Ticks are rapidly infesting the contents listing as the Insecurity of Things awareness module falls into place.
I've just updated the ICQ (Internal Controls Questionnaire - an audit-style checklist supporting a review of the organization's IoT security arrangements) that we wrote way back in August 2015 - eons ago in Internet time. On top of the issues raised then, we've come up with a few more (e.g. ownership of things plus the associated information risks and the health and safety implications in some cases).
Updating the ICQ took about half an hour, whereas writing it from scratch in the first place must have taken several hours plus the research and prep time, neatly illustrating the value of NoticeBored. Customers are
welcome actively encouraged to customize the materials to suit their circumstances and awareness needs, saving them many hours of time in the process - hopefully freeing them up to work on the awareness activities, such as delivering seminars, interacting face-to-face with their colleagues, explaining and expanding on the content in the specific context of their organizations.
It's a similar story with the FAQ. Using the 2015 version as a starting point, updating it for 2017 was straightforward, for instance replacing a paragraph on an early IoT security incident with a recent example. Job done in about 20 minutes ... and on to the next item on the virtual conveyor belt.
It doesn't work for everything though. I usually start the seminar slide decks from scratch, building up the story of the day. If I'm lucky, I might be able to re-use a few of the original slides, or at least the graphics and notes. Also, newly introduced types/formats of awareness material (such as the word clouds and puzzles) need to be prepared afresh.
Sometimes we re-scope a module, focusing on different angles or blending topics and further complicating matters for ourselves. On the upside, I'm easily bored so new challenges are invigorating, within reason anyway. The month-end delivery deadline can be a millstone.