I just finished the excellent book Switch: How to Change Things When Change is Hard by Chip and Dan Heath. Similar to John Kotter's book Leading Change this book is ultimately about changing behavior. While Kotter's book is strategic and focuses on change in large organizations, Switch is more tactical and at the individual or small group level. Switch is very easy to read, backed by amazing research, references and funny stories. I highly recommend this book for any security awareness officer. Some key take aways.
1. The book breaks down changing behavior into three elements. A. Direct the Rider (peoples' rational side) B. Motivate the Elephant (peoples' emotional side) C. Shape the Path (create the environment and steps for change). In many ways I found this approach similar to Dr. Fogg's Behavior Model, the Rider and Elephant represent Fogg's Motivation and the Path can be linked to Fogg's Ability. You can learn more about Dr. Fogg's Behavior Model at www.behaviormodel.org.
2. One of the key things I took from both Leading Change and Switch is there has to be an emotional connection. Facts and figures alone will not drive change, there has to be an emotional drive (Motivate the Elephant), a vision, a clear destination of where you are going and why.
3. Switch, just like Leading Change, also emphasized the need for quick wins to build momentum and achieve longer term goals. Once again, we see that we need to change behaviors (and see the successes of those behaviors) before we can change culture.
4. One of the things I loved about Switch is their focus on cloning success. Don't focus on failure. Instead find how others are doing things right and see if you can copy/paste that into your own situation.
What I especially appreciated about the book is at the end the authors identify 12 common problems that people encounter when attempting to create change. They then provide advice (based on different parts of the book) on how to overcome these problems. Switch finishes with a variety of additional suggested books for follow-on reading, which I have already added to my list. The more and more I read books such as Influence, Switch and Leading Change, the more I feel that we in the security awareness space are failing on the human side. I feel we are focusing too much on what people should be doing, and not focusing enough on how to guide and motivate people to that destination (or even defining it).