If you are responsible for or are involved in a security awareness program, you may be required at some point to do awareness presentations to employees. Specifically to communicate in person a variety of awareness topics to staff, contractors and end users of your organization. I just spent a week doing this for one organization, traveling all over a country and leading workshops for their different offices. Events like these are always a great experience and I wanted to share some lessons learned.
- Quizzes: A great way to create an interactive presentation that keeps peoples' attention is to have quizzes. Ask the audience questions and if they get the answer correct hand out a prize, such as a corporate pen with your organization's logo. One thing we tried differently is instead of having all the quiz questions at the end of the presentation, we had a question after every 5-10 minutes. This really helped break the presentation up and keep peoples' attention.
- Videos: Within the presentation we had several videos. The videos helped demonstrate or go into more detail on awareness topics. For example, at one point we explain to the audience what rogue anti-virus is and what to look for. We then showed a demo of a victim walking through an actual rogue anti-virus attack. Not only did the additional information help, but once again this helped break the presentation up. Jumping from one medium (human presenter) to another medium (videos) kept the audience engaged and the training more fun. This is something I plan on trying more of.
- Attendance: A challenge with onsite presentations is attendance, getting everyone to attend. No matter how much you market your awareness events, not everyone will be able to attend. One idea is to hold multiple sessions throughout the day, this way employees can attend whichever event best fits their schedule. However, even with a flexible schedule you will have people missing. One idea is to record your presentation, or record a separate voiceover of the material. This way you can put the recorded media on your internal website for everyone to download.