{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,17]],"date-time":"2026-06-17T00:46:11Z","timestamp":1781657171618,"version":"3.54.5"},"publisher-location":"New York, NY, USA","reference-count":72,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,10,16]],"date-time":"2023-10-16T00:00:00Z","timestamp":1697414400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"SecHuman - Security for Humans in Cyberspace"},{"name":"CASA","award":["390781972"],"award-info":[{"award-number":["390781972"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,10,16]]},"DOI":"10.1145\/3617072.3617099","type":"proceedings-article","created":{"date-parts":[[2023,10,13]],"date-time":"2023-10-13T17:47:04Z","timestamp":1697219224000},"page":"237-252","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":8,"title":["Caring Not Scaring - An Evaluation of a Workshop to Train Apprentices as Security Champions"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1016-5672","authenticated-orcid":false,"given":"Uta","family":"Menges","sequence":"first","affiliation":[{"name":"Ruhr University Bochum, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5159-3868","authenticated-orcid":false,"given":"Jonas","family":"Hielscher","sequence":"additional","affiliation":[{"name":"Ruhr University Bochum, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4661-2638","authenticated-orcid":false,"given":"Laura","family":"Kocksch","sequence":"additional","affiliation":[{"name":"Aalborg University, Denmark"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8123-0427","authenticated-orcid":false,"given":"Annette","family":"Kluge","sequence":"additional","affiliation":[{"name":"Ruhr University Bochum, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1823-5505","authenticated-orcid":false,"given":"M. Angela","family":"Sasse","sequence":"additional","affiliation":[{"name":"Ruhr University Bochum, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2023,10,16]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Hege Aalvik. 2022. Towards an Effective Security Champions Program. Master\u2019s thesis. NTNU."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/322796.322806"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00779-021-01551-2"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2016.57"},{"key":"e_1_3_2_1_5_1","volume-title":"CISOs and organisational culture: Their own worst enemy?Computers & Security 39","author":"Ashenden Debi","year":"2013","unstructured":"Debi Ashenden and M\u00a0Angela Sasse. 2013. CISOs and organisational culture: Their own worst enemy?Computers & Security 39 (2013), 396\u2013405."},{"key":"e_1_3_2_1_6_1","volume-title":"\u00a0C. Nurse","author":"Bada Maria","year":"2019","unstructured":"Maria Bada, M\u00a0Angela Sasse, and Jason R.\u00a0C. Nurse. 2019. Cyber Security Awareness Campaigns: Why do they fail to change behaviour?"},{"key":"e_1_3_2_1_7_1","volume-title":"Self-efficacy: toward a unifying theory of behavioral change.Psychological review 84, 2","author":"Bandura Albert","year":"1977","unstructured":"Albert Bandura. 1977. Self-efficacy: toward a unifying theory of behavioral change.Psychological review 84, 2 (1977), 191."},{"key":"e_1_3_2_1_8_1","volume-title":"Proceedings of SOUPS 2016, Twelfth Symposium on Usable Privacy and Security. USENIX Association","author":"Beautement Adam","year":"2016","unstructured":"Adam Beautement, Ingolf Becker, Simon Parkin, Kat Krol, and M\u00a0Angela Sasse. 2016. Productive Security: A Scalable Methodology for Analysing Employee Security Behaviours. In Proceedings of SOUPS 2016, Twelfth Symposium on Usable Privacy and Security. USENIX Association, Berkeley, CA, 253\u2013270."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1595676.1595684"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.14722\/eurousec.2017.23007"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2841113.2841119"},{"key":"e_1_3_2_1_12_1","volume-title":"Is the German dual system a model for a modern vocational training system?International Journal of Comparative Sociology 33, 3","author":"Blossfeld Hans-Peter","year":"1992","unstructured":"Hans-Peter Blossfeld. 1992. Is the German dual system a model for a modern vocational training system?International Journal of Comparative Sociology 33, 3 (1992), 168."},{"key":"e_1_3_2_1_13_1","unstructured":"Joseph Bonneau and S\u00f6ren Preibusch. 2010. The Password Thicket: Technical and Market Failures in Human Authentication on the Web."},{"key":"e_1_3_2_1_14_1","first-page":"1","article-title":"Quasi-experimentation","volume":"1","author":"Campbell T","year":"1979","unstructured":"Donald\u00a0T Campbell and Thomas\u00a0D Cook. 1979. Quasi-experimentation. Chicago, IL: Rand Mc-Nally 1, 1 (1979), 1\u2013384.","journal-title":"Chicago, IL: Rand Mc-Nally"},{"key":"e_1_3_2_1_15_1","volume-title":"Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems","author":"Coles-Kemp Lizzie","unstructured":"Lizzie Coles-Kemp, Rikke\u00a0Bjerg Jensen, and Claude P.\u00a0R. Heath. 2020. Too Much Information: Questioning Security in a Post-Digital Society. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems (Honolulu, HI, USA) (CHI \u201920). Association for Computing Machinery, New York, NY, USA, 1\u201314."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.25300\/MISQ\/2019\/15117"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3555090"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.03.010"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW.2019.00028"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00779-004-0308-5"},{"key":"e_1_3_2_1_21_1","volume-title":"Statistik und Forschungsmethoden: Lehrbuch. Mit Online-Materialien (deutsche erstausgabe, 3., korrigierte aufl. ed.)","author":"Eid Michael","unstructured":"Michael Eid, Mario Gollwitzer, and Manfred Schmitt. 2013. Statistik und Forschungsmethoden: Lehrbuch. Mit Online-Materialien (deutsche erstausgabe, 3., korrigierte aufl. ed.). Beltz, Weinheim."},{"key":"e_1_3_2_1_22_1","unstructured":"ENISA- European Union Agency for Network and Information Security. 2019. Cybersecurity Culture Guidelines: Behavioural Aspects of Cybersecurity."},{"key":"e_1_3_2_1_23_1","unstructured":"OWASP Foundation. 2022. OWASP Security Culture: Security Champions."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1361-3723(11)70082-3"},{"key":"e_1_3_2_1_25_1","volume-title":"Skills and Characteristics of Successful Cybersecurity Advocates. In Thirteenth Symposium on Usable Privacy and Security (SOUPS","author":"Haney M","year":"2017","unstructured":"Julie\u00a0M Haney and Wayne Lutters. 2017. Skills and Characteristics of Successful Cybersecurity Advocates. In Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017). USENIX, Santa Clara, CA, 1\u20137."},{"key":"e_1_3_2_1_26_1","volume-title":"How Cybersecurity Advocates Overcome Negative Perceptions of Security. In Fourteenth Symposium on Usable Privacy and Security (SOUPS","author":"Haney M","year":"2018","unstructured":"Julie\u00a0M Haney and Wayne\u00a0G. Lutters. 2018. \"It\u2019s Scary\u2026It\u2019s Confusing\u2026It\u2019s Dull\": How Cybersecurity Advocates Overcome Negative Perceptions of Security. In Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018). USENIX Association, Baltimore, MD, 411\u2013425."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1108\/ICS-08-2020-0131"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.4013\/sdrj.2018.112.03"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3544548.3581410"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/1719030.1719050"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2013.134"},{"key":"e_1_3_2_1_32_1","volume-title":"Why Security Behavior Change Requires Intentional Forgetting. In New Security Paradigms Workshop","author":"Hielscher Jonas","year":"2022","unstructured":"Jonas Hielscher, Annette Kluge, Uta Menges, and M\u00a0Angela Sasse. 2022. \u201cTaking out the Trash\u201d: Why Security Behavior Change Requires Intentional Forgetting. In New Security Paradigms Workshop (Virtual Event, USA) (NSPW \u201921). Association for Computing Machinery, New York, NY, USA, 108\u2013122."},{"key":"e_1_3_2_1_33_1","volume-title":"USENIX Security","author":"Hielscher Jonas","year":"2023","unstructured":"Jonas Hielscher, Uta Menges, Simon Parkin, Annette Kluge, and M\u00a0Angela Sasse. 2023. \u201cEmployees Who Don\u2019t Accept the Time Security Takes Are Not Aware Enough\u201d: The CISO View of Human-Centred Security. In USENIX Security 2023. USENIX Association, Berkeley, 1\u201319."},{"key":"e_1_3_2_1_34_1","volume-title":"Coaches und Moderatoren (German)","author":"Hillmer David","unstructured":"David Hillmer. 2021. PLAY! Der unverzichtbare LEGO SERIOUS PLAY Praxis-Guide f\u00fcr Trainer, Coaches und Moderatoren (German). Hanser, M\u00fcnchen."},{"key":"e_1_3_2_1_35_1","unstructured":"ISF. 2014. From Promoting Awareness to Embedding Behaviors Secure by choice not by chance."},{"key":"e_1_3_2_1_36_1","volume-title":"Care and Feeding of Your Security Champion. In 2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). IEEE, IEEE","author":"Jaatun Martin\u00a0Gilje","year":"2021","unstructured":"Martin\u00a0Gilje Jaatun and Daniela\u00a0Soares Cruzes. 2021. Care and Feeding of Your Security Champion. In 2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). IEEE, IEEE, New York, 1\u20137."},{"key":"e_1_3_2_1_37_1","unstructured":"Lennart Jaeger Clara Ament and Andreas Eckhardt. 2017. The closer you get the more aware you become\u2013a case study about psychological distance to information security incidents."},{"key":"e_1_3_2_1_38_1","first-page":"282","article-title":"Examining the validity structure of qualitative research","volume":"118","author":"Johnson R\u00a0Burke","year":"1997","unstructured":"R\u00a0Burke Johnson. 1997. Examining the validity structure of qualitative research. Education 118, 2 (1997), 282\u2013292.","journal-title":"Education"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.2307\/25750691"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-41320-9_5"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/2738210.2738216"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.14722\/usec.2014.23007"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.179"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.14722\/usec.2015.23013"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3274361"},{"key":"e_1_3_2_1_46_1","volume-title":"Leading change ([nachdruck], with a new preface by the author ed.)","author":"Kotter P","unstructured":"John\u00a0P Kotter. 2012. Leading change ([nachdruck], with a new preface by the author ed.). Harvard Business Review Press, Boston, Mass."},{"key":"e_1_3_2_1_47_1","volume-title":"Qualitative Inhaltsanalyse: Methoden, Praxis, Computerunterst\u00fctzung [German]. Beltz Juventa","author":"Kuckartz Udo","year":"2012","unstructured":"Udo Kuckartz. 2012. Qualitative Inhaltsanalyse: Methoden, Praxis, Computerunterst\u00fctzung [German]. Beltz Juventa, Weinheim and Basel."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833766"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1515\/popets-2017-0030"},{"key":"e_1_3_2_1_50_1","volume-title":"International journal of management, business, and administration 13, 1","author":"Lunenburg C","year":"2010","unstructured":"Fred\u00a0C Lunenburg. 2010. Managing change: The role of the change agent. International journal of management, business, and administration 13, 1 (2010), 1\u20136."},{"key":"e_1_3_2_1_51_1","unstructured":"Bill Marczak John Scott-Railton Sarah McKune Bahr Abdul\u00a0Razzak and Ron Deibert. 2018. Hide and seek: Tracking NSO group\u2019s Pegasus spyware to operations in 45 countries."},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1108\/ICS-03-2017-0014"},{"key":"e_1_3_2_1_53_1","volume-title":"Why IT Security Needs Therapy. In European Symposium on Research in Computer Security. Springer","author":"Menges Uta","year":"2021","unstructured":"Uta Menges, Jonas Hielscher, Annalina Buckmann, Annette Kluge, M\u00a0Angela Sasse, and Imogen Verret. 2021. Why IT Security Needs Therapy. In European Symposium on Research in Computer Security. Springer, Springer, Berlin, 335\u2013356."},{"key":"e_1_3_2_1_54_1","volume-title":"12th International Workshop on Socio-Technical Aspects in Security (STAST). Springer","author":"Menges Uta","year":"2022","unstructured":"Uta Menges, Jonas Hielscher, Annette Kluge, and M\u00a0Angela Sasse. 2022. (Work in Progress) Brick by Brick: Using a Structured Building Blocks Method to Engage Participants and Collect IT Security Insights. In 12th International Workshop on Socio-Technical Aspects in Security (STAST). Springer, Springer, Berlin, 1\u201312."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/3411764.3445078"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1515\/jhsem-2014-0035"},{"key":"e_1_3_2_1_57_1","volume-title":"Information Security and People: A Conundrum for Compliance. Australasian Journal of Information Systems 21","author":"Pham Hiep\u00a0Cong","year":"2017","unstructured":"Hiep\u00a0Cong Pham, Duy\u00a0Dang Pham, Linda Brennan, and Joan Richardson. 2017. Information Security and People: A Conundrum for Compliance. Australasian Journal of Information Systems 21 (2017)."},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/2998181.2998191"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/3290605.3300663"},{"key":"e_1_3_2_1_60_1","volume-title":"Proceedings of the Sixteenth USENIX Conference on Usable Privacy and Security. USENIX","author":"Reinheimer Benjamin","year":"2020","unstructured":"Benjamin Reinheimer, Lukas Aldag, Peter Mayer, Mattia Mossano, Reyhan Duezguen, Bettina Lofthouse, Tatiana Von\u00a0Landesberger, and Melanie Volkamer. 2020. An investigation of phishing awareness and education over time: When and how to best remind users. In Proceedings of the Sixteenth USENIX Conference on Usable Privacy and Security. USENIX, Berkeley, 259\u2013284."},{"key":"e_1_3_2_1_61_1","volume-title":"Self-efficacy in information security: Its influence on end users","author":"Rhee Hyeun-Suk","year":"2009","unstructured":"Hyeun-Suk Rhee, Cheongtag Kim, and Young\u00a0U Ryu. 2009. Self-efficacy in information security: Its influence on end users\u2019 information security practice behavior. Computers & security 28, 8 (2009), 816\u2013826."},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2015.65"},{"key":"e_1_3_2_1_63_1","volume-title":"European Symposium on Research in Computer Security. Springer","author":"Sasse M\u00a0Angela","year":"2022","unstructured":"M\u00a0Angela Sasse, Jonas Hielscher, Jennifer Friedauer, and Annalina Buckmann. 2022. Rebooting IT Security Awareness \u2013 How Organisations Can Encourage and Sustain Secure Behaviours. In European Symposium on Research in Computer Security. Springer, Springer, Berlin, 1\u201318."},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2016.102"},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2016.110"},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1049\/iet-ifs.2017.0257"},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/3411764.3445768"},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.2307\/257326"},{"key":"e_1_3_2_1_69_1","unstructured":"U.S. Department of Homeland Security. 2012. The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research."},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijhcs.2018.11.003"},{"key":"e_1_3_2_1_71_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Weir Charles","year":"2020","unstructured":"Charles Weir, Ben Hermann, and Sascha Fahl. 2020. From needs to actions to secure apps? the effect of requirements and developer practices on app security. In 29th USENIX Security Symposium (USENIX Security 20). USENIX, Berkeley, 289\u2013305."},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1080\/03637759409376328"}],"event":{"name":"EuroUSEC 2023: The 2023 European Symposium on Usable Security","location":"Copenhagen Denmark","acronym":"EuroUSEC 2023"},"container-title":["Proceedings of the 2023 European Symposium on Usable Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3617072.3617099","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3617072.3617099","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:36:06Z","timestamp":1750178166000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3617072.3617099"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,10,16]]},"references-count":72,"alternative-id":["10.1145\/3617072.3617099","10.1145\/3617072"],"URL":"https:\/\/doi.org\/10.1145\/3617072.3617099","relation":{},"subject":[],"published":{"date-parts":[[2023,10,16]]},"assertion":[{"value":"2023-10-16","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}