As a consultant I get to have the pleasure of being onboard to different companies. I think the security training is more comprehensive than it used to be.
Why does this matter? It makes the entire organization safer. Of course some of the information in the presentation was a little dubious at best. Juice jacking for example. While it is good to be aware of it, I haven’t ever heard of a verified case of it. I just did a search for juice jacking example and it didn’t give me any results that showed this has happened. Still don’t use public USB charging ports or any USB port. This may be something that is being done by shadow agencies.
One of the most exciting things about working in security is that there are constantly reasons to upgrade and improve it. It is good job security for sure. I think that with the rise of companies automating things, we all have to find ways to add value and that means doing things that haven’t been done before. So being open minded to what customers want I think is always so valuable.
However with that said, you do need to remind people of best practices and the foundation/guidelines of security protocols. It is interesting isn’t it that the best security is both the security that is known, and the security that isn’t known? People can learn the known things to avoid it, but they can’t learn the unknown surprises that we as IT security people have.
Being a step ahead of criminals is our job in security and its difficult but possible.