In the ever-evolving landscape of cybersecurity, one practice has become almost ubiquitous: phishing tests/simulations. Organizations deploy these tests with the intention of fortifying their defenses, but I genuinely feel that constantly bombarding users with phishing simulations is a waste of time. Yes, this view may be seen as controversial, but I wanted to take a moment to explain why I feel phishing tests might not be the panacea they are…