Making Security Training Real and Personal to Employees
It is a fact universally acknowledged that most learning – real learning, learning that makes us change the way we think and behave – occurs not in classrooms, meeting rooms, or in front of PowerPoints, but informally, by way of stories or conversation.
If 2017 was the year that offering a meaningful security education or training to employees became a priority for security professionals, 2018 is likely to be the year in which the search is on for security training that delivers on behaviours, values and knowledge – rather than ticking the compliance box and little more. Research presented by Nick Wilding at AXELOS shows that whilst UK businesses understand the need for an effective training programme, they are not yet accessing the innovative solutions which are starting to become available in the sector.
Experiential Training for Engaged Learning
Our customers talk about the need for employees to feel emotionally engaged with security; to feel as though it’s part of the value-system they share within the business. Good practice is often observed to be driven by individuals who care about security behaviours, perhaps because they’ve had direct experience of a family member being scammed, or they’ve experienced it themselves. Stories related to security incidents within the home travel quickly, and provide powerful learning informally across the business.
Simulations Create Sympathetic Understanding
A number of the client organisations we work with are starting to adopt ‘simulation training’ as a model for engaged learning. The advantages of this approach include:
- Participants undertake high risk activities in a safe environment – rehearsing for reality.
- Learning from mistakes is integral to the process – so skills improve.
- Simulations provide meaningful contexts for problem solving – consequences become important.
- Learning is hands on, experiential and enjoyable.
- Emotional responses to simulations are natural – participants become fully involved.
Simulations in the Security Sector
When you think of ‘training sessions’ you probably get an image in your head of handouts, PowerPoints, and a trainer standing in front of inert bodies. The simulation sessions we have run over the past couple of years tend to be the exact opposite of this; we don’t get participants to do ‘role play’ or ‘acting’ but we encourage them to work as directors of the action, or as hackers planning an attack. We find that within minutes of kicking off an activity the room has been re-organised, and there’s a mixture of intense conversation, laughter and conversation involving every single member of the training group.
The security professionals we have worked with in this way have talked about the speed at which learning starts to take place informally, followed by a tangible change in behaviours.
To find out more about the simulation activities we run, register for our next webinar: The Hackers’ Perspective: helping employees understand security vulnerabilities
WHEN: Thurs 25th January 2018 at 11.00am-11.30am
SIGN UP HERE