Make sure that security training is periodic so people don’t forget to use that knowledge in day to day operations. Try to keep audience entertained by your show so they don’t perceive it as just one more mandatory boring corporate training aka necessary evil. Put in the work to ensure people are aware of your intentions and understand they WHY behind your training and WHY they should obey.
Meet with those people in person to show your human side and to give yourself a chance to create relationships with those people because we all know that as an empathetic creatures we tend to like more people we’ve met in person and we’d rather listen to someone we know and like.
It’s a good idea to show them the personal gains they get by learning what you’re trying to teach them, because some people care more about privacy of their Facebook chats than about safety of a corporation they work for.
Last but not least – always keep adjusting. Security programme is something that you must work on all the time and carefully customize to your organisation’s – or sometimes even individual’s – needs. One of the biggest mistakes I’ve seen was security experts settling on a security programme for their organisation and not adjusting it to the growth of that company making the security programme not only useless but very often costly workflows bottleneck.
All people are different, so if you prepare your security trainings like everyone is the same then you’re going for a huge disaster.
All goodness delivered by Dawid Bałut Security Podcast.