Security team colleague keeps intentionally opening malicious links on his MacBook

Hi all

I have an older colleague on my team who keeps intentionally opening malicious links on his MacBook. He does this so he can “research” the links and know what the intentions of the attackers are. He claims that “phishing and viruses don’t work on Mac”.

How correct is he? Is he just old school, and doing his job well? Or should we consider him a security risk?

I always learned that, if it’s necessary to open a phishing link to research it, to do it on a throwaway VM that you can remove or restore afterwards. To me, this seems the best way to do this. But my colleague claims it’s “not necessary because he has a Mac”.

It’s his own personal MacBook which he is bringing to work, and in the near future we will be implementing NAC so he will be forced to use a Windows anyway. But for the moment his MacBook is connected to the (largely unsegmented) production network.

Just curious how correct you guys think he is.