The dedication to your task is commendable 👏. This is becoming rare day by day.
Comment on Study concludes cybersecurity training doesn’t work
shalafi@lemmy.world 1 day ago
Perhaps because corporate security training is boring as hell?
I worked up a training class over the course of a year. Ridiculous to take so long, but I wanted to nail it. I figured there were three key things.
-
The things I talked about had to be relevant to the employees. I pared the stories down to items they could actually encounter. This is how an attack can affect you, how it can affect us.
-
Anything I wanted to talk about had to come with actionable prevention techniques. Here’s the problem, here’s what you can do about it. They had to feel empowered, not helpless.
-
The class had to be entertaining and interesting, start to finish, no fumble fucking around. I rehearsed that entire year until I could do it in my sleep. Plenty of humor threaded throughout the talk.
Nervous as hell when the day finally came. I have no problem speaking to a group, love it in fact. But talking cybersecurity to non-technical people is about as boring as it gets. Business owners bought everyone lunch and we met in the conference room.
Timed it to run for 40 minutes, left space at the end for questions. Talk about a resounding success! Everyone in the room was engaged and had questions, some even staying beyond the allotted hour. Fuck me, I actually got applause! (Yes, and everyone clapped. Really.)
Phishing tests went from 25% failure to 4% failure overnight. I left a USB drive on the floor by the printer. No one touched it for three days, and then only to place it on the table.
driftWood@infosec.pub 9 hours ago
Jumi@lemmy.world 1 day ago
A good teacher builds their lessons around their pupils.
shalafi@lemmy.world 9 hours ago
This was before I watched Paul Harrell (RIP) on YouTube. Gun content, take that as you will. But the man was a masterclass in how to present information.
Tell 'em what you’re going to tell 'em. Tell ‘em. Tell’ em what you just told them.
Never once talked down to anyone, except for “so called experts”. Never assumed the audience knew specific things. Always showed examples and tests, with controls. Always spelled out any inexact differences in testing, no matter how small. Sprinkled in some dry humor, often unexpectedly. Anyone who teaches could learn from the man.
Jayb151@lemmy.world 9 hours ago
Hell ya. I’m glad you feel really proud about that. I’ve lead so many garbage trainings, it makes the great ones really stand out!
shalafi@lemmy.world 9 hours ago
Thank you! I AM proud! It’s one of the finest things I’ve accomplished in the corporate world, and actually useful.