The more I work with the security community on the human element, the more I realize we face what is called the "Curse of Knowledge". The idea behind this theory is that the more you know about a subject, the more difficult it is for you to understand how others perceive it. I first learned about this theory in the amazing book "Made to Stick". If you think about it, the theory makes sense. We in the security community live and breathe security, for us its only natural to change our daily behaviors to reduce risk. What we forget is that for the rest of the world, security is neither their passion nor is it easy for them (believe it or not, most people do not dream about two-step verification). As a result, what we perceive as both obvious and easy is actually hard for others.
This is a big part of why so many security professionals perceive the very people they are supposed to help as 'stupid' or 'lazy' when in reality these people are both smart and hard working, they are simply not engaged and/or confused by our world. Instead of looking down on others for failing to be secure, we need to take a step back and look at the world from their eyes, think back to the days when we knew nothing about our field. Even better, spend a day with the very people we are supposed to secure and learn their world, what are their priorities, attitudes and beliefs. In fact, I'm beginning to think that some of the best security awareness officers or security communications officers are those who do not have a strong security background, as such they can better relate to the very people whom we are trying to secure. The next time you try securing people in your organization, try to view the world from their eyes.