Communication is Vital
When an organization launches an exciting new program, such as a security training program, they often think about all the elements required to construct and test the initiative. This includes staffing the projects, obtaining the right funding, procuring the right technologies, and so on. What is often forgotten, however, is ensuring that the key stakeholders of the program are regularly kept informed. You have to communicate to the right stakeholders at the right time and in a manner that is appropriate. This becomes increasingly important as the program nears its launch. This article will describe how you can communicate during the last stages of your security program launch.
The focus of this article is not to run a comparison across different security training programs. There are many fine security training programs available. Rather, I want to help you understand what type of communication is essential. Having said that, I will express examples from our experience at Security Compass. We welcome you to explore the training courses we have available.
Prioritize Awareness of the Launch
As you near the launch date, creating awareness for your new security training program is very important for building anticipation and interest. Consider the methods of communication your organization uses most, and where your audience will receive the messaging. You may opt to deploy messaging across several platforms to ensure the message reaches the audience well ahead of the launch date. This could include your local intranet, company newsletter, mass email notifications, company-wide meetings, internal messaging platforms such as Slack and Google Hangouts, and potentially through your security champions program.
Let the Countdown Begin!
As you near the launch date, your communication should change. You want to shift from building initial momentum to active participation in the program. Here is a breakdown of the communication based on a six-week runway.
1. Six (6) weeks prior to launch
Create and build a buzz of excitement around the training program with management and leads. Meet with team leads to discuss specific needs of their team’s training requirements, and promote awareness around upcoming plans for the program launch. Address any concerns or questions, and prepare to include extended information in the announcement around feedback from leads. Set a firm timeline of communication, who will receive notification, where it will be sent, what will be included, and when it is expected.
Here is an example:
Security training should no doubt be a critical investment for organizations, especially in the current landscape with threats becoming more sophisticated. As we grapple with this complex environment, it is vital for employees across our organization to understand security best practices to help ensure our organization’s products and services – and those that use them – are kept safe.We pride ourselves on doing just that. As part of our dedication to continually developing a stronger security culture, we will be launching a refreshed version of our security training program. This program is designed to give our more technical staff – including engineers, product managers, program managers, and other interested team members – deeper security knowledge through more advanced training. We have partnered with Security Compass to help ensure that our training program is not just focused on our specific security best practices but aligns with broader industry standards as part of our commitment to help keep our customers and community safe through our products and services. The training is very modular with each topic broken into quick 10-minute blocks so you can access the cloud-based learning management system (LMS) and work toward course completion to fit your work schedule.
2. Two (2) to five (5) weeks prior to launch
Attend and present at company or team meetings, explain course and module content, how it will be accessed, and enrolment timelines. Include key pieces of information, such as why this is important for the team members and the company, and how this will help save time and effort in the long run. Have team leads and management available for employees to answer questions, address the benefits of the initiative, and help create excitement.
Here is an example:
We are pleased to announce that we will be partnering with Security Compass to deliver software security eLearning! You will receive an email with your username, link to the login page and temporary password by [include a date]. You will be required to change your password upon initial login.Once you have logged in to the Security Compass learning management system (LMS), the courses you require will be pre-loaded on your dashboard.The training is modular with each topic broken into quick 10-minute blocks to allow you to access the cloud-based LMS platform and work toward course completion to fit your work schedule. As part of our training initiative we would like everyone to complete their courses by [include a date].
3. One (1) week prior to launch
Hit send on that mass email communication to anyone who will be enrolled in a training course. Include specific information previously addressed by team leads and management, and presented in the previous team or company meetings. The information in this email should not be new information, but rather the final reminder of what is to come. If you are planning an incentive program, now is the time to remind everyone of what is to come.
Here is an example:
We are pleased to announce that we have partnered with Security Compass to deliver your software security eLearning!You will receive an email with your username, link to the login page, and temporary password by [include a date]. Once you have logged in to the learning management system (LMS),the courses you require will be pre-loaded on your dashboard.The training is modular with each topic broken into quick 10-minute modules so you can access the cloud-based LMS platform and work toward course completion to fit your work schedule. As part of our training initiative, ideally we would like everyone to complete their courses by [include a date].
4. Day of launch
This is the exciting part! Learners will receive their logins if applicable, or be able to access course content through your own training portals. Another mass email can be sent announcing the launch, or shared on company wide messaging applications.
Here is an example:
“We are pleased to announce we have partnered with Security Compass to deliver your software security eLearning!Once you have logged in to the Security Compass learning management system (LMS) through your single sign-on (SSO) dashboard, the courses you require will be pre-loaded on your dashboard.The training is modular with each topic broken into quick 10-minute blocks so you can access the cloud-based LMS platform and work toward course completion to fit your work schedule. As part of our training initiative we would like everyone to completeg their courses by [include a date].”
Upon completion you are prepared to take and pass the (ISC)² Secure Software Practitioner (SSP) Certification. Security Compass is exclusively partnered with the (ISC)² Successful completion of the SSP exam will earn you a certificate and a digital badge you can use to share your achievement with the world!
You are probably already running reports on completion, progress, scoring, and more. Now you can share this information with learners. Consider calling out the person with the most completed courses, the person who has completed the course first/fastest, or the person who has scored the highest. You have worked hard to implement a security training program and build momentum. Now is the time to keep the momentum high.
The ideas expressed in this article are based on our experience at Security Compass. It is vital that you communicate appropriately as you near the final launch date. You want to drive both engagement and participation. Be prepared to ramp up your support team in anticipation of additional questions. Use a feedback loop to continually improve your program.
Ultimately, you want to align your security program metrics to higher-level business Key Performance Indicators (KPI). While this is outside the scope of this article, I invite you to consult the Security Compass team to discuss any additional communication strategies or get access to supplementary Security Compass material to help make sure your launch is communicated in the best way possible. Empower your software, development, and DevOps teams with the best on-demand training today.