Awareness activities in a highly technical company
I am looking for any advice related to Security Awareness activities, training, etc. for a small company that is extremely technical. We are 50+ in total, with half of that in engineering and development roles. The other biggest chunk is Sales and Sales support, who are all generally well tenured sales professionals in technical spaces. We have no customer service type folks, we have no IT department with junior members, we have no administrative types, etc. If I pull out a class on phishing awareness, I will be knifed in a mob. Mostly, I wan to focus it much like CPE's for ISC2, making awareness activities for the year a discussion between each person and their manager. In my mind, that couples professional development with the needs of the business and general awareness. That said, I would also like to have a defined program, for showing to auditors, as well as to have an available venue to build culture through.
The easiest way to sell a phishing awareness program to identify that phishing could effect their own pocketbooks. It's unfortunate, but *some* employees they could care less if their employer loses a significant amount of money, but if that same employee was to lose a single dollar, they would go stark raving mad.