Awareness campaigns? Or should we just train them?
Security awareness campaigns may be important, it's true, but I wonder if the real value of these initiatives is significant. Is it really? The dissemination of good practices and manuals with configurations are really effective? Or, as an alternative or complement, it would be better to train people directly? Are we wasting time? Should we raise the effort one degree and do a hands-on thing? What's your opinion?