I delivered a bittersweet message to a CEO last week. We had completed an external penetration test that included social engineering and phishing. While the client had made many improvements since our last penetration test, a couple helpful end-users helped us bypass their security enhancements. The message I shared went something like this — “The URL filtering solution you deployed …