What do you think this is?

As I continuously try to learn more about, almost everything, I decided to take an Online Degree in Blockchain offered by Blockchain council. Although the delivery method could be better, and the structure of the training could be simplified, overall it was a positive experience, which helped me understand better basic and advanced Blockchain concepts, as well as some of the crypto currencies.

I appreciate training and am always eager to learn something new, but I have yet to settle on a preferred form of instruction. However, there is one that I find particularly challenging, and since I've recently been considering the possibility that the effectiveness of the security training and awareness we provide may vary depending on the mode of delivery, I thought I would write down my thoughts. Here are my personal choices.

Some years ago, during a (quite extended) phishing avalanche in the company I was at the time, the (then) CIO said: Let's fire every user that falls for a phishing mail! That will solve the problem for good. I considered it a joke, and I replied pretty much with a rhyme: Let's train them before we blame them and I didn't give it a second throught. We went on to deploy some training modules, but never really implemented the technical controls on the mail server; an activity that if had been implemented, several of those phishing mails would never have entered the company. I think that this is not strictly a user failure and I'm inclined to blame the IT deparment more than the user.

In September 2018 (ISC)2 announced a Free GDPR course for members. What started as a single free course was very recently rebranded as the Professional Development Institute. The plans are for up to 30 (!!) new courses in 2019.