At the Inaugural Derbycon, Boris Sverdlik struck a nerve with participants by claiming that ‘users’ need to ‘stop clicking shit’. That is well and dandy for catchphrases and pillow talk, but the ‘user’ continues to be a scapegoat for our own inabilities to educate and execute. The information security programs we are so heavily invested in are failing when it comes to security awareness training and addressing the needs of the people chartered with protecting your company’s assets. In response to the challenge issued during the presentation, a handful of brave, attractive, and sometimes intelligent people launched the Security Awareness Training Framework (SATF) with the explicit goal of establishing a free and open source living, industry-wide framework to provide practitioners the crucial components necessary to address security awareness at the proper context for the ‘user’, whomever the ‘user’ is. In this presentation, we will provide an update as to how the project has progressed after one year, where it is going, and provide information on how to get involved with this project.