Effective and Realistic Security Training?

dafyre

@scottalanmiller If the company doesn't care, would we be doing security training to start with?

Dashrender

@scottalanmiller said:

@dafyre said:

Even if 1 person learns something, we've don our job.

If the company doesn't care, what makes this our job? I think the core thing here is not feeling that things are our jobs that the company has not made our jobs. It's less of an issue that a company doesn't prioritize this, but that we often prioritize it on our own.

How many times have you (well Scott would never stand for this, so he's exempt from this question) have you (IT folks) been blamed for a problem like this..

scottalanmiller

@dafyre said:

@scottalanmiller If the company doesn't care, would we be doing security training to start with?

That's my point.

dafyre

I've been lucky and not been blamed for it... but I have gotten to tell several people "I told you so" over the course of the years.

scottalanmiller

@Dashrender said:

How many times have you (well Scott would never stand for this, so he's exempt from this question) have you (IT folks) been blamed for a problem like this..

Scott's answer is: don't take anyone's s&1t

Dashrender

@scottalanmiller said:

@Dashrender said:

How many times have you (well Scott would never stand for this, so he's exempt from this question) have you (IT folks) been blamed for a problem like this..

Scott's answer is: don't take anyone's s&1t

That generally means either quiting or being fired.

dafyre

@Dashrender Or simply standing your ground when you know you are right. If it comes to being fired, then so be it.

But I agree.

scottalanmiller

@Dashrender said:

@scottalanmiller said:

@Dashrender said:

How many times have you (well Scott would never stand for this, so he's exempt from this question) have you (IT folks) been blamed for a problem like this..

Scott's answer is: don't take anyone's s&1t

That generally means either quiting or being fired.

Not in my case. It just means knowing who is at fault, why and holding people accountable.

stus

Fascinating discussion. And yes, we provide an integrated platform for simulating phishing attacks and security awareness training. Cost: avg 10 bucks per user per year. www.KnowBe4.com

Warm regards, Stu

scottalanmiller

@stus Thanks for popping in!