Summer Reading List for Training and Awareness Program Managers: Part 2

Some other book nerds at MediaPRO join in for Part 2 of our series and discuss three more books training and awareness managers should dive into.

I’m not the only one doing some summer reading here at MediaPRO, nor the only one bringing something back to the way we build security- and privacy-aware cultures.

I’ve got two guest authors for this second and final installment of our Summer Reading List for Training and Awareness Program Managers (check out Part 1 here):

  • Mike Wenberg, our Creative Director, who is an accomplished author in his own right, having written a string of successful young adult books and a cool World War II era thriller: The Last Eagle.
  • Brian Hansford, our Director of Marketing Demand Generation, who works hard to get page views and clicks for others, but clearly has some opinions of his own.

The Power of Habit: Why We Do What We Do in Life and Business - Charles Duhigg

Review by Mike Wenberg

Read It for Pleasure

If B. J. Fogg’s book Tiny Habits (covered in Part 1 of this series) whet your appetite on habits, you might want to pick up Charles Duhigg’s book on the subject.

You may recognize Duhigg from his previous book, Smarter Faster Better, his articles in The Atlantic, The New York Times Magazine, and The New Yorker, or his time as a reporter at The New York Times, where he won a Pulitzer Prize for explanatory reporting.

Like everyone, I have my share of what I consider “bad” habits. Some, I’m more than happy to live with, but others I’d love to change. That’s where I thought Duhigg’s book might help.

As it turned out, I got more than just a sip on the subject, but a deep dive into the science behind habits, why they’re important, and why they’re so difficult to change. As an added bonus, he also covered cravings and his explanation of will power as a muscle that can get overworked helped me rationalize why I can’t resist that second plate of my wife’s spaghetti.

Use It at Work

The idea that habits often sit in the driver’s seat of human behavior is not a new one.

American philosopher William James (1842-1910) observed: “All our life so far as it has definite form, is but a mass of habits–practical, emotional, and intellectual–systematically organised for our weal or woe, and bearing us irresistibly toward our destiny, whatever the latter may be.”

What makes Duhigg’s book a compelling read (in addition to his polished storytelling skills) for anyone trying to influence cybersecurity behavior is his broad number of sources, and the examples he uses to demonstrate that whether we’re aware of them or not, habits dictate how we and others act and react in most of the situations around us, including cybersecurity.

For instance, watch any 3-year-old with a tablet, or any 40-year-old playing a video game, and you’ll see how ingrained a behavior like clicking without thinking has become. Clicks are rewarded.

‘Vegas knows it.

Game makers know it.

Hackers know it.

Identifying “bad” habits practiced by everyone that scammers and hackers leverage, and then developing strategies for replacing them with “good” habits based on advice from Duhigg, Fogg, and other experts, can be a way to get more bang for our buck with our awareness programs.

Countdown 1945: The Extraordinary Story of The Atomic Bomb And the 116 Days That Changed the World - Chris Wallace

Review by Brian Hansford

Read It for Pleasure

I’ve enjoyed reading books on World War II history my entire life. That era provides endless lessons on everything from diplomacy, leadership, selfless bravery, business, communities, military campaigns, terrible suffering, and the power of the human spirit.

Countdown 1945 provides a unique glimpse into how the U.S. mobilized to bring an end to the war. The book offers many different perspectives, with quotes ranging from notable figures like Harry Truman and Robert Oppenheimer to relative unknowns like Hiroshima survivor Hideko Tamura.

The book is also well researched, with 14 pages of indexed footnotes. Don’t let that intimidate you, though. It’s a fascinating and easy read.

Wallace objectively shares how many involved in the Manhattan Project struggled with the decision to develop and use atomic weapons. Today, we have the luxury of perfect hindsight.

It’s important to appreciate how difficult the decisions were to end a war with a devastating weapon. The military at the time estimated losing at least 500,000 Americans with an invasion of Japan. The atomic bomb was viewed as the best option from terrible choices. I respect the lessons we can learn from this event and how we cannot rewrite or revise what happened.

I am inspired by how many people were part of the project all over the country. Most didn’t know what they were specifically working on. In fact, the bombing crew didn’t know their mission almost until the first bomb run.

Building the atomic bombs was a massive effort that required detailed planning and logistics, phenomenal levels of secrecy, and a huge group of people focused on a single mission. And these people did so without the Internet, email, laptop computers, and jet turbine airplanes. Extraordinary.

Use It at Work

Countdown 1945 shows how powerful organizations and countries are when they have strong aligned leadership and a team solidly unified to accomplish an objective.

In just a few years, cities were built to house the workers and their families, as well as massive hydroelectric dams. Everyone knew they had to keep strict secrecy even if they didn’t know anything about the exact outcome.

The policies were clear. Work hard for victory and keep your mouth shut.

Security and privacy leaders can take many lessons from the events described in Countdown 1945. Success requires strong leadership that clearly communicates expectations for each team. Billboards famously lined the roads around Los Alamos on the importance of keeping secrets and not sharing details with unknown strangers. Sounds like an awareness campaign, doesn’t it?

Another powerful work lesson is understanding strategic decisions and making sure there are plenty of resources for success. Good and bad decisions can seep into the cultural DNA of any organization.

Ultimately, leaders must make the best decisions they can that will protect their organization and their customers and stakeholders. This is the same when companies today try to create cultures of privacy and security awareness. A half-baked approach will produce half-baked results, which puts people at risk. Go all-in or don’t go at all.

One way to appreciate the lessons of this book is to ask yourself, what decisions would you have made? Why? How would you have mobilized your organization for success? How would you communicate with your superiors and motivate your team for success?

The World Beyond Your Head: On Becoming an Individual in the Age of Distraction - Matthew Crawford

Review by Mike Wenberg

Read It for Pleasure

Every once in a while, I tackle a book I can’t consume all in one sitting.

A book I need to read a few pages at time, with the intervals in between pondering what I’ve just read. They’re humbling, books like these, good reminders that I’m not as smart as I sometimes think I am.

Matthew Crawford’s book, The World Beyond Your Head, is one of them.

Crawford is an interesting dude: he’s both hands-on-a-wrench gearhead and political philosopher, and this mix informs his essays and articles and his other books, including Shopclass As Soulcraft (which I also recommend) and his latest book, Why We Drive: Toward a Philosophy of the Open Road. Crawford has a Ph.D. in political philosophy from the University of Chicago, and he’s currently a senior fellow at the University of Virginia’s Institute for Advanced Studies in Culture.

I’m a big fan.

I read The World Beyond Your Head for the first time a few years ago while I was building a type of light rowboat called a wherry in my garage. The book took a couple of weeks to get through; my boat building took 18 months.

On weekends, I’d read a few pages in the morning, and then spend a few hours sanding my boat, or applying epoxy or varnish, all the while thinking about what I’d just read. From time to time, I’d even continue thinking about it after I was done sanding, sitting on the porch sipping a bottle of Black Butte Porter as my reward for all that sanding.

As a father of three children, I was looking for ways to help them deal with the challenge summarized nicely by Crawford’s subtitle: “on becoming an individual in the age of distraction.” Crawford’s book has helped me put the challenges we all face from the intrusions beyond our head in a broader historical and cultural perspective. And that, in turn, has helped me counsel my kids more effectively when they ask, “Dad, what do you think I should do?”

This is not an easy book, but it’s a good book, a useful book, and if you’re looking for help in defining and then living out a meaningful life, I’d suggest you pick up a copy.

Building a boat helps, too.

Use It at Work

So why would a cybersecurity or privacy professional want to read this book?

That’s easy. It’s an information jungle out there. As Crawford points out, everything that makes up that jungle is screaming for our attention.

The slow-moving train wreck that is COVID-19 has just increased distractions and further complicated our jobs, making it even harder to grab the attention of the people who need to learn about cybersecurity and privacy.

Information overload is real, and is only made worse by non-work stressors and anxieties competing for attention.

So, what do we do?

Try to approach training and awareness one topic at a time. Not every newsletter supporting your training and awareness initiative needs to touch on every threat every time. You’ll lose your audience. People will stop reading and move on.

Instead, try a laser-focus on one topic for each communication. What is the biggest risk you’re trying to affect? And how can you measure it?

If it’s password manager adoption, focus on just that until you start to see the needle move. Do more of what’s working and less of what’s not to get results. If you focus, you just might find that your employees do, too.

So, if you’re up to tackling a book with a little meat on the bones while you sit by the pool sipping a gin and tonic (or your beverage of choice), I’d recommend anything by Matthew Crawford, but particularly The World Beyond Your Head.

Ready for Autumn?

We hope that the books we’ve covered in our Summer Reading series will give you something to chew on as you get ready for the inevitable return to seriousness that characterizes the end of summer.

Happy reading!


Like What You Read?

Check out more content from Tom Pendergast on his blog Confessions of an Awareness Nerd.

Explore the Blog

Share this Post