There is a startup company called Extreme Unlimited, and they are in the process of hiring new employees due to recent demand for their product.  Extreme Unlimited boasts that it can secure any organization with its array of cybersecurity products.  However, in their rush to hire, their HR department does not require new employees to go through security awareness training.  They assume since they are hiring cybersecurity professionals this step is not required. 
What risks do such assumptions pose?  Moreover, what other risks might we speculate there are in the organization?