Comment Re:well (Score 1) 128
And I already stated in my first reply that IMHO your success has little to do with the training and a lot to do with the continuous follow-ups you do. Also with an environment that is not business-focussed.
This does not match what you state later, which is in essence claims that all 3,000 people in your company need in depth knowledge of your security policy. That is, plainly, nonsense.
Corporate "Security Awareness Training" has to address the needs of _many_, and not everyone needs that level of detail. In fact very few do, and a small percentage could even understand them. Which could explain your repeated claims of bad experiences.
Jane and John, the new accountants, need to know what Phishing is, not what your encryption policy for tape back up is. You previously complained that for you it was redundant so "stupid" (your words). Stop moving the goal post.
What I mean is that we replace actual security with trainings and think it's a solution.
Security awareness training is not a replacement for security. If a Company believes it does, this matches what I stated repeatedly about a broken culture. Not a Security or Training deficiency.
Sure I have my own view and experiences and my attitude is the result of what I've seen and what I think about it. Also the result of knowing a lot of people in the IT consulting business privately, where they tell you what they really think.
I know plenty that underscore how bad corporate cultures are and can be. Any Corporate level trainer will tell you the same thing. You have to train everyone in the basics. After they have a grasp of basics, reminders and nudges from audits work. A reminder about phishing attacks will be ignored by people that don't know what phishing is or how it works. Reminders to follow the password policy will be ignored by people that don't know the policy.
Finally, as stated previously, there are plenty of people that contribute to poor culture. The guys that talk smack about the training because they know it all are a huge issue. You have to build a culture of security if you want to be secure. That will never happen with a crew of sexual intellects (F'king know it all's) discouraging knowledge sharing and personal growth.