Discussions at a recent security summit – what we learned from CISOs about training engagement

While attending a major security event in Washington DC, we had a chance to catch up with a few CISOs and other security leaders to discuss security awareness training. Most notably, we learned a lot about the importance of learner engagement. We kept some of the summary points in a 2-minute video:

Main takeaways from conversations

There are many heated views about the role of non-Security colleagues to minimize breaches and the common statistic that 90% of breaches involve the human element. But curing this issue isn’t easy. Here’s what we learned from our discussions at the Security Summit:

  • The goal is still to make employees resistant to attacks, but that doesn’t happen when learners pay little attention to security training. That is, they don’t engage.
  • Learner engagement is tricky and even elusive for all security professionals.
  • When asked how they would make training more engaging, the main thrust of what we heard was that we need to make the training “relevant”.
  • Role based training was mentioned multiple times as one of the ways to get people to engage. We took this to mean that security pros want to tailor content to the learner.
  • Relevance can mean many things, obviously it’s not about just being role-based. One of the most commonly cited ideas was to make the training meaningful for people’s personal lives.

Our view

Here at OutThink we’ve been obsessing with this problem for the better part of five years. We have worked with dozens of companies to crack this big, hairy nut. Our thinking is quite aligned to that of the security leaders in the video. We need to make the training relevant to each learner, wherever they happen to be in their journey of understanding secure behavior. We’ve taken the time to survey our experts and leading customers to put down some of the best practices in adaptive security learning into this playbook. Feel free to check it out. Would love feedback from anyone else that’s tried to make training truly relevant and went about it differently in any way.

Share:

Add Your Heading Text Here

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.