
What Happens When Users Keep Failing? And Should We Punish Them?
From All Things Human Risk Management by Hoxhunt
June 29, 2025 · 50 min · Episode 3
About this episode
The episode discusses whether punishing employees for security mistakes is effective or if there are better alternatives.
Episode #3 Should We Punish Employees for Security Mistakes? Eliot is joined by Noora Ahmed-Moshe VP of Strategy & Operations, Hoxhunt) for a discussion on one of cybersecurity’s most divisive questions: should repeat offenders in training programs be punished... or is there a better way? Leveraging on behavioral science, real-world case studies, and Noora’s global experience advising security leaders, this episode breaks down the flawed logic behind punitive training and surfaces more effective, scalable alternatives. Here’s what you’ll learn in this episode: Why punishment-based training strategies often backfire and how they can destroy psychological safety How to understand the psychology of repeat clickers and uncover hidden motivations What neuroscience and behavioral science say about fear vs. positive reinforcement in learning How real organizations shifted from punitive to positive - and saw massive gains in threat reporting and engagement Why individualized, adaptive training paths outperform one-size-fits-all models What to do when even your best-designed training isn’t working for a small subset of users The unintended consequences of using HR as a disciplinary…
People in this episode
Host: Eliot Baker
Guest: Noora Ahmed-Moshe
Topics covered
- cybersecurity
- behavioral science
- training strategies
- psychological safety
Keywords
- punitive training
- positive reinforcement
- threat reporting
- engagement
- individualized training
More episodes of All Things Human Risk Management
- Your Security Awareness Program Has Plateaued - What Happens Next? · March 12, 2026 · 1h 2m
- The Ethical Guide to Security Storytelling: Navigating Real Breaches with Care and Respect · February 2, 2026 · 34 min
- The Attacks Getting Through Your Filters (and How AI Is Scaling Social Engineering) · December 22, 2025 · 38 min
- Does Security Awareness Training Even Work? Fixing the Flaws Behind “Training Fails” Headlines · November 16, 2025 · 38 min
- State of Phishing 2025: Why SVGs Spiked (and What Still Works) · October 30, 2025 · 46 min
- A CISO’s Playbook for Security Comms (with Jeffrey Brown) · October 14, 2025 · 53 min
Explore listener stats, chart rankings, contacts and more on the All Things Human Risk Management podcast page.