Teaching someone to catch a phish is more sustainable for long-term cyber resilience than using email security tools alone.