ABSTRACT
Organizational cyber security is an evolving field that needs to constantly adapt to meet the demands of the latest threats. This means that cyber security personnel must be continually developing their knowledge, skills, and abilities to meet this challenge. One cyber security instructor claimed that his students needed to be like MacGyver—able to solve any problem with whatever resource is available. He also claimed that these students needed to be a combination of Jesus and Einstein—archetypes of both virtue and intelligence. Although these are evocative descriptions, the reality is that organizations need to be able to hire and train normal people with human capabilities and virtues to work to achieve their cyber security goals. In fact, all organization members have some role to play in the cyber security posture of an organization; in effect, all employees can be considered cyber security personnel. However, most employees need to spend most of their time on tasks other than cyber security. These employees need to be trained to fulfill their cyber security roles as well as their primary work roles if the organization hopes to be successful while maintaining a strong cyber security posture.
