Behind the vast library of training content produced at SANS Security Awareness, there is a dynamic team of designers, curriculum-builders, and adult-learning specialists who work to make that content readily digestible to every learning level. They creatively work to improve learner engagement and memory retention. We refer to this team as Learning Experience Designers because they employ the use of advanced learning techniques to help enhance the comprehension and application of the materials for any learning level or organization’s maturity level.

Their team recently released an exciting refresh to the cyber security awareness training for employees collection called the 2019 SANS EndUser Training Series, which is set to be publically released on January 17, 2019.

That team is backed by Jon Portzline, the Director of Content. Drawing on his extensive experience in technology, education, and training, he uses instructional design principles along with adult learning and behavior change theory to develop holistic security awareness programs that help protect each member of an organization from cyber attacks.

In this Q&A with Portzline, he draws on his expertise and insight to discuss his mission with SANS and touches on learning methods used in the latest EndUser Training content release.

Q1. You bring nearly 15 years of experience combining technology, education, and training. What brought you to SANS and what do you find to be the most rewarding aspect about your role as Director of Training Content?

"I was drawn to SANS because, personally, I have a passion for creating the kind of training content that has a positive impact on a person’s ability to do things better, both in a personal and professional setting. It seems to align with the SANS mission to provide intensive training to help an organization administer training that is designed to help encourage everyone to master the steps needed to defend systems and networks.

I find that this alignment with the SANS mission is honestly the most rewarding part of my role.  Knowing that the content that we create as a team helps people be more secure in their work lives and their personal lives is what keeps me coming to work every day."

Q2. Creating content that is both engaging and effective for our consumers is the one of the largest goals of the training we provide at SANS, but that task is obviously easier said than done. What do you think is the most important element of your content development process that helps achieve that perfect combination?

"Yes, it can be difficult. But at the absolute core of producing training that is both engaging and effective, I believe, is making sure the training can personally connect with the learner.

Training doesn’t have to be intimidating. It shouldn’t be. At SANS, we work to make sure people understand that adopting more secure behaviors doesn’t require a degree in rocket science. All they need to have is a healthy skepticism and be on the look out for things that seem out of place and I think our content works to achieve this."

Q3. Explain the importance of learning objectives in security awareness training. How do you think it contributes to an awareness program’s overall success?

"Learning objectives are simply a statement that outlines what you hope the learner achieves, learns, or masters as a result of their training. They should be observable and measurable in order to understand if a learner is demonstrating specific knowledge of what was taught. I think they’re at the foundation of making sure you are training people on what you intended to teach them and if it is working as you’d envisioned.

If a learning objective isn’t properly formulated, I think it would be incredibly difficult to measure if you or the learner actually achieve what they set out to do.  Simply put, we want to connect behavior change with the training that we create and by measuring their success, we can have a clearer outlook on it."

Q4. How does developing training content for this industry differ from training adult learners in other realms? Are there specific behaviors your team needs to be aware of while developing and designing content?

"Developing an effective training curriculum for the Security Awareness industry can be a different beast sometimes, yes.

You really want to dedicate your energy focusing on those behaviors or the actions that work negate cyber threats from all angles. Cyber threats can be scary and confusing to both the individual and the organization, so the training needs to work to reassure the learner that prevention can be easy and manageable. Each person is invaluable to an organization toward making sure they’re the biggest armor against a cyber attack."

Q5. SANS is introducing a lot of exciting new content updates to the security awareness EndUser training this month. Which component are you most excited about with this launch? How do you think it will help organizations improve their program maturity? 

"Yes, I’m extremely excited about the new EndUser Training Series and Styles for 2019. We all are. The variety of content we’re offering works to keep the learners interested in the material and helps them to apply what they learned once the training is complete. 

Each organization is different. Therefore the learners and the subsequent threats are different. The cyber security challenges each organization faces and the kind of culture that exists has a lot of bearing on what they should be focusing on. Having different available training styles gives organizations a chance select and rely on a training that is best suited for their specific challenges and culture."

Q6. How do supplemental training materials aid in a security awareness program’s mission to engage learners?

"Our supplemental training is a great addition to our training. It consists of library of content, all updated on a monthly basis. It ensures that training is timely and addresses the latest threats out there. It also includes a variety of audiocasts, microvideos, posters, screensavers, factsheets, mini games, and newsletters.

By offering supplemental training like this to our training series, it really serves two main purposes. The first is to drive engagement, while the second is to drive learner retention. By utilizing supplemental content in conjunction to the overall training program, security awareness professionals can provide small engaging pieces of content in quick bursts that helps to reiterate to learners the proper security awareness behaviors.  Making things small that remind your learners about what has already been taught, helps to build retention without disrupting the flow of a learner’s normal workday."

Q7. Describe how your knowledge with the Ebbinghaus Forgetting Curve drives how your team develops content.

​​​​​​​"Hermann Ebbinghaus was such a memory whiz. [laughs] He pioneered the Ebbinghaus

forgetting curve

Forgetting Curve, which if you are unfamiliar with what that is, it illustrates how over time, people forget what they learn unless the training material is reviewed or it is re-exposed soon after the training.  You can see that happen often in the cyber security training realm.

Interestingly, studies have also confirmed that the mere fact of rethinking about a single piece of training helps you retain all of the training learned. This is another reason why the support supplemental training material we offer provides such an invaluable benefit to organizations. If learners aren’t able to remember what they learned, they won’t be able to behave in the ways the training has taught them."

To check out the latest on the 2019 EndUser Training Series, or to even schedule a demo of the work Jon Portzline’s team has created, visit the EndUser Training page.​​​​​​​

No other organization boasts the depth of expertise as SANS. Our experts know every type of cyber attack and threat. Inside and out. With SANS, your training will focus on the key behaviors that most effectively manage your human risk. Learn more about Jon Portzline and get to know all of our experts here.