Security awareness training should change behavior, not just generate metrics.
Wil Klu talks with Robert Siciliano (30+ years in security awareness training) about human-centric cybersecurity and why most employee training fails to create real security culture. They unpack trust psychology, fear and denial, and why phishing simulation training can’t carry the whole program. If your people “do the training” but still don’t care, this is a blueprint for making security personal and practical.
Key takeaways:
Why “lecture-style” security awareness gets tuned out
How trust-by-default makes people vulnerable to scams
The missing layer: digital literacy (passwords, MFA, password managers)
How live, dialogue-based training drives behavior change
Moving from awareness to security appreciation
Follow the show, share this episode with your CISO or HR lead, and leave a review if it helped.
More resources at www.wilklu.me
Find Robert www.protectnowllc.com
