Most people I know don't enjoy being hit, and they will find other ways to solve their problems - like avoiding the controls in place.
Another problem I have with infosec people dismissing the whole idea of security awareness training programs is that they believe that if anyone should teach someone else about security, it has to be them!
"I am the security expert, after all, I should do the training," I often hear. I disagree.
The fact that you are an expert on the topic does not make you the most fitting person to communicate the message. Consider the fact that your audience is usually not as interested nor as knowledgeable about security as you are. In fact, most of them probably find security to be a nuisance. Most of them will not be familiar with your terminology - they will not understand what you are saying. If they do not understand what you are saying, how do you expect them to learn?
My advice to you is to work with PR/Marketing, HR and other departments that can build a complete training program with supporting materials and messages.
Iím aware that if you have already made up your mind on the topic, it will be difficult for me or anyone to change it. But consider this: If you do not respect the people you work with and are training, how can you expect them to respect you and learn from you?
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.