How simple reviews can increase your Security Education results

We all think of deploying amazing Security CBT to our teams, envision them taking it, loving it and your company becomes more secure for it. Yet in practice, there are a couple steps that are essential to ensure success whether your training is for SDLC, general awareness or PCI compliance.

One overlooked criteria is when students are boxed into inflexible Security Training that misses the mark in achieving their learning objectives required for their daily job. Perhaps the training is over their heads or maybe they just don’t know where to start or why it’s relevant. So I’ve identified some guidance to ensure the longer term success of your Security Training program.

[caption id=”attachment_842" align=”alignnone” width=”407"]

imgsrc: unknown, please let me know.[/caption]

Boxed in with no where to go

I love this comic because it makes me remember that Application Security Training needs to be unique and flexible enough to tailor to an individuals needs. If you’re building a security program and measuring it purely on a test score, remember that some of your students will have trouble learning the concepts. If they don’t pass your metrics, it doesn’t mean they don’t have an interest. It might be that they aren’t able to get the help they need and feel silly or left behind.

As a person responsible for procuring and finding learning it is important to consider these students and their success as it ties in directly with ensuring a successful training program.

How do I help those who struggle?

Although we never expect the goal of a CBT to be setting up your training program and walking away, it does sometimes happen where expectations are that the training can do all the work for us.

However, it is important to identify how your students are doing and discover problem areas at an early stage of engagement. This can often be addressed by setup a periodic review of your training and student success.

If you have 30% of people that either aren’t passing, sample those people to determine what it is that made them stop taking the training and what might help them move past that. Many students will simply say they don’t have time, but people will make time if they are engaged in the training so dig a bit deeper.

Sometimes it is that the program isn’t well advertised so that people are aware it is available. Other times it can be a lack of resources or simply a misunderstanding of the intention of the training and what you are trying to accomplish. Either way, it is important to see what the stumbling block is and remove that barrier of entry. Typically one person having the problem means many others will too. Without a review, it may be hard to understand what the problem is in the first place.

More resources for success

Your student’s training goals don’t end there. Once you have them engaged, try to build the training around corporate goals to help your staff understand why the program is important. You can try engaging them with incentives or prizes as well. Consider providing FAQ type resources to help students who are struggling or even providing additional resources for those who want to learn more on their own.

Keep in mind that every person on your team has an individual need that is unique. Don’t make them feel like the measure of their success is a test. Help them understand that a score is important for compliance reasons and for management reporting but more important is ensuring that what they learn can be used effectively in their everyday jobs.


Not every student will learn at the same pace and a flexible training program can help with engagement. However, you will only know how students are doing if you ensure that you perform a simple periodic review and understand your student’s challenges. With these steps in mind, you can drive more effective training where students won’t feel left out simply because of a stumbling block that could’ve been resolved early on in their training.

Previous Article
Why You Should Work Here
Why You Should Work Here

We’re looking to hire great developers. We know you have your choice of employers, and I’d like to explain ...

Next Article
Your Guide to Evaluating Security CBT Programs (Part 1)
Your Guide to Evaluating Security CBT Programs (Part 1)

Note: At the end of this series, I’ll provide a free tool that you can use to make your own evaluations eas...