Do You Know If Your Security Training is Working

How Do You Know If Your Security Training is Working

How Do You Know If Your Security Training is Working?

In this month’s Layer 8 webinar The Hackers’ Perspective: helping employees understand security vulnerabilities we look at examples of effective training methodologies, which combine:

  • Rehearsing for Reality – giving participants chance to try out their responses to complex security situations.
  • Experiential Learning – where knowledge is gained by working collaboratively to create effective solutions to security problems.
  • Thinking Like a Hacker – understanding security vulnerabilities by viewing the business through the eyes of a hacker.

Security Professionals who have commissioned interactive sessions from Layer 8 have commented on the immediate impact these workshops have upon participants’ attitudes toward security, but the feedback we get really excited about tells us that the impact felt in the session has then translated into a more meaningful ongoing process of change within the business.

“We were always trying new ways to engage employees with security. We found they’d listen, but then continue to behave as they always had done. It was only when Layer 8 introduced The Hackers’ Perspective technique that things started to change.”

Measuring the Ongoing Impact of Security Training

Measuring workshop impact not only provides an immediate snapshot of the benefits (or otherwise) of the activities participants have experienced, it also offers the opportunity to register three things in the minds of those participants:

  • Participants undertake high risk activities in a safe environment – rehearsing for reality.
  • Learning from mistakes is integral to the process – so skills improve.
  • Simulations provide meaningful contexts for problem solving – consequences become important.
  • Learning is hands on, experiential and enjoyable.
  • Emotional responses to simulations are natural – participants become fully involved.

Our clients have found that a three-step evaluation process, spanning 2-3 months post workshop has proved the most effective way to gain maximum return on investment for the training session.

Step 1 – Evaluation

Everyone is used to filling in an evaluation form at the end of a session, and it can be quite a perfunctory exercise. It offers the opportunity, though, to include questions which prompt participants to actively integrate the knowledge they’ve gained from the workshop into their working practices:

What’s the most important thing you’ll take away from today’s session? (key learning)

  • How will what you’ve learnt today affect the way you do your job? (behavioural change)
  • How will you spread best practice you’ve learnt amongst your colleagues? (conversations)

Step 2 – Peer to Peer Learning

Rich qualitative data can be gained by using team meetings to review the workshop, talk about any individual actions that have arisen because of it, and discuss ways in which departments could work to integrate the knowledge gained into developing security behaviours. These tend to work well if they happen a couple of weeks after the workshop.

Step 3 – Survey

Running a security awareness survey across participants, a month to six weeks after the original event will demonstrate whether the knowledge is being applied, and take the temperature of participants as to the importance they now place upon secure behaviours in the workplace.

Security Training and Resilience as a Process

Following these steps ensures that you get maximum value from your initial training investment. The rich qualitative and qualitative data can immediately demonstrate strengths, weaknesses and vulnerabilities across your organisation.

For more ways to measure your developing security culture, take a look at Sans Security Awareness Metrics Matrix, which includes metrics for both measuring impact (change in behaviour) and for tracking compliance.

To register for The Hackers’ Perspective: helping employees understand security vulnerabilities click on the link below


Share this post

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email


View our other posts and insights

Scroll to Top