Salt brightens food flavors and balances tastes such as sweetness, acidity, and bitterness. And like water, it is a necessity for life. However, if you went to a restaurant and they brought out your meal with a huge pile of salt on the side, it wouldn't be a great experience; especially if you had to eat all the salt at once. The salt would be unpleasant in and of itself leaving the actual meal bland and unappetising. Delicious food has the right amount of salt, added at the appropriate time, enhancing the meal, not overwhelming it.
Security awareness training is like salt. Like every dish, every organisation needs it. Often we ask our colleagues to take security awareness training once each year - a big old mouthful of salt - and then act surprised when people continue to make mistakes, dislike security, and do not develop a learning mindset. Alternately, we consider it a side activity that people can dip in to and out of along side their 'real' job, which means they're never likely to prioritise it. On the other hand, a strong security culture has security awareness sprinkled throughout the business in an ongoing manner so that every employee from the C-suite to the janitors enhance the security culture and best practices of the organization.
How and where do we add just the right amount of 'salt', to make sure our organisation and our colleagues are as safe as they can be?