How simple reviews can increase your Security Education results

May 10, 2013

We all think of deploying amazing Security CBT to our teams, envision them taking it, loving it and your company becomes more secure for it. Yet in practice, there are a couple steps that are essential to ensure success whether your training is for SDLC, general awareness or PCI compliance.

One overlooked criteria is when students are boxed into inflexible Security Training that misses the mark in achieving their learning objectives required for their daily job. Perhaps the training is over their heads or maybe they just don’t know where to start or why it’s relevant. So I’ve identified some guidance to ensure the longer term success of your Security Training program.

[caption id=”attachment_842" align=”alignnone” width=”407"]

imgsrc: unknown, please let me know.[/caption]

Boxed in with no where to go

I love this comic because it makes me remember that Application Security Training needs to be unique and flexible enough to tailor to an individuals needs. If you’re building a security program and measuring it purely on a test score, remember that some of your students will have trouble learning the concepts. If they don’t pass your metrics, it doesn’t mean they don’t have an interest. It might be that they aren’t able to get the help they need and feel silly or left behind.

As a person responsible for procuring and finding learning it is important to consider these students and their success as it ties in directly with ensuring a successful training program.

How do I help those who struggle?

Although we never expect the goal of a CBT to be setting up your training program and walking away, it does sometimes happen where expectations are that the training can do all the work for us.

However, it is important to identify how your students are doing and discover problem areas at an early stage of engagement. This can often be addressed by setup a periodic review of your training and student success.

If you have 30% of people that either aren’t passing, sample those people to determine what it is that made them stop taking the training and what might help them move past that. Many students will simply say they don’t have time, but people will make time if they are engaged in the training so dig a bit deeper.

Sometimes it is that the program isn’t well advertised so that people are aware it is available. Other times it can be a lack of resources or simply a misunderstanding of the intention of the training and what you are trying to accomplish. Either way, it is important to see what the stumbling block is and remove that barrier of entry. Typically one person having the problem means many others will too. Without a review, it may be hard to understand what the problem is in the first place.

More resources for success

Your student’s training goals don’t end there. Once you have them engaged, try to build the training around corporate goals to help your staff understand why the program is important. You can try engaging them with incentives or prizes as well. Consider providing FAQ type resources to help students who are struggling or even providing additional resources for those who want to learn more on their own.

Keep in mind that every person on your team has an individual need that is unique. Don’t make them feel like the measure of their success is a test. Help them understand that a score is important for compliance reasons and for management reporting but more important is ensuring that what they learn can be used effectively in their everyday jobs.


Not every student will learn at the same pace and a flexible training program can help with engagement. However, you will only know how students are doing if you ensure that you perform a simple periodic review and understand your student’s challenges. With these steps in mind, you can drive more effective training where students won’t feel left out simply because of a stumbling block that could’ve been resolved early on in their training.

Previous Article
6 Hot Cloud Apps to Boost Your IT Department’s Efficiency and Productivity
6 Hot Cloud Apps to Boost Your IT Department’s Efficiency and Productivity

This is a guest blog post by Christian Pedersen, CTO and co-founder of SD Elements partner OneLogin. One of...

Next Article
Debunking myths: Security Awareness is Useless
Debunking myths: Security Awareness is Useless

Last month, a story ran on Dark Reading around why security awareness is useless. I cringe reading such sto...

Find out how our solution builds security and compliance into software.

Free Demo