Let's be clear - without boxes to check they would be 100% focused on delivering value to customers. But...I think they are genuinely interested in developing their workforce's skills for risk reduction and predictability - but then quickly become disengaged once they see what is out there for "security awareness". Current content seems to be targeted to someone who has never used a computer before.
CISO: You need security awareness training!
CEO: great!
CISO: go to this content full of cute videos or tropes and generic hand waving
CEO: do you think I'm a 5 year old moron?
KUBERNETES DEVOPS: iptables -A INPUT -s $cisoIpAddress -j DROP
CISO: box checked!
------------------------------
Robert Ficcaglia
CTO
SunStone Secure, LLC
------------------------------
Original Message:
Sent: Jul 27, 2021 02:49:02 PM
From: Alexander Oddo
Subject: Employee Centric Security Awareness & Training
Do you think companies actually care about educating their employees around Security Awareness or do think they do it to check off the compliance requirement?
------------------------------
Alexander Oddo
Sr. Account Executive
Hoxhunt
------------------------------