And something that’s really important - eg with phishing - is that users are our best defence - we need to encourage users to help, rather than acting like they’re obstacles.
Imagine a security team of thousands of users, all of whom have the tools to engage rather than being frustrated?