top | item 45531626

(no title)

agiacalone | 4 months ago

I think the conclusion of this article is slightly flawed. The issue isn't with engagement with the training (although, the typical corporate training material is pretty bad), rather how we go about teaching cybersecurity.

I take a page from Jayson E. Street's DefCon talk from a few years ago with my students: promote "Security Awareness", not Security Training. Get people to think about what is being asked of them and the consequences of said actions. People tend to take "Security Training" as "I need to remember A, B, C, etc." Humans are bad at this sort of thing, typically.

I admit that "Security Awareness" isn't all that easy, but clearly our current approaches leave much to be desired.

discuss

No comments yet.