Cybersecurity threats continue to evolve, and phishing remains one of the most common and dangerous risks facing businesses of all sizes. Dan Thornton, Co Founder and CEO of Goldphish, set out to change the way organizations approach security awareness by creating training that is engaging, practical, and built for real people. In this interview for Website Planet, he shares how Goldphish began, the challenges companies face with phishing, and what makes their approach to cybersecurity training stand out in a crowded market.
What inspired the launch of Goldphish and how has the company’s mission evolved since its early days?
Goldphish started the way many good ideas do: with frustration, determination, and a desire to fix something broken.
I kept seeing cybersecurity training that felt like homework written by a compliance officer in a beige cubicle. It was dull, forgettable, and completely missed the point because people don’t learn if they are disengaged.
So we built something better, training that people actually watch, understand, and remember.
What began as a small idea to make security awareness engaging has evolved into a full mission:
- Help small businesses stay safe
- Train real people, not just satisfy compliance checkboxes
- Bring much needed personality into cybersecurity
What are the biggest challenges organizations face in tackling phishing threats, and how does Goldphish help address them?
Many organizations fall into denial or overconfidence. They believe spam filters will protect them, assume their staff already know better, or think training once a year is sufficient.
Phishing works precisely because it is emotional, fast, and deceptive. If employees panic click on a fraudulent email such as a fake request from the CEO, serious problems follow.
Goldphish addresses this by:
- Sending realistic simulated phishing emails
- Delivering short, engaging training content
- Building a culture where mistakes are reported, not hidden
We don’t just tell people not to click suspicious links. We show them what suspicious looks like and how not to fall for it.
How do you ensure your phishing simulations remain both realistic and ethical across different industries?
The goal is to make simulations believable but not harmful.
We avoid tasteless or traumatic stunts such as fake layoffs or HR violations. Instead, we focus on realistic, timely scenarios that employees are likely to encounter, such as fake delivery updates, invoice requests, or the classic urgent CEO scam.
The objective is education, not humiliation. If employees feel targeted instead of supported, the training has already failed.
How often do you update your training materials and phishing templates to keep pace with evolving cyber threats?
Constantly. Cybercriminals don’t take breaks, and neither do we.
We release new content regularly including monthly phishing templates, fresh training episodes, and timely updates when new threats make headlines, such as AI generated scams or reCAPTCHA exploits.
If training materials are outdated, they are ineffective. Our goal is to ensure clients always have access to current, relevant, and practical content.
What makes Goldphish’s approach to cybersecurity training stand out from other solutions in the market?
Most vendors design for large enterprises or focus on industry recognition. Goldphish was built specifically for small businesses, organizations that cannot afford dedicated security teams, have limited time, and need training that works.
Here is what sets us apart:
- Effective content. Short, clear, engaging, and human. No corporate jargon or fear tactics, just training that resonates.
- Simplicity. Our platform is easy to use, easy to deploy, and focused entirely on security awareness.
- Support. We partner closely with clients, offering real support from real people.
- Affordability. Quality security training should be accessible to all businesses, not just those with large budgets.
At the end of the day, we are not chasing awards. Our priority is keeping businesses secure and employees confident.
