Research
Literature reviews and research reports
The Buy-in Problem
Why privacy and security awareness programmes rarely fail because of the e-learning, but because of a lack of management involvement, and how to get management on board after all.
Measuring what counts
Why awareness programmes mostly report participation instead of knowledge, behaviour and risk reduction, how the research says you should measure it, and what logical place engaging formats such as games and escape rooms deserve.
The difference between security awareness and privacy awareness
Science breaks security awareness down into knowledge, attitude and behaviour, and privacy awareness into perceiving, understanding and applying. That very difference explains why security calls for behaviour change and privacy for the application of knowledge, and why a single training format falls short for both subjects.
The Vulnerable First Months
Why the first months of employment are a vulnerable period, across the full breadth of security awareness, and what science says about the timing and form of the first training.
The Attention Problem
Why phishing simulations alone do not make employees better at recognizing phishing, and which approach is actually supported by research.