ABSTRACT
While the culture typically emanates from the top of a company, it can take years for a new leader's ethos to permeate throughout the company without some sort of affirmative actions. International Business Machines Corporation (IBM) was noted for years for its white shirt, black suit, and tie attire. Training non-security personnel can go a long way in breaking down barriers between security and the rest of the organization. Security training, while needed, and in many cases mandated by external requirements, tends to be viewed more as punishment than as a true learning experience. Security training is best approached collectively. Remember, security is not just a problem for the security department but for the organization as a whole. What tends to happen is security professionals get too wrapped up in technical aspects of security. While knowing something about SQL injection and cross-site scripting is important, unless employees understand basic security concepts, this techno jargon will only confuse and alienate them.
