re: #19 ericblair

Because sitting in a briefing or in front of a computer screen and clicking the correct responses on a multiple choice quiz is different from having it happen to you in real life. Security needs to start doing white hat social engineering to actually train people what to expect: that is, random calls to people trying to get their passwords, phishing emails, and then MOAR TRAINING/possible knuckle-rapping to the suckers who take the bait.

By the way, contractors, military, and civilians get the same training and the same security clearance investigations. There are a bunch of problems with the over-reliance on contractors in the federal government, but clearances and violation rates are red herrings.

Yeah. Cripes, pretty much everyone in Corporate America gets Sexual Harassment training every single year, but there’s still lots of it going on. Many of these training sessions become jokes for the participants.