It’s human nature to believe that the skills we don’t possess must be intuitively easy to master. That overconfidence can lead to disaster when deploying complicated new processes, tools, or technologies. Remember to train the core concepts that new solutions depend on before expecting your users to implement them safely.
Technologists in general – and us security practitioners in particular – have a bad habit of assuming that everyone has some intuitive understanding of how core computer and network technologies work. That’s a dangerous assumption. Mere exposure to tools doesn’t explain how or why they function. We need to factor crucial education delivery into our deployment and sustainment plans if we expect our users to have more than minimum passing proficiency with the tools that we require them to use.