The intruder's surest path into Meridian isn't a software bug — it's an employee. This chapter goes past the awareness level into the mechanics: how phishing campaigns are built and detected, how email authentication actually works, and how to build human defenses that hold. It's where the technical controls meet the person at the keyboard.
4 topics
You cannot patch a person, and attackers know it — which is why phishing and social engineering remain the most common way in, ahead of any software exploit. This chapter treats the human layer as an engineering problem: how the attacks are built, how technical controls like email authentication blunt them, and how to turn a workforce from the weakest link into a sensor that warns the SOC.
Four topics: phishing at scale and the targeted spear-phishing that evades filters, email authentication with SPF, DKIM, and DMARC, pretexting and physical security beyond the inbox, and building human defenses through training, culture, and process. The through-line is that human and technical defenses are one system — assume the click, and make it survivable.
Defending the human layer — three lines that must all hold