https://community.isc2.org/t5/Tech-Talk/Awareness-activities-in-a-highly-technical-company/m-p/31350#M2078 <P>I am looking for any advice related to Security Awareness activities, training, etc. for a small company that is extremely technical.&nbsp; We are 50+ in total, with half of that in engineering and development roles.&nbsp; The other biggest chunk is Sales and Sales support, who are all generally well tenured sales professionals in technical spaces.&nbsp; We have no customer service type folks, we have no IT department with junior members, we have no administrative types, etc.&nbsp; If I pull out a class on phishing awareness, I will be knifed in a mob.&nbsp; Mostly, I wan to focus it much like CPE's for ISC2, making awareness activities for the year a discussion between each person and their manager.&nbsp; In my mind, that couples professional development with the needs of the business and general awareness.&nbsp; That said, I would also like to have a defined program, for showing to auditors, as well as to have an available venue to build culture through.</P> Tue, 07 Jan 2020 20:38:09 GMT mgorman 2020-01-07T20:38:09Z https://community.isc2.org/t5/Tech-Talk/Awareness-activities-in-a-highly-technical-company/m-p/31350#M2078 <P>I am looking for any advice related to Security Awareness activities, training, etc. for a small company that is extremely technical.&nbsp; We are 50+ in total, with half of that in engineering and development roles.&nbsp; The other biggest chunk is Sales and Sales support, who are all generally well tenured sales professionals in technical spaces.&nbsp; We have no customer service type folks, we have no IT department with junior members, we have no administrative types, etc.&nbsp; If I pull out a class on phishing awareness, I will be knifed in a mob.&nbsp; Mostly, I wan to focus it much like CPE's for ISC2, making awareness activities for the year a discussion between each person and their manager.&nbsp; In my mind, that couples professional development with the needs of the business and general awareness.&nbsp; That said, I would also like to have a defined program, for showing to auditors, as well as to have an available venue to build culture through.</P> Tue, 07 Jan 2020 20:38:09 GMT https://community.isc2.org/t5/Tech-Talk/Awareness-activities-in-a-highly-technical-company/m-p/31350#M2078 mgorman 2020-01-07T20:38:09Z https://community.isc2.org/t5/Tech-Talk/Awareness-activities-in-a-highly-technical-company/m-p/31355#M2079 The easiest way to sell a phishing awareness program to identify that phishing could effect their own pocketbooks. It's unfortunate, but *some* employees they could care less if their employer loses a significant amount of money, but if that same employee was to lose a single dollar, they would go stark raving mad. Tue, 07 Jan 2020 20:50:04 GMT https://community.isc2.org/t5/Tech-Talk/Awareness-activities-in-a-highly-technical-company/m-p/31355#M2079 Fenix 2020-01-07T20:50:04Z