Episode 218: User Guidance and Training (Part 3) (Domain 5)

Security training must evolve with the threat landscape—and that means addressing common but high-risk topics like removable media, social engineering, and operational security (OPSEC). In this episode, we explain how removable media—like USB drives and external hard drives—pose significant threats when plugged into unmanaged or infected systems. We also explore how cables, chargers, and other seemingly harmless peripherals can be weaponized to deliver malware or steal data. Social engineering training teaches users how to resist psychological manipulation—whether it’s through pretexting, impersonation, or urgency tactics. Finally, we dive into OPSEC, helping employees understand how casual conversations, unsecured devices, or oversharing on social media can inadvertently expose sensitive operations. This part of training connects behavior to consequence—turning security into a daily awareness practice, not just a quarterly presentation.