"The Need for Softer Skills"

One of the biggest take-aways (and surprises) for me from the 2015 Security Awareness Report is the lack of soft skills in our field. Over 75% of those leading or supporting a security awareness program had very technical backgrounds, to include IT admins, security analysts and even webmasters (page 8). In addition, we found most security awareness programs falling under the IT chain of command. Once you read the report it really makes sense. If an organization is concerned about the security of their employees, where do they go? The security team. And who makes up most security teams? Highly skilled and highly technical wizards that live and breathe bits and bytes.However, awareness is ultimatelyabout changing human behavior, and to do that effectively it comes down to communication. If people do not know what they are supposed to do or why, they will neither be …

Reposted from SANS. View original.