Dave Aitel wrote a column in CIO in 2012, arguing why one should not train employees for security awareness.