This does not match what you state later, which is in essence claims that all 3,000 people in your company need in depth knowledge of your security policy. That is, plainly, nonsense.

Corporate "Security Awareness Training" has to address the needs of _many_, and not everyone needs that level of detail. In fact very few do, and a small percentage could even understand them. Which could explain your repeated claims of bad experiences.

Jane and John, the new accountants, need to know what Phishing is, not what your encryption policy for tape back up is. You previously complained that for you it was redundant so "stupid" (your words). Stop moving the goal post.

Security awareness training is not a replacement for security. If a Company believes it does, this matches what I stated repeatedly about a broken culture. Not a Security or Training deficiency.

I know plenty that underscore how bad corporate cultures are and can be. Any Corporate level trainer will tell you the same thing. You have to train everyone in the basics. After they have a grasp of basics, reminders and nudges from audits work. A reminder about phishing attacks will be ignored by people that don't know what phishing is or how it works. Reminders to follow the password policy will be ignored by people that don't know the policy.

Finally, as stated previously, there are plenty of people that contribute to poor culture. The guys that talk smack about the training because they know it all are a huge issue. You have to build a culture of security if you want to be secure. That will never happen with a crew of sexual intellects (F'king know it all's) discouraging knowledge sharing and personal growth.

You should really qualify "The Press" in these types of statements. The Press could be ABC, NBC, CBS, BBC, and many more who today claimed an 82 year old man shot a pregnant woman as a headline, when the person was both not pregnant and also committing armed robbery for at least the 2nd time against the same 82 year old man who was beaten as well as robbed. The Press could be the same crew that edited audio to make it look like a guy on neighborhood watch simply claimed to the Police that he was following a Black guy where the full audio shows he is responding to a 9/11 operator asking what race he believes the suspect was. The same media claimed that that guy was White when he's Hispanic, and portrayed the victim in a 7 year old picture to make it appear like the guy shot a little kid instead of a 6'1" nearly legal adult. All to sway public opinion (that one was for numerous purposes). The same media that interrupted a Congresswoman discussing the NSA for "breaking news" that Justin Beiber was arrested, and ensured that a twerk skank received more air time than dialogue about numerous political issues.

The media we normally see and hear IS on the same team as the government, make no mistake.

To some extent I agree that this, but up until 20 years ago we had some real journalism. Nation wide every station lost their "investigative reporters" within the same couple years, and that was the end of any real journalism with any of the 3 letter media outlets.

With rare exceptions today, the only thing that get air time is propaganda.

As stated several times alrady, this is a culture problem with a company. Not an issue of security or training.

Your opinion vocalized will ensure that it is a waste of time. I gave an example of ensuring it's not. Hell, I'm not a security trainer. I provide data to ours, and work extensively securing systems and networks. When we have training I nudge people to listen instead of making it a "waste of time" or a "coffee break" as you claim the training is.

Most people are not experts, and most people don't deal with risks every day. Showing them "hacking" is like magic to an accountant, and it's a pretty effective way of teaching.

Wrong question to ask, followed by more of the same rubbish perpetuating your opinion.

There are numerous ways to get people involved and interested in training. Showing them a hack in progress or playing recorded calls of phishing attacks, let them put their hands on a hacking device or operate a key logger on a demo PC.

Writing policy is not the same as educating people. Two different skill sets. It's interesting that you claim to have so much knowledge yet hate to teach listen to shared knowledge, from a psychological stand point.

I'll hear you whine about depth of security policies after you have built and secured NISPOM/JFAN compliant networks. Knowing the policy is required to set them up, audit them, and maintain them. Once again, you bring up people not following or using policies which is a Culture issue and not a security or training issue.

Because everyone is exposed to and knows as much about security as you do right? Rhetorical question, don't answer it. Your problem with security awareness training is related to your own psychological problems. We all have them, I don't intend that as an insult. I work on mine every day.

I would agree with this if, and only if, the tax is a unilateral tax and not a weapon of control by large corporations. The weaponization of taxes was used in Australia and in the US for purposes other than discouraging the use of fossil fuels.

Kraus is arguing about people preemptively ditching carbon taxes in the US which are written to primarily fund large corporations and punish smaller corporations.

Kraus is also notorious for being a bigot and a pawn for NWO the agenda, so can rot for all I care. He is one of many that perpetuate the "blame religion" mentality instead of fixing issues, while of course he gets paid speaking gigs and TV appearances.

Ahh, so you work at one of those places with horrible culture.

Got it, you are a lively participant in the horrible culture and happy to propagate the culture.

In 30 years of working IT (right after college which was right after the military) I have seen both good and bad. You are in a bad place with a bad culture, period. It usually takes a whole lot of new-hires and terminations to change a culture (depending on the size of the company).

As stated in a previous post, this is all behavioral psychology. When management and IT dismiss security as "stupid" and pee away opportunities to share knowledge that is a problem with management and IT. Of course accountants don't care, you are teaching them not to! Instead of saying "this is stupid, I know this stuff" you could volunteer to help mentor people or simply grunt "yup, saw a guy get hacked by this once" instead of holding negativity.

Actually it's a post ordering thing. It shows _below_ your post after reloading the page, but when I added comments it was showing above your post.

Descartes primary body of work proves how wrong you are. Lacking physical evidence does not imply that something is impossible to prove, just that you can not prove something absolutely without physical evidence.

Given the political history of the person TFA is discussing (Franklin Coverup amongst numerous scandals), I think there is enough to question whether or not he is at a minimum a pedophile worthy of being labelled an "alien reptilian baby eater".

This is not about "Climate Change", it's about "Carbon Tax". Carbon Taxes have been used to stifle innovation and competition, and the players that should be paying the most have been immune to the tax. That's not an issue of a tax as much as issue of corruption. That said, while so many governments are grossly corrupt a "Tax" is not going to be the answer.

As long as people like you believe in a false paradigm blaming religion (or democrat vs. republican), no corrections will be made.

Rubbish! If you are starting from scratch you have to lay the foundation. Jumping right into impersonal communications shows that your security team does not care, therefor the amount of people with genuine concern will never increase.

That we agree on, but you are choosing to ignore all of the precursor psychology which is just as well documented.

It's hard to tell if you were attempting to be condescending with that first sentence. I've been working in IT for 3 decades, so have much more experience than one incident. Going beyond one example is not necessary.

Re-read my last paragraph, I point out that in SV there is a culture issue to overcome. That said, where I work currently the culture is open and honest and is in SV. Corporations can change their culture, if they try to do so.

Going by personal history here, it's easy to mistake a "stupid phisher" for a syndicate. Often they operate the same, and the syndicates do test what they sell to the "stupid phishing" people.

I'm not against what you are doing at all, but pointing out the risk which you overlooked. Definitely not something a novice should attempt.

I would surely hope that is not true. Perhaps there is a segment that doesn't care

Which is fine until your IPs start to get extra attention for fucking with people. Avoiding drug dealers in a big city is not hard once you know what to look for. I'd not recommend that people start driving by and throwing eggs at them, eventually they will get pissed and shoot someone.

Or install ad-block and no-script and don't show her how to disable them

People misusing or abusing a proxy server (or any other service that can be used to increase security) is a totally separate issue. I laugh at anyone claiming it makes things slower too, because you are obviously not using a proxy properly if your internet slows down. Either that or you think a single cache drive is "enough" and skimped on scaling out the service properly.

As I replied above, it's much simpler than that. Proxy logs are used to determine who clicked a bad link.