Benjamin Olenick

Results

BMO Financial Group — 50,000+ Employees

31 → 4.1%

Phishing click rate reduction enterprise-wide over 18 months. Highest behavior-change improvement in the program's recorded history. Zero phishing-attributed account compromises in the 12 months following program maturity, down from 14 confirmed incidents the prior year.

Phishing Simulation

Ritchie Bros. (RB Global) — Global Operations

83%

Reduction in phishing-origin credential compromises year-over-year through predictive awareness targeting. High-risk user click rate dropped 71% over two years of sustained simulation and targeted training intervention across North America, Europe, and Asia-Pacific.

Predictive Targeting

Rexig Realty — 80+ Staff

23 → 6%

Click rate reduced from 23% to under 6% across four simulation cycles. Zero successful social engineering attacks against staff in the 18 months following program launch, including during two targeted credential-harvest campaigns observed in the wild against the real estate sector.

Awareness Campaigns

Programs

BMO Financial Group

Cyber Security Analyst

Oct 2018 – Oct 2020

Enterprise Phishing Simulation & Awareness Curriculum

Built the enterprise phishing simulation program from scratch for 50,000+ employees: vendor evaluation, platform procurement, template library development, multi-wave campaign cadencing, and CISO-level reporting.
Designed and delivered the companion security awareness training curriculum: role-based content tracks by business function and risk tier, new-hire onboarding stream, executive and privileged-user stream, and integration with simulation outcomes.
Completion metrics and behavior-change trends reported quarterly to the CISO organization; coordinated rollout with HR, Legal, Compliance, and all business unit leaders.
Automated simulation-to-training pipeline: click events enrolled users in targeted remediation modules within 24 hours; repeat offenders escalated to manager notification workflow.

Phishing Sim Curriculum Design CISO Reporting 50K Employees

Ritchie Bros. (RB Global)

Security Operations Lead

Mar 2021 – Feb 2023

Predictive Click-Risk Targeting & Global Awareness Program

Led and owned security awareness and phishing simulation across all global business units: template library, multi-wave campaign cadences, click-rate dashboards, and quarterly awareness reports for security leadership.
Developed a phishing click-likelihood predictive analytics pipeline that scored each employee's risk from historical simulation data, surfaced highest-risk cohorts to security leadership, and fed targeted training prioritization before incidents occurred.
Coordinated program rollout across North America, Europe, and Asia-Pacific with HR, IT, and regional business leads; produced regional risk comparison reports for the CISO.

Predictive Analytics Global Rollout Risk Scoring Stakeholder Alignment

Rexig Realty Inc.

IT Manager & Manager of Cybersecurity

Jan 2023 – Sept 2025

Full-Stack Awareness Program Under Dual IT/Security Mandate

Held dual accountability for the full IT function and cybersecurity program; designed and delivered phishing simulations, awareness campaigns, and continuous program reporting to ownership alongside managing infrastructure and IT operations.
Reduced employee phishing click rates from 23% to under 6% over four simulation cycles with targeted awareness interventions; zero successful social engineering attacks in the 18 months following program launch.
Built simulation-to-training funnel and awareness calendar; coordinated with leadership on policy updates and awareness messaging following industry incidents relevant to commercial real estate sector.

IT Manager Awareness Campaigns Policy Integration Executive Reporting

Spot the Phish

Four emails. Each has three red flags. Click what looks suspicious — this is exactly the skill I build into every awareness curriculum I design.

Email 1 of 4 Flags found: 0 / 12

Inbox — Company Mail

From IT Support <>

To you@company.com

Subject

Hi,

Our system has flagged that your company account password will expire in 2 hours. To avoid losing access to email, Slack, and internal systems, please reset it immediately using the link below.

→ Reset My Password

If you did not request this, contact IT immediately.

— IT Support Team
Helpdesk | company-support.net

Click the underlined text to identify red flags

Inbox — Company Mail

From “David Larson (CEO)” <>

To you@acme.com

Subject Quick and confidential — I need your help today

Hi,

I’m in back-to-back board meetings and can’t take calls. I have an urgent matter that needs to be handled discreetly.

I need you to pick up right away. Scratch the back and email me the codes.

— I’m tied up but will explain everything after the meeting. This is time sensitive.

Thanks,
David Larson
Chief Executive Officer
ACME Corp

Click the underlined text to identify red flags

Inbox — Company Mail

From TD Bank Security <>

To you@company.com

Subject Your account has been suspended — verify now

TD●

We have detected unusual login activity from an unrecognized device. For your protection, we have temporarily suspended your account access.

To restore access, verify your identity within 24 hours. Failure to act will result in your account being .

Verify My Account →

TD Bank Online Security | td-secure-verification.com

Click the underlined text to identify red flags

Inbox — Company Mail

From HR — Benefits Team <>

To All Staff

Subject Benefits enrollment closes TONIGHT at midnight — final notice

Hi Team,

This is your final reminder that 2026 open enrollment closes tonight at midnight.

To update your selections, click below and sign in with your .

Access Enrollment Portal →

Human Resources — Benefits Administration

Click the underlined text to identify red flags

This email: 0 / 3 flags found

out of 12 flags identified

Results

Programs

Enterprise Phishing Simulation & Awareness Curriculum

Predictive Click-Risk Targeting & Global Awareness Program

Full-Stack Awareness Program Under Dual IT/Security Mandate

Spot the Phish

Contact

Let's build your program.