Craig Taylor is a Certified Information Systems Security Professional (CISSP) since 2001 and a 30-year veteran of cybersecurity. In 2014, he co-founded CyberHoot, a cybersecurity awareness training company built on a simple but powerful premise: people learn better through positive reinforcement than through fear. CyberHoot serves more than 350 MSP partners, 100 direct customers, and over 100,000 end users worldwide. Craig also leads a cybersecurity consultancy that has delivered virtual Chief Information Security Officer (vCISO) services to more than 50 companies across a wide range of industries and sizes.
Throughout his career, Craig has led cybersecurity organizations at the intersection of high stakes and high complexity. He built and led security teams in web hosting at CSC, financial services at JP Morgan Chase, and manufacturing at Vistaprint, each environment demanding a different approach to culture, risk tolerance, and human behavior. Those experiences taught him that the hardest cybersecurity problems are rarely technical. They are organizational. Getting people to change behavior, make better decisions under pressure, and take ownership of their role in security requires the same skills as any leadership challenge: trust, clear communication, and a culture where doing the right thing is rewarded rather than punished. That insight is the foundation CyberHoot was built on.
Beyond the business, Craig brings a lifelong commitment to service and personal development. He is a Toastmaster, a Rotarian in Portsmouth, NH, and a 12-year Pan-Mass Challenge rider who has raised more than $150,000 for Dana-Farber Cancer Institute, covering 192 miles every August in support of cancer research.
Here is a comprehensive list of cybersecurity topics:
1. Cybersecurity Awareness Training & Human Risk Management
– The weakest link in security: Why employees are the top target for cybercriminals
– Positive reinforcement in cybersecurity: Why punishment-based training fails
– The psychology of why people fall for phishing attacks (and how to fix it)
– Gamification in security awareness training: Making security fun and engaging
– Why traditional security training is broken and how to fix it
– How behavioral science improves security awareness programs
– Short, engaging, and humorous training: Why it works better than fear-based tactics
– The biggest mistakes companies make in cybersecurity training
– How to create a cyber-aware culture in any organization
– The impact of social engineering attacks and how to defend against them
2. Risk Management & Cybersecurity Resilience
– Cyber Risk 101: What every business owner needs to know
– How to build a cybersecurity risk management framework
– The role of psychology in risk management and decision-making
– Cyber insurance & risk: What businesses need to know before buying a policy
– Measuring cybersecurity risk: What’s working, what’s failing, and what’s next
– The biggest cybersecurity blind spots in small and medium-sized businesses
– How business continuity planning ties into cybersecurity resilience
– Compliance vs. security: Why meeting standards doesn’t mean you’re secure
– The NIST Cybersecurity Framework: How businesses should implement it
– Incident response planning: Why it’s critical before a breach occurs
– The financial impact of cyberattacks and how to mitigate losses
3. vCISO & SMB Cybersecurity Strategy
– The role of a vCISO and why SMBs need one
– How to build a security program from scratch for SMBs
– The biggest cybersecurity misconceptions among SMBs
– Why MSPs struggle with security and how they can fix it
– Building a vCISO Peer Group: Lessons learned from the trenches
– The challenges of managing cybersecurity at scale for SMBs
– How SMBs can implement enterprise-level security on a budget
– Selling cybersecurity to leadership: How to get buy-in from decision-makers
– Cybersecurity for non-technical leaders: What executives need to know
– Virtual vs. in-house CISOs: What businesses should consider
4. Phish Testing & Social Engineering Defense
– Phishing simulations done right: Why positive reinforcement works better than shame
– The evolution of phishing attacks: Why they’re more dangerous than ever
– Why employees keep failing phishing tests and what to do about it
– Spear phishing, whaling, and BEC scams: How attackers are evolving
– How attackers exploit emotions in phishing scams
– AI & deepfake phishing threats: What’s coming next?
– The dangers of smishing (SMS phishing) and vishing (voice phishing)
– Phishing-resistant authentication: What businesses should implement now
5. Learning Management Systems (LMS) & Cybersecurity Training Automation
– Why businesses need an LMS for security awareness
– Automating security training: How to make learning seamless
– How AI is transforming security awareness training
– Cybersecurity LMS vs. generic LMS: Why specialized training matters
– The future of cybersecurity education: Trends & emerging technologies
– How to measure cybersecurity training effectiveness
6. General Cybersecurity Topics
– The importance of minimum essential cybersecurity in SMBs and MSPs.
– Multi-Factor Authentication (MFA): Why it’s a must-have for businesses
– Password security myths: Why changing passwords every 90 days is outdated
– The role of AI in cybersecurity: Hype vs. reality
– Cloud security challenges: Common mistakes businesses make
– The biggest cybersecurity threats in 2025
– Dark Web threats: What businesses need to know
– Ransomware resilience: Preparing for the inevitable attack
– IoT security risks: How connected devices introduce new vulnerabilities
– Cybersecurity for remote workers: Managing risks in a hybrid workforce
– How businesses can defend against insider threats
– The cybersecurity skills gap: How to bridge the talent shortage
Craig Taylor’s leadership Experiences:
• Rotary Youth Leadership Award at age 17
– Learned Win-Win thinking
– Learned and applies Rotary’s Four-Way Test:
– Is it the TRUTH?
– Is it FAIR to all concerned?
– Will it build GOODWILL and BETTER FRIENDSHIPS?
– Will it be BENEFICIAL to all concerned?
• Toastmasters – earned Competent Toastmaster designation
• On Eagles Wings leadership program
• Christians On Retreat (COR) – later returned as a “Big Brother” mentor
• Rotarian since 1997 (Rochester, MN), active member today
• Leadership Seacoast (2017 cohort) – selected by peers to deliver the final class speech
• Ascending Leaders in Technology – inaugural cohort, NH Tech Alliance
• Goldman Sachs 10,000 Leadership Program – intensive 8-week executive leadership program for founders
• Pan-Mass Challenge Rider (12+ years)
– Ridden 192 miles every first weekend of August
– Raised over $150,000 for Dana-Farber Cancer Institute
– Only missed the COVID cancellation year (2020)
– Demonstrates endurance, discipline, resilience, and servant leadership