As cyber threats become more complex, many companies are beginning to see moves to strengthen the active involvement of employees in security. However, traditional security education programs are not enough, and many companies are looking for new ways to do it. In this workshop, we will consider what CISOs can do to improve the security literacy of employees.