Did anyone say that depends? I concentrate on building and delivering role-based training ans awareness programs because there is no one size that fits all. Sure everyone needs email training to stop phishing, but consider supplemental awareness training for network admins, application admins, and developers. If your organization is DevOps oriented then there are even more opportunities to align training to the pipeline.