Who should deliver your security awareness message?

Effective security awareness depends on establishing credibility with your users. This motivates some small awareness shops to employ a high-prestige speaker to deliver their messages, “borrowing credibility” by leveraging a known logical fallacy for good aims. Unfortunately, this tactic can backfire.

Of all the voices clamouring for our attention in the cyber security world, whose do you give credence to? The CEO of a major technology company? Perhaps a scientist with a track record of peer-reviewed research? Maybe a reformed cybercriminal who decided to go straight?