We have all say through the standard company training on cyber-security. It usually starts with an hour or two trapped in a packed seminar room, surrounded by colleagues pretending to take notes but really playing Words With Friends on their smartphones, followed by bad coffee and slightly stale pastries.Peter Vanheck, from Central Queensland University wanted something different. Rather than the annual compliance-focussed \u201ctick a box\u201d training, he wanted to work with his team to develop an ongoing program that engaged the university community and made cybersecurity something everyone was aware of. But he wanted to do it in a more engaging way than traditional training.During the 2017 AusCERT conference Vanheck how he did this with his team. By taking a multi-disciplinary approach, that used the skills of the broader CQUni community, he created a cyber awareness and education program that has transformed how people work at the university.Vanheck\u2019s journey in developing the Cyber Heroes program began with a request for him and his CIO to present on cybersecurity to the board. Sitting in the foyer, a few minutes before their presentation, it dawned on Vanheck that the presentation they had prepared was flawed. The problem wasn\u2019t the content \u2013 it was the focus. They approached the presentation from a technical point of view.\u201cI was sitting there, going through the presentation in my mind. I looked at my CIO and said to him \u2018I think we\u2019ve got this wrong\u2019\u201d, said Vanheck.Vanheck advocated a \u201chuman firewall\u201d. The idea was to engage everyone at CQUni in cybersecurity. Despite doing everything they could from a technical level, Vanheck was still seeing issues created by people plugging infected USB drives and clicking links in emails. He knew people were the key.\u201cWe needed something that was different. We needed something that was creative. We needed something that was simple. Something that would make a difference,\u201d said Vanheck.After several months of attending conferences and consulting with experts he knew he needed to look outside the traditional information security community. The creativity he wanted wasn\u2019t something he saw in his IT workforce.Realising he needed the most creative people he could find so he established relationships with other executives within CQUni. That lead him to working closely with marketing and other creative people.\u201cThe buy-in I got from those people from this simple cybersecurity message made a real difference to the program\u201d.The program Vanheck embarked on wasn\u2019t all smooth sailing. After investing time and money with an external marketing organisation, Vanheck abandoned the idea they brought to the table of a cybersecurity mascot personified in an octopus.But he didn\u2019t give up. He maintained a focus on specific, short messages that were important but needed a way to present those messages.At the same time as coming across some simple posters that presented those messages, the blockbuster superhero movie, The Avengers, was released. And those ideas came together.Vanheck developed the CQUni Cyber Heroes. The five heroes, each played by a member of the IT department who were more than happy to don lycra and wear costumes said Vanheck, each represented a part of the security infrastructure and were used to present simple messages in posters and short online videos.This resonated with the CQUni community and resulted in a measurable benefit.In the months preceding the introduction of the Cyber Heroes program, successful phishing email attacks numbered around 50 per month. That dropped to 15 in the first month after the program and, importantly, continued to fall to fewer than five \u2013 a level that has held for many months.Vanheck said there were some important take home messages that came from the CQUni project. You need to find the most creative people you can, keep messages simple and use several types of media to engage people.Make the program relevant and person to the people you are targeting and develop awareness training to accompany the creative campaign.By collaborating widely you can inspire people he said. And by connecting with people across the organisation, Vanheck says he has made IT security part of the CQUni culture.