Jeffrey Wheatman sits down with Cary Johnson, founder of Phishbusters Audit and Consulting, to expose the failures of traditional phishing simulations. They discuss why standard metrics fall short, how self-assessment distorts results, and what it really takes to track — and influence — behavioral change in security awareness programs.