The Awareness Pseudoscience

Moving from benchmarking to baselining.


By Eh’den Biber


Trying to figure out the level of awareness to information security within an organisation is a taunting task. Throughout the years I’ve seen multiple attempts to deliver effective metrics and frankly – most of them sucked, big time, including the ones I came up with. Retrospectively I can humbly say – especially the ones I’ve chosen.

The difficulty arises from the simple fact that most of the information security professionals who are assigned to deliver such task have no clue what awareness is. We (humans) think we know what awareness is, but since our experience is subjective we don’t have a clue what it actually means. Awareness, or the nature of consciousness which is aware of itself is beyond the scope of this article. I’ve written a series of articles about it (the desolation of awareness) and I invite you to read them, rather than repeat segments of it.

Continue reading

The Desolation of Awareness – 4 – Buddha Was a Hacker

By Eh’den (Uri) Biber


The root of all problems, Baron Münchhausen, why “no” fails, and why Buddha was a hacker.



Please, don’t continue reading. Unless you’re willing to give up everything you thought is true about information security awareness I gently ask you to stop. If the only thing you’re interested in is how to distribute an awareness material to the employees in the organisation you belong to this series is not for you. If you think that you can make people aware of anything by explaining it to them this series is not for you. If you believe that computer based training can make anyone aware, please stop, this series is definitely not for you.

Continue reading

The Desolation of Awareness – 2 – Making Sense

By Eh’den (Uri) Biber


Welcome back. Is there an information security sense like there is a sense of smell? Can we evaluate it? Why our normal definition of information security prevents us from reaching awareness? In case you missed the first article, please start there before continuing.

In this article we will look at our senses. After all the definition of awareness is all about being able to notice, and we notice via our senses.

Continue reading

The Desolation of Awareness – 1 – The Art of Noticing

By Eh’den (Uri) Biber

Why am I writing this series, and why awareness is not as straightforward as most of us perceive it to be.



Awareness is a wonderful buzz word. From a very young age we are being expected to “be aware” of what’s going on and to be able to react accordingly, even though most of the people who are trying to make us “aware” have no clue what true awareness is. Blind to the beauty of true awareness we convince ourselves that we might not understand reality but at least we are aware of it, yet  nothing could be further from the truth.

Fast forwarding to “information security”, which is a domain in awareness that includes technology. There have been many discussions in our community about this topic: some people claim that information security awareness training is a waste of money and others claim it is a crucial element in making organisations secure. Continue reading