>> In your case, @xyzelement, do you see both? I know you see what’s good about the test, but do you also see why it’s a bad test?
I totally see why some people reacted negatively to it, though I think ideally mature people can see that it is a useful test and is trying to teach them something and thus get over it.
My personal value system is that I chose tough love versus coddling because the former breeds stronger and more capable people. It's not for everyone, but for example I want people who run security for my firm to err on the former.
It's a tradeoff. I don't want to work at a place that's more vulnerable because it (rightly or wrongly) assumed that employees aren't mature enough to go through a real exercise. That's just my view.
It sounds like “maturity” and “coddling” etc have a specific meaning in your value system.
If someone else sees the benefit of this test but considers it needlessly harmful/cruel (and disproportionately so for different people) — I wouldn’t guess that “immaturity” is in the top 5 of the reasons why they would think that. So I found that surprising.
LeonB, I appreciate this discourse and let me explain why I see maturity as a factor here.
Let's assume that phishing is a real threat, and testing like this moves the needle on people's vigilance (as it has for me when I failed something like it last year.) Let's also assume that if this was a real phish, there would be really bad emotional and financial consequences. EG: imagine being the one who fell for a real phish and actually caused a huge data leak that ended up in the news and put your company out of business.
Regardless of how we feel about it, the above threats are real. So we can either chose to be "nice" but increase people's vulnerability to real painful consequences , or we can chose to be "tough" because we realize that in the long run it creates greater actual security for everyone. To me that's "tough love" - harsher short term decisions to help everyone in the long run.
It indeed feels adult and mature to take the tough and unpopular decision that aims to address the real risk, and conversely irresponsible to say "we can't deal with the problem because it'll be unpopular and someone may get upset."
There's maturity on the flip side too. When I failed the phishing test, it was a wakeup call. In retrospect I should have caught it but I wasn't careful enough. So I am grateful the company did it because it taught me a valuable lesson that will keep me safer in the future. If my response was instead "those fuckers tricked me" or whatever, it would have been childish, because it ignores that the risk is real and that it's really I who has the power to do better.
I totally see why some people reacted negatively to it, though I think ideally mature people can see that it is a useful test and is trying to teach them something and thus get over it.
My personal value system is that I chose tough love versus coddling because the former breeds stronger and more capable people. It's not for everyone, but for example I want people who run security for my firm to err on the former.
It's a tradeoff. I don't want to work at a place that's more vulnerable because it (rightly or wrongly) assumed that employees aren't mature enough to go through a real exercise. That's just my view.