Remote operated social engineering (ROSE) attacks account for a surprising share of successful cyberattack. For example, The Verizon Data Breach Incident Response 2019 report found that approximately 94% of all malicious code was introduced into systems via email. Threat actors, illegally, benefit from knowledge gained from repeated massive remote operated social engineering operations. Defensive actors can leverage simulation, but unlike the advanced state of computer penetration simulation, human behavior in the face of social engineering is presently not easy to simulate. This means that descriptive and predictive understanding of the human attack surface is vested in threat actors. Defensive forces today operate at a disadvantage, despite the efforts of a rapidly growing market: phishing alone is projected to grow to USD 1,401.6 Million by 2022. This clear and present problem is one Awayr can address through next-generation predictive models of vulnerability in cybersecurity. Specifically, this Phase I will prove out the technical and business feasibility of using NISTÂ’s Phish Scale as the underpinning of Awayr Security. We will 1) validate the Phish scale using a cue-coded phishing email corpus, 2) explore the feasibility of automated cue detection systems, and 3) leverage this understanding toward a 5 year plan.