When talking with company leaders about what they are implementing in their organization in terms of cyber awareness training, many are proud to say that they have mandatory 90-minute seminars every year. While it is great that they have recognized cyber awareness training as a cause worthy of allocating many resources for, it is a shame to see those resources allocated towards a training tactic that is so outdated and ineffective.
These "training days" are often very expensive for organizations. Many times, they contract an expert to come in and lecture an audience about the best practices in cybersecurity. While the actual content may be high-quality and valuable, the audience often does not retain the information projected. Content is worthless without retention.