Over 80% of security awareness professionals have a background in either information security or information technology, according to SANS's 2016 Security Awareness Report. Less than 15% have a background in soft skills such as training, marketing, or communications. The technical part of awareness comes naturally, not so much the softer side of behavior change.
It's one reason there is an uphill battle when it comes to building comprehensive awareness programs. Because cybersecurity professionals, including awareness leaders, are heavily steeped in technical skills, they understand what behaviors need to be changed but fall short in how they attempt to change those behaviors.
In a previous post, I described the "what" of a good security awareness program — what you should focus on and what makes a...(continued)