Networking Unleashed: Building Profitable Connections. An Interview with Craig Taylor and Michael A Forman
- mforman521
- Jul 11
- 21 min read

📍 📍 Welcome back to Networking Unleashed, where we explore the real power of relationships and how they drive business success. I'm your host, Michael Forman, and today we're diving into a conversation that bridges behavior, communication, and cybersecurity in a way you've probably never heard before.
My guest is an expert in using positive reinforcement training, meth positive reinforcement training methods to teach cyber literacy, challenging the fear-based tactics we often see in fake phishing tests. He believes that how we train people to protect data is deeply connected to how we build, trust, communicate, and network in the digital world.
If you've ever wondered how human behavior impacts everything from password habits to professional partnerships, this is the episode for you. So let's explore how a more positive connected approach could be the future of both cybersecurity. And networking. I would like to welcome Craig onto the podcast today and he is the expert that I was so diligently speaking about.
Craig, how are you? Welcome to the show and give us a little bit about your background. Michael, that is a wonderful introduction. Thank you for having me today. I'm really excited to be here and I do agree with you in that introduction how positive reinforcement and experiences between professionals, between IT departments and employees, between partnerships really has the ability to solidify, strengthen.
And enhance relationships. So it makes a perfect fit in my mind for being on networking unleashed. This is exactly the kind of thing we need more of. And so thank you for that. My, my background, just a brief introduction I've been doing, I. Cybersecurity after I got a psychology degree in the early nineties, before there was a worldwide web, I got into cybersecurity.
My first job outta college after a psychology degree was for a firewall vendor, and I must have bought a stack of books that would go up about 6, 3, 4 feet off the floor on the, they were all the O'Reilly books. I don't know if anyone would remember those, but they had an animal on each cover. So there was send mail and there was DNS and Bind and all these different internet protocols.
I had to read and learn 'cause I didn't have a computer science degree. But I'd been on the internet since the early days since before modems when you had, fixed connections and we had to convince companies to, when they're networking into the internet, to change the sense of that, to put a firewall in place.
I. Since that time I've worked at many Fortune 5,000 companies, like CSC, computer Sciences Corporation is what that is. And Vistaprint, JP Morgan Chase. And then I've really branched out. 10 years ago I founded Cyber Hoop to bring cyber literacy to the masses. And we have this big hairy, audacious goal or A-B-H-A-G of training a billion people with a b on cyber literacy skills.
We'll see how far we get. That's me in a nutshell though. Okay. Now I wanna tell you that I remember the internet when it was strictly for military and teachers. So the hard wire for those, it was really incredible to see where it's come and where it's gonna go. But you're gonna help us with that.
So let me hit the first question. You approach cyber literacy using positive reinforcement, how do those same principles apply to how we build and maintain professional networks? Positive reinforcement theory is defined. It might help to explain that a little bit. When you're trying to affect human behavior, you can use negative reinforcement or positive reinforcement.
Negative reinforcement by its very definition, is designed to reduce some behavior. Some thing you don't like, if you put a shock collar on a dog and it zaps the dog when they bark or when they get too close to the edge of your property. That's reducing those behaviors, but it doesn't teach the dog anything positive or valuable.
So to do that, you would need to have treat based approach with that dog. You take it to the dog park and you give it treats when it does the behaviors you want to see. And so when you're talking about relationships and this is right out of. Stephen Covey and some of the other great books that have been written, you want to reinforce in the other person or in the relationship the good things that you want to see.
It makes no sense to me to try to control another person with negative reinforcement by cajoling them, by embarrassing them, by shaming them. And so if you wouldn't do that in a personal relationship or in a partnership or a friendship, why would you do it? In a business to try to affect behaviors of your employees.
It doesn't make sense. So applying the, any of the best practices that you and I have both read about, right? Listen first to understand your friend, your partner, your colleague, and then to be understood if you apply that principle, you're gonna be very successful in business and networking and all of the, all the good things that come from that, because other people just wanna be heard.
And so you need to do that in the same sense with your employees and the, and that's what we've taken a strategic approach towards in my company. Does that answer your question? Yeah it does. Being a former business owner i've owned pizzerias, restaurants and things like that.
And really the relationship you have with your employees is that positive reinforcement. There's a big difference between a boss and a leader. Okay. I agree. If you're a boss, you're just, shouting, whatever that the upper management is doing and negatively, however it affects, doesn't really matter to you.
You just go on your way. But being a leader gives you that, that helps you with that positive reinforcement. It teaches those people under you to be leaders. And that's really the major difference, but okay. So why do you believe negative reinforcement, like fake phishing emails does more harm than good in cybersecurity training?
And how might that mindset also impact business relationships? Okay, great. So that's a two part question. The first part is very simple. When you. Send fake email messages to your employees to test their cyber literacy skills. A bunch of different negative outcomes occur first for anyone that hasn't been trained previously, and that's.
Anyone that's come out of an educational institution, whether it's high school or university, they have zero cyber literacy training. They may have computer literacy so they can read the email, they can respond to these emails, they can click on things, but they don't know anything about. Why they shouldn't click on links.
They probably know there are links out there that I shouldn't click on, but they don't know how to identify them. And so they're full of anxiety and fear. And when you send these messages, it just increases those negative effects, the feelings of inadequacy, insecurity anxiety and shame if they were to make a mistake.
Some companies go so far as to say you have a three strikes rule. If you click on three fake emails, you're fired. And that's common in banking industry where they have zero tolerance for risk and that just alienates the employee from their IT department or their managed service provider. It's eroding that relationship every single time they get an email and it's not always because they clicked on it.
Sometimes the emails are so simple minded that the employees enraged at how stupid. The IT department thinks I am that I would click on that. It's too easy to identify as a fake email and it's of questionable value, right? Why are they wasting my time with these things? On the other hand, there are IT departments who've had a mandate to catch as many people as possible to boost our our false click rates on fake emails so that we can justify our budget and they make things like, holiday bonus emails, and everybody clicks. Everybody fails, and everybody's irate. Chaos ensues. You don't have to believe me. You can go to Reddit and search phishing, P-H-I-S-H, email chaos, and you'll see dozens of Reddit threads where people are like, who does this? Why would they do this to us? Right around Christmas or the holidays, or this time of year, or that time of year.
So it, it's causing this negative affect. The second problem with it is the technology itself is broken. You cannot send a phishing email to the inbox of a user as a fake email test with any resemblance to the vendor you're impersonating for the simple reason that one spam report will lead that email to the owner of the correct domain.
So if it was a Microsoft. Impersonation attempt to see if someone would click on a reset your password for Microsoft and it had anything related to Microsoft in the domain name of the fake email sent to the inbox. Microsoft lawyers will contact the vendor of that technology and say, cease and desist.
You cannot impersonate us. And I know this from personal. Firsthand experience. We've had three companies sue us or threaten to sue us if we didn't stop using a domain name that had some minor resemblance to their company name in it. Zoom. I don't have any problems telling you this because some companies won't bother with you.
Others will zoom the IRS and Facebook meta all threatened us with lawsuits if we didn't stop impersonating them. Now, why does that matter, Michael? In the grand scheme of things. Realism matters, and if you can't impersonate a domain name as a hacker would, the end users are going to be dumbed down.
By that, I mean they'll learn that. An obviously wrong domain name from Microsoft email is all I need to know. I. And so when a hacker sends in a Microsoft Domain name that they managed to register for a short period of time, maybe a week or two, and they've taken the M and now visualize this. If you're listening to this, take that M in Microsoft and change it into an r and an N.
Leave the Microsoft in there and put on an account reset or something in the middle so that people see microsoft.com in there. And suddenly you've got everyone clicking because they haven't been trained to look for typo squatted domain names or for a domain that is off by a single letter. So that also flaws the traditional fake email testing.
We're getting into the weeds here, but suffice it to say this, I'll conclude this point with the following. A study by the University of Zurich in 2020 of 14,000 people over 15 months concluded that. Unexpectedly fake email Phish testing leads employees to click more, not less, full stop. So it doesn't work, and it's a $6 billion exercise and it leads to negative experiences for your employees and for your clients.
So why are we doing this? It doesn't make any sense. So the opposite is also true if you were to do, as we do at Cyber Hoot, a fake email phishing simulation that doesn't send the email to the inbox, but brings you to a website where we can impersonate the r and microsoft.com. In the moment if you don't know what to look for, we have a help you guide that gives you the answer in sort of an open book test, ensuring that the stimulus is this domain safe, and the response, here's the answer, are paired closely together.
That's the best of operant conditioning or human behavior modification, giving you the answer and the information in a realistic setting that allows you to learn how to fish. So all of that's to say that the employees actually appreciate being taught how to fish instead of being tricked with realistic examples.
And best of all, it's a hundred percent automated. You don't have to punch holes in your infrastructure. Secondly, you get metrics on every last person doing this because we track the delivery. You're providing every employee a positive experience, an educational experience, and a reward system. We haven't even talked about rewards, but gamification, certificates of completion, continuing education credits, and an avatar that grows in ferocity that you can compare yourself with, your peers, your colleagues, your employees.
You can show growth and improvement and cyber literacy maturity. All of those things are positive reinforcements. No different than taking a dog to the dog park to have fun and teach 'em skills with treats instead of throwing a shock collar on. And when they, bark, boom zap 'em, or when they get too close to the property edge, zap 'em.
That's great. That's great. And there are so many things. That I wanted to ask you. But because of time, I'm gonna have to go to the next question. You always answer in the entirety of the question and that I really appreciate. From your experience, how can business leaders create a culture of trust, both in networking and cybersecurity without relying on fear-based tactics?
It's communication. We started out this conversation today, Michael, with communication and making it, listening to understand and being good leaders to communicate the goals and objectives of your company. And if you do that in the goals and objectives of cyber literacy, you're gonna.
Reward the relationships that you have with your employees. If instead you send no notice, fake email, phishing tests, and people get caught up in that and then they're punished or shamed or even fired for multiple offenses, you are creating a culture of fear, anxiety, and deceit. No one wants to work in those places.
If you go deep into those Reddit threads I mentioned, you'll see people who threaten to quit. They said, this is the last straw. I can't believe they're doing this to us. I'm gonna start looking for work elsewhere. Is that the kind of culture a leader wants to have in their company? In their network, French, the networking that they establish, it's it's anathema to great relationships.
And so when you focus on good communication education before testing, right? I'm not suggesting you never send a fake email test to ver to verify. There was an old saying in the eighties, Reagan right about, I forget what it was in context of maybe Star Wars at the time, but trust but verify. Yes, you can send a fake email at some point in the future to measure that they've learned the how to fish.
But that's after you've taught them the skillset, then it's perfectly fair to ask them to prove that they know. But in the beginning, before anyone's received training that's not good leadership or good relationship building. Training is the key. Amongst everything else, even more so in what we're talking about.
But if you have a properly trained employee, you'll get far better results. But going along the communication thread. Cyber cyber breaches haven't changed much in 25 years. What do you think about the communication gaps in organizations today? I. There's been a study that a company called Verizon, you probably heard of them.
They do a stu a report every year on the breaches that have occurred in the previous year. They do it every year for 25 years now, and they did a longitudinal study that said in 2003, the number one way companies were breached was social engineering delivered via email. That's called phishing. And in 2023.
The same thing is true. The breaches we see are le are sourced from phishing attacks caused by phishing attacks and people that are unaware of it, and yet businesses are still focused on this communication style of gotcha. Let's send those gotcha emails to see if people click, because we've gotta tamp down clicks.
We gotta stop the bad behaviors. But in anything, if you don't communicate the good behaviors that you're looking for, people are gonna be fearful, anxious, and disillusioned with the leadership in this company. In your company, and so you're doing your company a disservice by not communicating the behaviors you want to see.
Looking at, and we could go back into it, but I've described it, looking through the email indicators of a phishing attack, teaching those skills and saying we want to see. More of the knowledge that protects our company. And if you see something, say something on other events as well. So communication all boils back down to communication Michael, and the problem with the industry of cyber security is it's so immature, it doesn't recognize this yet.
It's almost like growing pains where that, you know. 7-year-old who doesn't want to go to bed in cybersecurity. I'm not tired, but they are tired and it's clear. The industry doesn't realize, I don't wanna I don't wanna stop. I wanna stop the clicks without recognizing there's a positive way to go about that, that everyone will actually pay attention to.
One final point on this psychology is my background. Psychologists have studied human behavior and they've concluded that positive reinforcement methods are the most powerful behavior modification methods on the planet. Put in real terms slot machine has a variable rate positive reinforcement schedule that.
Really encourages people to keep pulling that slot machine lever to see if they're gonna win something, even as small poultry as 50 cents, 10 nickels. And that reinforces that behavior. Gambling is a very powerful reinforcement structure because it's variable rate, negative reinforcement only works when the negative.
Outcome is a certainty, and it just doesn't change behaviors. And we know this from psychology, so apply that to the way you operate your business, the way you network, the way you communicate with people. And you'll see that if you want people to really value your relationship, you need to treat them with positive, good communication, listening skills, and that sort of thing.
Okay. Alright, great. In what ways are our digital behaviors, like how we handle emails and passwords, reflections of our professional communication habits? Let me think about this. So professional communication habits sorry Michael, can we repeat that question and let, I'm trying to. Wrap my mind around it.
Okay. In what ways are our digital behaviors? Like how we handle emails and passwords, reflections of our professional communication habits. So I. For that. I'm gonna say that if you comport yourself or behave in a way that is a win-win scenario for the person on the other end of the communication, you're following a in what?
In my books is the best leadership style available. I see a lot of this and I, I don't think we want to get into politics, but I see a lot of win-lose. In our politics today, in order for one side to win, the other has to lose. And in communications in a corporate environment or on a business to business environment, you can never win with a win-lose communication style.
You have to find common ground. You have to find that overlapping concentric circles that say, Hey, if we do it this way. You are gonna win and we're gonna win. And together the result is more than the sum of the parts. So I think if you follow the approach of trying to find win-win scenarios with your colleagues, with your communication style you are going to be successful in business, you're gonna be successful in life, as opposed to any sort of a win-lose scenario.
Does that, yeah, that explains it just a little bit. Let's say a company who did not hire Cyber Hoot. And all of their employees go on their emails and everything else, and they're getting into bad habits and they continually do everything they're not supposed to do, but they're. Doing it habitually.
So they can do it by getting negative results and say, ah, so what? And they go on forth and do it again until cyber hoo comes in and says, you're doing this all the wrong way. And you get them to correct their habits. So the difference between having. A company like Cyber Hood and a company, just not having anybody is a huge difference.
And you're really putting the you're putting the company at risk by just having all the employees just go willy-nilly, by themselves, right? So the habits are very important. May I just Sure, absolutely. I'll just add onto that. I think I, I agree completely with you. The reality is people don't know what they don't know with regards to cybersecurity, and so they may worry to some extent about it, but without knowledge of what the consequences are.
They have no reinforcement, positive or negative to change their habits, but if you give them the why. If you explain to your staff with a tool like Cyber Hoo, or with any sort of cyber literacy training, why you don't want to use passwords everywhere you go, the same password. Why you need to adopt a password manager, why you need to learn how to phish, because these are clear and present dangers we all face.
The third largest economy in the world last year was cyber crime. In terms of revenue generated by email compromise, ransomware, extortion, wire fraud, that's after only the United States and China's economies, and they're in the multiple trillions. Cyber crime was in the trillion dollars of benefit to the hackers, which is attracting more hackers to that profession.
And so people don't know this. It's good to hear this on our podcast today and to learn that because it provides the necessary reinforcement that you have to do something, an ounce of prevention on cyber literacy training with your employees is gonna be worth and solve a pound of cure down the road with an incident.
You wanna avoid those incidents if at all possible, and you can do the operative word that I keep hearing is training. Yes, you have to be trained. And again, that's where cyber hoop comes in. It's to train your employees for these types of things. But training is the key.
Now, can you share a real world example of where a more empathetic or positive approach led to both cyber hygiene and stronger workplace or client relationships? Certainly I have a minor study that we did a few years back with one of our IT providers. I. They had about 50 clients and they put 40 of them into cyber who 10 refused.
And then we monitored what happened over the subsequent three year period. Now keep in mind, this is an MSP, A managed service provider who provides IT support to 50 companies around New England. After three years, 40 of the companies remained clients. The 40 that were in cyber hoop, receiving positive reinforcement, receiving training, educational training that was gamified rewarding and all of that good stuff.
They remained clients of the MSP. Of the 10 who refused that positive relationship and the benefits that came with it with training and with positive reinforcement of the ten two canceled their MSP agreements in that three year period. It's a small study. What does that mean? It means there was real value being delivered to each and every individual receiving training from the tool each month, potentially.
Perhaps there were other reasons. Here's the other statistic that was really eye-opening for the business owners of the 40 that were in cyber hoop, there wasn't one major security incident in the 10 that refused cyber hoop. There were two. Major security incidents that led to downtime and costly recovery efforts, and the loss of clients from a lack of, protection of data.
If you have a ransomware event today, it's a double extortion conundrum, right? The hackers are gonna encrypt your data, which you can hopefully restore from backup, but they're gonna exfiltrate it or take it out of your company and publish it to the internet to embarrass you. Or threaten to embarrass you unless you pay that ransom.
And so the loss of I just this year went through it with a client who had a ransomware event. The data was being threatened to be released. They had to notify all their clients that they had been breached and explain how they were gonna prevent that from happening again. And I guess the moral of this story, or the lesson learned is that through positive reinforcement, but through positive interactions.
With your clients, you can both increase retention, reduce the threat of a breach, a costly breach, either as your own company or at the companies you support and build those relationships and those networks where people actually talk to other companies in the in, in the area. And they, and we got new business because of this positive reinforcement training that we delivered at that MSP to their to other businesses. So it helped you win new business. Okay. Okay, so let's move to the leaders and that the professionals in whatever environment. How can leaders and professionals train themselves and their teams to be more cyber aware and more relationally intelligent at the same time?
When you understand this coin that I like to call negative and positive reinforcement, you understand that there are so many benefits to creating relationships based on positive experiences, right? There's an old sales strategy, I'm sure you're aware of it. You want to give your clients something three times.
Three different ways, maybe even three different methods in email or a phone call or a, some other benefit that you can extend to them before you make your first request for something on your side. And in building that relationship through those positive give give scenarios. You are going to be heard and perhaps reciprocated on that request.
Let's do business together. Why don't you buy our service, our product? And if you've done a great job of providing value to that relationship ahead of time through positive interactions, you are going to be successful in business. And if on the other hand, you don't follow that approach and your first thing, the first request out of your relationship is an ask.
Give me something that's viewed as a negative or a negative reinforcement to that relationship, and people won't pay attention to it. They won't respond to your email. They won't engage. And so I think it's a common, psychological phenomenon that for the world to work effectively together. You have to be asking yourself and as a leader in your company, showing your employees and your partners, your clients, that you are out looking out for them and demonstrate that over and over again probably before you make your first request for assistance or for a purchase or for some relationship building connection.
In the networking world going to networking events or meeting with people. You should always think to give and not receive. That's if you have a servant's heart. If Zig Ziglar really said this the best, right? But when you are looking to give, it takes all the stress, all the anxiety, all the negative feelings out whenever you're going to a networking event or something else like that, because you're just saying, look, how and when I sit down with somebody, when I'm interested in creating that relationship.
My question to him or her is, how can I make you more successful? How can I be a good referral source for you? And it usually blows 'em away. They're like I don't even know what you do yet. It, it doesn't matter, so after he goes or she goes through the entire process, we exchange business cards and everything else, but they walk away they're gonna remember me, but you have to follow through with helping them, referral, referring them or something else.
But that line of how can I make you more successful if you have that as a mindset. We really have it not just like blowing smoke, then it'll change your world and it will really change the way that people view you as well. Okay. Let's, may I just comment on that? Absolutely. Look, you're doing for us today at Cyber Hoot.
Michael, you've invited me onto your podcast. You've asked for nothing. You've offered to highlight my company, you've. Highlighted some of the high the high points and the benefits of my company all without ever asking me for anything other than to be a guest on your show, you are living and breathing the Zig Ziglar approach to networking, and that I, it's why you're podcast called Networking Unleashed.
This is very empathetic or ex a great example of that comment. Thank you. And thank you. And I try to live that way, if it lands on people, that's fine. If not, that's fine too. But let's bring this whole podcast full circle. Okay. What's your vision for the future where networking, communication, and cybersecurity are all aligned to build safer, smarter, and more connected organizations?
I. I would really love if the cybersecurity industry as a whole grew up past its, tantrum years and said, we're gonna embrace positivity. We're going to follow Zig Ziglar's give before asking approach. We're going to zero in on the positive behaviors we want to see. In the world of employees, email processing, password hygiene, all the cybersecurity skills, because by adopting the positive measures that we're talking about by reinforcing through benefits and giving employees kudos for accomplishing things and certificates of completion, all the things that we've tried to, focus in on within cyber hoop to teach cyber literacy skills and then some that we haven't think thought of. I'd love to expand into other areas. We're going to be a model. To the industry to help course correct from this negative reinforcement approach of reducing bad behaviors, which leads to poor relationships, which leads to broken partnerships and instead course correct to a positive experience, to a win-win scenario, to building and strengthening client retention through all of these good things that make people feel good.
Learning and protecting themselves and understanding the whys why all of cybersecurity matters so much, which is still a vacuum for most people. I think that would be my heart's goal of cyber hoot. And, if I had a legacy, it would be to move us from negative to positive, and I think that would be a really good.
Approach for most companies to embrace, to really reward and benefit their employees. Thank you so much. This was all very insightful for those people that didn't have this in mind for their employees, or even for them just working by themselves, it gave them food for thought. So if you wanted to have somebody contact you, either just to be, just to talk to you about cybersecurity or to hire you, what's the best way to do it?
There's. Three things I'll share with you. One is we give cyber hoot away to any individual for free for life. So if you're sitting out there and you don't have a company, or even if you do but you're not sure about things, sign up for free to learn about cyber literacy will give you our positive reinforcement Hoot fish and our awareness training videos for free.
Go to cyber hoot.com/individuals with an S on the end and you'll get everything we do for free. The second thing I'll say is that as a. Thank you for being on your show. Anyone that registers for a trial, a free trial, 30 days and we're month to month after that will get a 20% discount on their rates, whether it's a reseller or a direct, if they use the code.
Networking unleashed. In honor of Michael Foreman, we'll give you a 20% discount code for life. It won't go away. It'll be there forever. And then thirdly, if you really just want to find out more email sales@cyberhoot.com and we'll reach out to you. We can do a demo. We can share whatever information you're after.
So thank you for the opportunity to give you those things as a listener of this wonderful podcast. Craig, thank you very much. Thank you for coming on the show and you've been a great guest. My pleasure. Thank you, Michael.
Well, hold on folks. Don't go anywhere. Lemme just read a few of our sponsors that we have. Struggling to read success. Maybe. Time to quit in Quit Your Way to Success by Rodney Davis. This reveals 27 steps to Breaking Bad Habits that hold you back. This powerful book helps you rewire your mindset, take control of your actions, and turn setbacks into stepping stones with real life examples.
Motivational quotes and actionable lessons, especially for sales professional, you'll gain the tools to quit what's stopping you and start winning. Transform your future today. So quit Your Way to Success by Rodney Davis. Available now on Amazon. And this is a nonprofit called Revved Up Kids. This is something I believe in Wholeheartedly Revved Up Kids is on a mission to protect children and teens from sexual abuse, exploitation, and trafficking.
They provide prevention, training programs for children, teens, and adults. To learn more, go to rev up kids.org. That's R-E-V-V-E-D-U-P-K-I-D-S. Dot org.
Michael is a business networking expert specializing in enhancing professionals' networking and communication skills to drive profitability. As a leading authority in this field, he is highly sought after for his dynamic presentations and workshops. His extensive experience has consistently led to significant improvements in corporate profitability by empowering individuals and organizations to connect more effectively and efficiently.
Digital Courses
Comments