The Engagement Paradox

By Amy Stokes-Waters | 2 February, 2026

On cyber awareness, and why it keeps failing. In cyber security, we bloody love the word “awareness”. It goes into strategies and programmes. We measure it. We report on it (kind of). We even dedicate a whole bloody month to it, worshipping the idea as if it’s an end state in its own right. And…

Read More

Attention Seeking B*tch

By Amy Stokes-Waters | 29 January, 2026

Why being an attention-seeker makes me better at producing outstanding cyber security training. Let’s get the title out the way first. I’ve been called an attention-seeker most of my adult life. Sometimes it’s affectionate. Sometimes it’s a joke. Sometimes it’s said with the full intent of landing as an insult and staying there. I’ve never…

Read More

Don’t teach me anything.

By Birgitte Skorge-Steen | 2 July, 2025

John Oliver was joking when he barked that line at Edward Snowden. Yet it might as well be every employee staring down another mandatory cyber module. Beneath the comedy is a truth most organisations refuse to face. People do not reject cyber security because they are stupid. They reject it because the learning experience reeks…

Read More

Attention Before Awareness

By Amy Stokes-Waters | 27 January, 2025

The ignition point Attention. That’s the game. That’s the god(dess). And until we start worshipping it, every awareness campaign that we build will collapse under its own dullness. Cyber awareness isn’t failing because employees are careless, stupid, or “the weakest link”. It’s failing because we’re not competing for their attention. Not even trying, half the…

Read More