Cybersecurity awareness programs play a crucial role in mitigating cyber threats by educating employees about best practices and potential risks. However, many organizations struggle to measure the effectiveness of these programs. This talk will delve into the challenges of making cybersecurity awareness programs practical, focusing on equipping employees with skills rather than simply testing their knowledge. By understanding the factors that contribute to program effectiveness, organizations can partner with employees in addressing cyber security challenges rather than blaming them for security gaps and errors.