The Trifecta of Building a Cyber Security Awareness Program

Share and earn Cybytes
Facebook Twitter LinkedIn Email

The Trifecta of Building a Cyber Security Awareness Program

When it comes to explaining the technical parts of cyber security, these discussions come pretty naturally to most of us. It is the soft skills that we’re seeing that need change and these are often missed entirely. SANS’s 2016 Security Awareness Report states that “over 80% of security awareness professionals have a background in either information security or information technology with less than 15% having any experience in soft skills such as training, selling, or relaying executive messaging.” While the technical part of awareness comes naturally, the softer side of behavior change does not. This is one of the primary reasons there is a constant battle in building comprehensive outreach programs.

Let’s described the primary point of a good cyber security awareness program — what you should focus on and what makes this program effective or successful. After analyzing well-known statistics of awareness program outcomes and working with hundreds of different security awareness leaders in our careers, it’s clear that we need to place a greater emphasis on how to changing our behaviors. These include how to run a security awareness program and how to make infrastructure and best practice wisdom sink in.


The soft skills required to change behavior and deliver key messages are critical to the success of an bottom down program, starting with gaining executive-level support all the way to low level team members doing the heavy lifting. To help our industry address this, we put together three components to help make your security awareness program successful.


  • Dialogue amongst team members


Ultimately, awareness is about an active and healthy dialogue. First, we need to engage our team and explain why they should care about the organization’s cybersecurity posture. With this, we need to communicate that we need from them “in layman’s terms” but also listen to their responses and feedback. Numerous awareness professionals have been overtaking with the curse of knowledge but lack of execution — this happens when experts know something so well that they’re terrible at communicating to others that do not.


What to do: Fight the “curse of knowledge” at every turn and set aside a percentage of time to improve your communication strategy. Effective communication is not what you say or how well you understand it, but how well the other party hears, understands and remembers the message.



  • Working together


Cyber Security awareness touches everyone in the organization, so what you say to different stakeholders along with what you say is key to gaining their support and buy-in. More importantly, establishing a sound program requires a vast number of different skillsets that demands the coordination of different departments. For that reason, you’ll need the ability to identify various individuals and departments throughout your organization that our good targets to build healthy bridges and connections with. The more people you lobby for, the greater your chance for success in the roll out of your program.

What to do: Create an advisory board made up of people or stakeholders from various departments who can help you build, maintain, and measure your awareness program from it’s inception. Explore launching an ambassador program (volunteers to who help promote cybersecurity) or recognition awards for those that are most engaged.



  • Lifestyle aka Approach


Lifestyle is going beyond just behavior and includes the perceptions, attitudes, and beliefs people have towards cybersecurity. Lifestyle and the process of incorporating emotion and empathy can sometimes be a challenge for technical people or engineers to master. Your lifestyle or approach plays a crucial role in how you dialogue and work as a team within your organization. Studies say it takes 66 days to change bad habits and without teamwork and support, it’s a daunting task.

Outgoing lifestyles or personalities such as those found in high technology companies often prefer humorous content they can watch and consume on or at their convenience, while traditional lifestyles such as insurance, finance, and government often prefer more subdued or “professional” content. When drafting your material, make sure you understand the people that will read and digest your content.

What to do: Study your lifestyle or approach to understand the organizational values and beliefs that will inform teams of your cyber security awareness program planning. Talk to people in your HR department; they often have the best understanding of your organization’s culture and how to connect to individuals, departments and other organizational politics.

Ultimately, your organization needs to leverage both technical and soft, human-centered skills to create a mature cyber security awareness program.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About CyberSponse, Inc.
CyberSponse Incorporated, a global leader in cyber security automation & orchestration, helps accelerate an organization’s processes, security operations teams and incident responders. The CyberSponse platform enables organizations to seamlessly integrate, automate and playbook their security tool stack, enabling better, faster and more effective security operations. With a global presence, offering an enterprise platform, Cybersponse enables organizations to secure their security operations teams and environments.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?