OUCH!  April 2016 I'm Hacked, Now What?

One of the best things I love about teaching SANS MGT433 around the world is I get to learn what are the most common challenges security awareness professionals face on a global level.  A common challenge I'm seeing pop-up in the last 6-12 months is middle management.  A lot of you are reporting you are getting the support you need for your security awareness program from senior leadership and employees, but the biggest blockers are middle managers.  I just read a great article linked from the Kotter International feed on just this problem. Side Note, if you are a John Kotter  / Leading Change fan, I highly recommend following the @KotterIntl twitter feed.

It appears security awareness professionals are not the only ones faced with this problem, it is common in many change management programs, in this case study a Diversity & Inclusion awareness program.  They do a great job of explaining the middle management problem and steps they took to address it.  In the article they described how they treated middle managers as a special target group, explaining the value of the program in middle management terms and show casing middle management success stories.

I found the article helpful for two reasons.  First, it helped me understand that the middle management challenge is not a 'security' challenge but a 'change' challenge.  Second, I like the idea of treating middle managers as a unique target group, something we cover in the WHO planning part in the MGT433 course.  Nothing earth shattering, but something I wanted to share and see if others have had success with this approach.