I am looking for any advice related to Security Awareness activities, training, etc. for a small company that is extremely technical. We are 50+ in total, with half of that in engineering and development roles. The other biggest chunk is Sales and Sales support, who are all generally well tenured sales professionals in technical spaces. We have no customer service type folks, we have no IT department with junior members, we have no administrative types, etc. If I pull out a class on phishing awareness, I will be knifed in a mob. Mostly, I wan to focus it much like CPE's for ISC2, making awareness activities for the year a discussion between each person and their manager. In my mind, that couples professional development with the needs of the business and general awareness. That said, I would also like to have a defined program, for showing to auditors, as well as to have an available venue to build culture through.