One thing I'm quickly realizing about the security awareness community, including myself, is just how much we are lacking in soft skills. While most of us understand human risk and the behaviors we need to change, where we fail is HOW to change those behaviors, especially on a large scale.
We as a community need to get better at concepts such as behavior modeling, learning theory, communications, and change management/leadership. But to do this, we ourselves need to learn and grow. This can be especially hard for those of us who are used to being the 'expert' in our security field. That is why I read Mindset: The New Psychology of Success" by Dr. Carol Dweck. Dr. Dweck is a psychologist specializing in motivation and development. Her book explains the concept of how people have 'fixed mindsets" vs "growth mindsets". Fixed mindsets believe that you are born with a specific ability, such as in sports, arts or have a certain level of intelligence. Growth mindsets believe you can develop your ability in almost any area based on hard work, a willingness to make mistakes, and learn from those mistakes. By leveraging the growth mindset, you can expand yourself more then you thought possible. Overall I found the book to be very helpful.
As I read the book I could see I have both types of mindsets and need to develop my 'growth mindset'. As a bonus I also learned several new approaches on how to help children grow and develop. However I also found the book to be a bit repetitive. It seems the book is 90% examples of how this approach benefited others, and 10% of how to apply it to yourself. As such, don't feel guilty if you find yourself skipping a chapter or two to get to the meat at the end.
