top of page
  • Jessica Barker

Cyber Security Training is not a Punishment

The summer holidays might just be starting for some, but for cyber security awareness professionals autumn is front of mind. The leaves fall, pumpkin spice lattes get their day in the sun and ghosts come out to play. And what else? Oh yes, October ushers in cyber security awareness month.


Cyber security awareness-raising has been transformed over the decade or so that I've been working in the field. There are so many innovative and engaging activities and initiatives out there, so there's really no excuse to still give people the impression that cyber security is boring.


Worse than forcing people to sit through compliance-driven training: making them sit through it again because they clicked a link in a phishing simulation. The message you send when you do that? That they 'failed' and need to be punished with boring training.


Is that really how we want people to feel when they're learning about cyber security?


Over the last couple of years, cyber security culture has risen up the agenda. If you're thinking of what kind of awareness-raising you want to deliver, first ask yourself what your organisation culture is like. With that in mind, what kind of cyber security culture are you looking to build? What attitudes and behaviours would make up that culture? How can you foster those attitudes and behaviours whilst also addressing your key human-based risks?


We help clients of ours have a lot of success running more innovative awareness-raising initiatives, especially during October. Examples include:


🐞 Hacking demonstrations

💻 Password cracking

🔓 Lock picking stations

🧐 OSINT exercises

🍿 Bitesize content


The levels of engagement are always so satisfying. When you have fun with cyber security, whilst delivering a meaningful and actionable message, it's a game changer. It leaves people talking about cyber security, with their colleagues and their families. This creates a positive ripple effect that reaches beyond October and into the community.


There is a common perception that people learn in different ways (visual, auditory, kinaesthetic, and reading/writing) and that mixing up methods is considered good practice. However, the cognitive neuroscientist Stanislas Dehaene (in his book How We Learn) shows this is not the case. Instead, he recommends that you focus on four pillars:


Pillar 1: Attention

"A passive organism cannot learn"


Pillar 2: Active engagement

"Enhance the environment"



Pillar 3: Error feedback

"Zero error, zero learning"



Pillar 4: Consolidation

"It is better to spread out the training periods rather than cram them into a single run"


Thanks to Sue Hope for the steer on this.


Which brings me to an important point: don't forget to gather feedback and track metrics for the awareness-raising you deliver in October. Depending on your capacity and the maturity of your programme, this could be as simple as tracking participant numbers and sharing a quick feedback form for your different initiatives. If you're looking for something more in-depth, you could run a survey before and after October to test whether your key messages have landed. Take it a step further and repeat the survey in January to see whether any of those messages have been retained.


If you want to learn more about what other cyber security awareness professionals are doing for October and beyond, don't miss the SANS Security Awareness Summit 2022 next week. I'm not saying it's great because I'm on the advisory board, I'm on the advisory board because it's great! This year, it's a hybrid event which is free to attend online.


To learn more about the awareness-raising content an activities that we at Cygenta deliver for clients, drop us a line. Finally, if you want to stay in the loop with all things connected to the human side of cyber security, don't forget to subscribe to our mailing list!

246 views

Related Posts

See All

3 Comments


Jeffrey Glenn
Jeffrey Glenn
Oct 19, 2023

I appreciate Henry for making me realise the truth to a certified hacker who knows a lot about what he is doing. I strongly recommend you hire him because he’s the best out there and always delivers. I have referred over 10 people to him and all had positive results. He can help you hack into any devices, social networks including – Facebook, Hangout, iMessages, Twitter accounts, Snap chat , Instagram, Whatsapp, wechat, text messages ,smartphone cloning,tracking emails and also any other social media messenger or sites. It’s advisable to hire a professional hacker.Thank me later. Contact him here., Henryclarkethicalhacker@gmail.com and you can text, call and Whatsapp him on +1(201)4305865, or +1(219)7960574.....



Like

Agnes Lizzy
Agnes Lizzy
Oct 13, 2023

Contact him for any type of hacking, he is a professional hacker that specializes in exposing cheating spouses, and every other hacking related issues. he is a cyber guru, he helps catch cheating spouses by hacking their communications like call, Facebook, text, emails, Skype, whats-app and many more. I have used this service before and he did a very good job, he gave me every proof I needed to know that my fiancee was cheating. You can contact him on his email to help you catch your cheating spouse, or for any other hacking related problems, like hacking websites, bank statement, grades and many more. he will definitely help you, he has helped a lot of people, contact him on,…


Like

Janet Lucy
Janet Lucy
Oct 12, 2023

I’m excited to write about Henry Hacker, he is a great and brilliant hacker who penetrated my spouse’s phone without a physical installation app. And I was able to access my spouse’s phone, SMS, Whatsapp, Instagram, Facebook, Wechat, Snapchat, Call Logs, Kik, Twitter and all social media. The most amazing thing there is that he restores all phone deleted text messages. And I also have access to everything including the phone gallery without touching the phone.I can see the whole secret of my spouse. Contact him for any hacking service. He is also a genius in repairing Credit Score, increasing school grade, Clear Criminal Record etc. His service is fast. Contact:, Henryclarkethicalhacker@gmail.com and you can text, call him on whatsapp…


Like
bottom of page