At a recent CSO50 conference, speakers discussed their security awareness training. Katie Ledoux, senior security analyst at Rapid7, asked about the effectiveness of third parties conducting the training. These programs empower employees to act as an extension of the security team, spotting and reporting threats. In-person training (1:1 or 1:many) simply doesn’t scale. Creating your own training is resource-intensive. Building an in-house security awareness program isnt a one-and-done project. Training will have to be regularly updated to address new and evolving threats.”]
Source: https://www.csoonline.com/article/3198432/does-third-party-security-awareness-training-work.html