing exercises and most of the reason for this is the people who click on sh!t the most are the upper managers and they can't stand being embarrassed or shown up as incompetent. The proper response to political appointees and managers being embarrassed is not for these people to step up their skills but to remove the very thing that can hold them accountable for their actions. The way this works is phishing exercises will require so many levels of conditions and approvals that no one is going to want to even try to carry out a phishing exercise. If they do try it then you can rest assured that their request will die a slow, silent death courtesy of the same bureaucracy that sent millions of dollars in unemployment payments to prison inmates. No wonder why nothing works in California these days!

California Dept. of Technology effectively bans phishing training for state employees In October 2020 the California Department of Technology issued an update to the State Information Management Manual (SIMM): **SIMM 5320-A** which can be found at this link on their site: [https://cdt.ca.gov/wp-content/uploads/2020/10/SIMM5320-A-Phishing-Exercise-Standard\_2020-0930.pdf](https://cdt.ca.gov/wp-content/uploads/2020/10/SIMM5320-A-Phishing-Exercise-Standard_2020-0930.pdf) This is almost genius level maladministration because while the policy pretends to facilitate phishing training it makes it all but impossible to ever run an effective phishing campaign. It used to be that security experts would criticize state agencies for never running phishing exercises or for using such obvious, lame, and infrequent phishing exercises that the effort was practically meaningless. Now that more of their state agencies are using sophisticated training programs like Terranova Security, SANS, and KnowBe4 there's been pressure from non-technical managers to reduce or eliminate phishing exercises and most of the reason for this is the people who click on sh!t the most are the upper managers and they can't stand being embarrassed or shown up as incompetent. The proper response to political appointees and managers being embarrassed is not for these people to step up their skills but to remove the very thing that can hold them accountable for their actions. The way this works is phishing exercises will require so many levels of conditions and approvals that no one is going to want to even try to carry out a phishing exercise. If they do try it then you can rest assured that their request will die a slow, silent death courtesy of the same bureaucracy that sent millions of dollars in unemployment payments to prison inmates. No wonder why nothing works in California these days!