Podcast appearances and mentions of ariana mirian

You click on a link in an email—as one does. Suddenly you see a message from your organization, “You've been phished! Now you need some training!” What do you do next? If you're like most busy humans, you skip it and move on.Researcher Ariana Mirian (and co-authors Grant Ho, Elisa Luo, Khang Tong, Euyhyun Lee, Lin Liu, Christopher A. Longhurst, Christian Dameff, Stefan Savage, Geoffrey M. Voelker) uncovered similar results in their study “Understanding the Efficacy of Phishing Training in Practice.” The solution? Ariana suggests focusing on a more effective fix: designing safer systems.In the episode we talk about:Annual cybersecurity awareness training doesn't reduce the likelihood of clicking on phishing links, even if completed recently. Employees who finished training recently show similar phishing failure rates to those who completed it months ago. The study notes, “Employees who recently completed such training, which has significant focus on social engineering and phishing defenses, have similar phishing failure rates compared to other employees who completed awareness training many months ago.”Phishing simulations combined with training (where companies send out fake phishing emails to employees and, for those who click on the links, lead those employees through training) had little impact on whether participants would click phishing links in the future. Ariana was hopeful about interactive training but found that too few participants engaged with it to draw meaningful conclusions. The type of phishing lure (e.g., password reset vs. vacation policy change) influenced whether users clicked. Ariana warned that certain lures could artificially lower click rates.Ultimately, Ariana suggests focusing on designing safer systems—where the burden is taken off the end users. She recommends two-factor authentication, using phishing-resistant hardware keys (like YubiKeys), and blocking phishing emails before they reach users.This quote from the study stood out to me: “Our results suggest that organizations like ours should not expect training, as commonly deployed today, to substantially protect against phishing attacks—the magnitude of protection afforded is simply too small and employees remain susceptible even after repeated training.”This highlights the need for safer system design, especially for critical services like email, which—and this is important—inherently relies on users clicking links.Ariana Mirian is a senior security researcher at Censys. She completed her PhD at UC San Diego and co-authored the paper, “Understanding the Efficacy of Phishing Training in Practice.”G. Ho et al., "Understanding the Efficacy of Phishing Training in Practice," in 2025 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, 2025, pp. 37-54, doi: 10.1109/SP61157.2025.00076.

Another medical testing firm is hit by the third-party breach at AMCA. More officials say there’s no EternalBlue involved in Baltimore’s ransomware attack. (And that attack may have involved some doxing, too--investigation is underway.) Real hacking isn’t like the movies. It’s alive: Frankenstein malware, that is. Huawei offers a no-spy agreement. The draft US Data Strategy is out. Really, you should patch for BlueKeep. A university’s donor list exposed online. Ben Yelin from UMD CHHS on secret tracking pixels in emails to the Navy Times in a controversial legal case. Tamika Smith speaks with Ariana Mirian from UC San Diego on research on the Hacker for Hire market. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_05.html  Support our show

Ariana is a PhD student at UC San Diego, where she works with the Sysnet, CryptoSec, and CNS groups at UCSD, as well as the Center for Evidence-based Security Research (CESR). She is advised by Geoff Voelker and Stefan Savage. As an undergrad, she started her academic journey in a security lab as an coder. She soon realized that the world of security would be an enthralling space that has repercussions for everyone that uses a computer today, and after doing some coding, she then moved more into a research-oriented role. She discovered that one of security's problems revolved around users and how users interact with our various security mechanisms; and what good are our security mechanisms if they fail to protect people? She then decided to dive into the intersection of usable security and empirical analysis, or how we can use environmental studies to determine user behavior, where is it going wrong, and how we can fix it. This is the philosophy that drives her research Series: "UCTV Prime" [Science] [Show ID: 33422]

Ariana is a PhD student at UC San Diego, where she works with the Sysnet, CryptoSec, and CNS groups at UCSD, as well as the Center for Evidence-based Security Research (CESR). She is advised by Geoff Voelker and Stefan Savage. As an undergrad, she started her academic journey in a security lab as an coder. She soon realized that the world of security would be an enthralling space that has repercussions for everyone that uses a computer today, and after doing some coding, she then moved more into a research-oriented role. She discovered that one of security's problems revolved around users and how users interact with our various security mechanisms; and what good are our security mechanisms if they fail to protect people? She then decided to dive into the intersection of usable security and empirical analysis, or how we can use environmental studies to determine user behavior, where is it going wrong, and how we can fix it. This is the philosophy that drives her research Series: "UCTV Prime" [Science] [Show ID: 33422]

Ariana is a PhD student at UC San Diego, where she works with the Sysnet, CryptoSec, and CNS groups at UCSD, as well as the Center for Evidence-based Security Research (CESR). She is advised by Geoff Voelker and Stefan Savage. As an undergrad, she started her academic journey in a security lab as an coder. She soon realized that the world of security would be an enthralling space that has repercussions for everyone that uses a computer today, and after doing some coding, she then moved more into a research-oriented role. She discovered that one of security's problems revolved around users and how users interact with our various security mechanisms; and what good are our security mechanisms if they fail to protect people? She then decided to dive into the intersection of usable security and empirical analysis, or how we can use environmental studies to determine user behavior, where is it going wrong, and how we can fix it. This is the philosophy that drives her research Series: "UCTV Prime" [Science] [Show ID: 33422]

Ariana is a PhD student at UC San Diego, where she works with the Sysnet, CryptoSec, and CNS groups at UCSD, as well as the Center for Evidence-based Security Research (CESR). She is advised by Geoff Voelker and Stefan Savage. As an undergrad, she started her academic journey in a security lab as an coder. She soon realized that the world of security would be an enthralling space that has repercussions for everyone that uses a computer today, and after doing some coding, she then moved more into a research-oriented role. She discovered that one of security's problems revolved around users and how users interact with our various security mechanisms; and what good are our security mechanisms if they fail to protect people? She then decided to dive into the intersection of usable security and empirical analysis, or how we can use environmental studies to determine user behavior, where is it going wrong, and how we can fix it. This is the philosophy that drives her research Series: "UCTV Prime" [Science] [Show ID: 33422]