2 hours 23 minutes
Hi, My name's Steve Dance. I'm a member of the British Computer Society on Managing partner of Risk Centric, a risk of resilience advisory firm. I think of myself as being a bit of a hybrid in the I T industry. My focus is understanding the potential of technologies
on how to implement change and leverage benefit from them.
This interest let me to research and write my first book in PRA preneurs, which looked at how organizations created a culture that actively encourages and facilitates finding ways to exploit information technologies
to achieve change and gain strategic advantage from them.
This background in what creates and sustains such a culture on my firm's focus on risk of resilience management encouraged us to look at the way end user awareness training is delivered on how it could be enhanced to significantly improve cybersecurity knowledge, retain tension
and embed cybersecurity competence within the organization.
The major challenge in any education program, particularly when our objective is to introduce changes in working practice, is making the change permanent.
It's one thing to run some classroom or a learning courses, but keeping that change and in the case of cyber security awareness, maintaining a consistent level of vigilance
Permanent levels of vigilance and awareness are created by more than periodic attendance. Of course, is
formal education initiatives need to be augmented by continuous development reinforcement on potentially new norms of behavior. This course is about showing you techniques that you can use within your existing security education content,
so that it facilitates a consistent and permanent level of cyber security vigilance
on threat recognition capability throughout your organization.
At the core of this approach to security education is the integration of experiential learning techniques into security awareness program content.
Providing participants with new ways to learn
experiential learning is an educational approach that significantly enhances the learning process by allowing participants to learn by seeing and doing, rather than just passively hearing I'm watching or being subjected to covert simulated fishing exercises
when applied to security education.
Experiential learning encourages uses to gain threat recognition skills by seeing doing on receiving supportive feedback, developing the skills of end uses by coating them to the required level of proficiency.
Experiential learning is a large topic and can't really be covered in its entirety during this course.
For those of you who want to do a deep dive into the topic, I'll be providing some further reading links at the end of this course.
However, the material you will cover on this course will show you all you'll need to know to apply these concepts to the specific area of cyber security awareness on develop a framework for content delivery and knowledge reinforcement throughout your organization.
I've outlined the course objectives above. We're going to start with some basic techniques that create affinity on DME elements with the participants in your security education program. This is fairly straightforward basic stuff that we call building the Bridge of Relevance with your audience.
At this stage will be discussing and showing some techniques that can be used to convince participants
why they should be given attain engine to this content on how it will help or benefit them in the future. Well, then, focus on creating a superior learning experience by creating visual experiences of the manifestation of cyber threats.
Well, then move on to more immersive experiential learning techniques
that will develop the threat recognition skills of your colleagues by using techniques that incorporate interactive coaching and feedback.
Our final two objectives are focused on creating a program of sustaining knowledge at the required level on achieving that all important behavior change.
Of course, that's the course learning objectives. But the real objective for you, the cyber security specialist, is that once you have met these learning of the objectives within your cyber security education content,
you can then apply them to achieve your organization's risk management objectives.
And for me, that's the overall objective of any security education program building an end user threat recognition capability on establishing and keeping this capability at the required level.
So it's not just delivering content to an audience on then to tick a box to say, Yep, we train them. It's more about establishing an ongoing process of skills development within the end. User community said that they can recognize cyber threats when they encounter them on adopt the correct response.
I'm going to run through briefly the required knowledge and skills that you will need to get the best out of this course. First, you'll need to understand the scope and content off end user awareness training.
In other words, the topics and content covered by a typical training calls on this subject because this course is not about content for security education.
It's about introducing experiential learning techniques into existing content on showing you how these techniques can enhance the learning experience on how to create an ongoing process of education that facilitates continuous learning on builds threat recognition capability within your organization.
If you don't have access to relearning authoring tools and systems, you're going to date a good grasp of power Point in particular, you'll need to understand animations, animation sequences and triggers so that you can create the more advanced coaching on feedback capabilities that will be seeing later on
the final. Pre requisite is an open mind because you're going to be seeing some radical departures from the way many education programs are delivered within organizations.
Okay, just a quick run through now off the structure of this course. It consists of a video, the one you're commonly looking at and also some supplementary materials, the video content instructed into modules. In this course, there are two modules, one dealing primarily with content delivery,
the second focusing on reinforcement technique
ex. Each module contains several lessons consisting of one or more topics.
There are also some supplementary materials associated with this course that you may find useful. There was some Web based examples of the coaching and feedback material that will be focusing on in Module two.
These will enable you to test drive the examples shown in the video of that module. There was some links to additional resources on experiential learning. If you want to delve a little deeper into the concept,
there's also a transcript of each video with copies of each slide. If you prefer to read through the material or would like some reference material toe hand when you've completed the course on, of course, feel free to contact me by my side pre instructor profile page
In this introductory module, we have introduced the course learning objectives on dhe. Perhaps more importantly, the objective that you can achieve when you have met the course learning objectives. That overarching objective, as you might remember, is to develop and continuously improve the threat recognition capability of your colleagues.
In the next video, we start our first steps in applying experiential learning by looking at the basics of content delivery, looking at some techniques to making it relevant and memorable for the participants in your security education program,