In the world of security awareness training, we like to think of ourselves as providing training for each employee in the building. There was a time when training non-cyber staff on cyber threats was a novel idea. But, as it became apparent that end users were increasingly becoming one of, if not the single largest, attack vector for cyber threat actors, the field of Security Awareness entered the mainstream.
In the early days, this was driven by lecture-based presentations focused on identifying and avoiding common threats. But, as the threats became more complex and varied, so too did the range of topics and delivery methods deployed in standard awareness programs. Today, training is more engaging and interactive, utilizing various formats such as videos, simulation, and gamification.
What is Short-Form Computer-Based Training?
The concept of short-form computer-based training has dominated the Security Awareness Training space, and for good reason. These modules offer a convenient and engaging way to provide employees with the essential security training they need in a format that allows them to complete training in small increments, making it easier to assign within the flow of work with minimal disruption.
Furthermore, the advanced reporting available in modern learning management systems helps to measure the effectiveness of the training program, identify areas for improvement, and report the program’s effectiveness to executive teams.
The Case for Individualized Training Content
Until recently, the concept of "training for all" has often been focused on non-technical end users and has overlooked the critical role played by technical staff in securing an organization's digital infrastructure. But according to successive editions of the Verizon DBIR, technical misconfigurations continue to be a significant contributor to security breaches.
Technical employees are critical to the smooth operation of an organization's digital infrastructure in a variety of ways. Network and system administrators are responsible for ensuring that the hardware and software components of an IT infrastructure are functioning correctly and efficiently.
Development teams play a critical role in creating and maintaining the software and applications that support operations. Various engineering teams may be responsible for their facility’s control and access systems. In most cases, the primary focus of each of these roles is performance and uptime, rather than secure operation and threat mitigation.
While security is very likely an essential aspect of the job, it can sometimes take a back seat to the other pressing issues employees in these roles face on a daily basis. This presents an opportunity to take a page from the security awareness playbook to offer a convenient and effective way to keep security top of mind for technical teams.
The Benefits of Tailored Training in a Digestible Format
Delivering technical training in a similar format as end user awareness training has the potential to reap tangible benefits. The short, modular format makes them easy to fit into the busy schedules of technical employees; allowing them to continue with their daily job duties while still receiving critical training. The role-specific nature of the training can also help increase engagement and retention, ensuring that technical employees are learning and retaining the critical information unique to their roles.
Furthermore, by providing training in a standardized format, all team members can receive the same level of education, helping to ensure that everyone is working from a common understanding of best practices. By providing consistent training on these practices and procedures, employees will be more likely to comply with them, reducing the risk of non-compliance and potential security breaches.
SANS has long recognized that delivering training for all requires curricula that covers not only a wide range of scenarios, but also a growing range of job roles and responsibilities. It’s a big part of what drove us to build the largest library of information security training and certification in the world.
That library extends to our awareness solutions, where SANS continues to explore new methods of targeted training with its role-based technical skills collection that includes short-format technical modules for Development teams, Network and System Administrators, and ICS Engineers, among others.
Short-format computer-based training has proven to be a powerful tool for providing targeted and consistent awareness training to employees across a range of skill levels and backgrounds. Applying the same methods towards technical employees is the logical next step in helping to improve the security and efficiency of modern organizations. Making “training for most” a thing of the past and delivering on the promise of "training for all."
Learn more how your awareness program can reach more people with Short-Format Technical Training.