Thanks Erich. This is great advice. In academia the biggest issue we have is a complete abdication of responsibility. The security training we have to complete is just so that the institute can say we are 'compliment' when a breach occurs. None of it is actually contextual or teaches anything of merit at all. 😢
Thanks Erich. This is great advice. In academia the biggest issue we have is a complete abdication of responsibility. The security training we have to complete is just so that the institute can say we are 'compliment' when a breach occurs. None of it is actually contextual or teaches anything of merit at all. 😢
This resonates a lot.
I’ve seen the same pattern outside academia as well.
Training becomes a legal shield, not a learning tool.
Once it’s completed, responsibility quietly dissolves until an incident forces it back into focus.
Compliance answers whether something was done.
Context answers whether it made sense.
And most organizations stop at the first question.