Why most cyber security training doesn’t work
Use learning science principles -- If you are a hacker, are you automatically an effective teacher? If you know the technology and all of its weaknesses, then it seems reasonable that you should be able to teach the same information to employees, right? Possibly, but not likely. If you ask a bunch of hackers whether training is working, what answer do you expect to get? Everyone has strengths and weaknesses, but generally hackers don’t make good educators and technologists are better off making technology decisions.
If companies want to see results with cyber security training, a shift in mindset is required. The science of learning dates back to the early 1950s, and its techniques have been proven over time and adopted as accepted learning principles. Applied to information security training, these techniques can provide immediate, tangible, long-term results in educating employees and improving your company's overall security posture. Let’s conduct training based on how people actually learn versus treating training as a check-box activity, and we’ll see just how valuable an investment in security training can be.
In the words of Einstein, “Insanity is doing the same thing over and over again and expecting different results.” Thankfully, when it comes to cyber security training it’s possible to stay sane by embracing the advances in security training which are available today.
Joe Ferrara is the president and CEO of Wombat Security Technologies, a security awareness training and assessment company. He can be reached at:
|Event Details||Dates of Event|
|SANS Counter Hack 2013||Nov 7 - 14|
|SANS Pen Test Hackfest 2013||Nov 7 - 14|
|SANS Korea 2013||Nov 11 - 16|
|Military Exports & Compliance Asia||Nov 12 - 14|
|NCT: Counter IED Asia, 12 - 15 November 2013, Bangkok||Nov 12 - 15|
|School Safety Symposium||Nov 13 - 13|
|Southwest Microwave Perimeter Defense Seminar||Nov 13 - 13|
|OWASP AppSec USA 2013||Nov 18 - 21|
|GovSec West Conference & Expo 2013||Nov 19 - 20|
|Southwest Microwave Perimeter Defense Seminar||Nov 19 - 19|
|Oracle 7th Annual Federal Forum||Nov 20 - 20|
|World BORDERPOL Congress||Dec 3 - 4|
|Critical Infrastructure Protection and Resilience Europe||Feb 12 - 13|