We Don’t Phish: Erin Gallagher on Doing Awareness Differently
"We don't phish our employees."
That’s not something you hear every day. But it’s exactly what Erin Gallagher learned—seven interviews into joining Fastly. As someone who used to lead phishing programmes, it was a bit of a shock.
In this episode, Erin joins Ant to chat about what security awareness looks like when you ditch phishing simulations. Turns out, it’s less about testing people and more about building relationships. At Fastly, they prioritise engagement, keep training short and relevant, and use Slack (not email) as their main communication channel. No stiff corporate vibes here.
We also talk about how phishing can be reframed as just one tool in the awareness toolkit, especially when used thoughtfully and with the right audience. Erin shares some brilliant insights on simplifying training, measuring success without click rates, and why she secretly dreams of being a physical pen tester (spoiler: she’d be great at it).
If you’ve ever felt stuck in the cycle of monthly phishing emails or worried that your awareness programme is more about numbers than people, this episode is a refreshing listen.
👤 Connect with Erin on LinkedIn