We are back with another interview and this one is a proper conversation about what security awareness should feel like. Honest, simple and human.

This week I sat down with Dan Thornton, founder and CEO of Goldphish. Dan’s path into cyber started in the Royal Marine Commandos and moved through physical security and crisis management before one attack changed everything. NotPetya wiped out a global organisation he was supporting and it became clear that digital risk now hits harder and faster than anything physical. That moment pushed him into cyber and eventually into building Goldphish.

What I love about Dan is how grounded he is. No jargon. No overcomplication. No feature overload. Just a belief that people deserve better than long training, shame based phishing tests and compliance for the sake of compliance.

In this episode we get into:

• Why phishing is smarter, faster and more convincing
• How attackers use AI to personalise at scale
• Why shame stops people reporting
• Why SMEs struggle to run awareness properly
• Why simple, entertaining content is still the thing most companies get wrong

Dan is a big believer in incentives. If someone reports quickly, celebrate it. If a team does the right thing, make it visible. Culture grows when people feel supported, not judged.

We also talk about voice scams, deep fakes, business email compromise and how criminals are already using AI to build long form, relationship driven fraud. This space is moving and moving quickly.

There are some fun moments too. Pizza flavoured passwords, the danger of what our ChatGPT histories reveal and a few curveball questions that took us both by surprise.

If you care about human risk, culture and stripping cyber back to what works, this is a great episode to dive into. Dan brings a refreshingly practical view of awareness and why the basics still matter more than anything.

Listen now and imagine what your programme could be if you kept things simple, human and actually enjoyable.

You can find Dan at goldphish.com or on LinkedIn.