Training and Testing

00:06

Hello, everyone. And welcome back to CyberRays and user Physical Security. Course

00:11

I'm your instructor. Corey holds er, and this is less in 4.3 training and testing.

00:20

I have three learning objectives for this lesson, and they are as follows. First, we're gonna discuss the importance of training.

00:27

Then we're going to talk about how a company contest a plan.

00:32

And finally, we're gonna discuss a little bit how toe update plans based on experience.

00:41

Now, one of the main reasons we train is the concept of knowing versus understanding.

00:47

Knowing is not understanding. There is a great difference between knowing and understanding.

00:54

You can know a lot about something and not really understand it.

00:58

The goal of training, therefore, is actually to understand something.

01:03

I can look at a series of 10 steps and I can repeat those 10 steps. But if I don't understand why each of those steps is important and why they need to be done in the order they're in,

01:15

I'm not going to really appreciate

01:19

what it is I'm doing. And it's actually ah, higher probability that I'm gonna make a mistake. So it's important is end users to understand why certain processes were in place and understand what they really do and what they mean.

01:34

And we get that knowledge and that understanding

01:38

from training.

01:41

We have policies and plans for particular events, but that's not enough. They can sit on the shelf and gather dust. But then

01:49

when the time comes, if I need to do that action or even knowing that, that is the response I need to do in the event of, let's say, a disaster like we talked about in the last lesson,

02:04

if I don't know that there is a plan in place of how to respond. In the case of a fired A fire within the server room,

02:14

for example,

02:15

I'm not even open that book. I probably just gonna run out of the building because there's a fire. That's but I have now failed to do something that's expected of me. So training

02:25

starts with, We start with reading. We understand. We read what the plan is that we become familiar with it. With training, we develop that understanding like I was I was talking about in the last slide

02:37

and even more important than that, with understanding comes adaptability,

02:42

adaptability, just me basically is is just that you can you can let's they have a plan in place to respond to fires.

02:52

Let's say

02:54

in an event it may not. Maybe it's it's an electrical fire versus a, um,

03:00

a man made started one. Let's say it in a garbage can somewhere,

03:06

you have to fight different fires different ways because the chemicals that need to be used to actually put them out or even the fire suppression systems in a server room are different from, ah, common work area. So that kind of

03:21

I'm just truly understanding the plant means that you can adapt when factors aren't exactly as they were

03:27

in the training.

03:30

As General George Patton once said, You fight like you train, so if you take your training seriously

03:37

when it comes time to actually apply the training, you will take it. Justice seriously, because it's important to you, is important enough to train in it. It's important enough

03:47

to actually do it when the time actually calls for.

03:53

So how best to practice

03:57

or test training?

04:00

Well,

04:00

one of the common methods that I've seen employed a lot and actually works very well is what is known as the crawl walk run

04:09

approach to training

04:12

Cruel.

04:13

I know I have my and my little icons there, which is taking it very simply, Let's be do the very basic. We're not expecting everything to be perfect. Maybe we're even reading from the manual as we do this

04:28

and we just walked through, discussed through what we would do in the event, Let's say, off a fire in the building. Let's let's use that is the example

04:38

the crawl phase might be to have

04:41

everyone within a department there. And

04:45

if it's Joe's responsibility, Teoh grab the thing to do to fire marshal responsibilities. He's going to be the one who says I get up. I remind everyone Teoh, grab their I DS.

05:00

Leave their personal belongings and exit the exit the department area I make. I then make sure that all of the work spaces air cleared. I leave the door and I pulled the court door closed behind me.

05:14

Maybe Jim, another employees in the department says I grabbed ASAT the department sign, and it's just because this is

05:23

in a few places I've worked that will actually have a sign so that where you have a rally point

05:28

a place where you will meet up afterwards where they could get accountability. Maybe that's Jim's responsibility, says I. Hold up this. I carry the sign out with me and I hold it up as I walked to the rally points of people know where they have to be.

05:40

And then Lucy says, I take accountability of everybody. It's not actually doing these things, but it's talking through what would be done and what the proper procedure is.

05:51

Then

05:54

we go to the walk face. This is where

05:57

maybe the department has a fire, fire, fire, someone yells. And then they go through the process of exiting the the room, closing the door, doing well their responsibilities and then rallying up and getting accountability. Ever everyone.

06:13

And then the less would be the run face the run phase of training that's actually like, Okay,

06:18

Security manager is gonna pull the fire alarm and we're gonna act like there's really fire and we're gonna exit the building.

06:25

And I've seen some, some again to create that adaptability.

06:30

Sometimes a company will say these fire this this stairwell is blocked and they so that people have to now figure out how to reroute themselves through another stairwell to get out of the building and get proper accountability. And this isn't t confuse anybody. It's not to trip anybody up, but again, it's to develop that understanding and that appreciation

06:48

for what the plan is,

06:50

so that

06:53

please, I hope it never happens. But if it does happen, people will be able to adapt to the situations of, Ah, Fire and one stairwell. So instead of going down stairwell A, they'll go down stairwell B and they could get out of the building safe and sound without any loss of life.

07:10

Now, another thing that we do when it comes to training, it's It's only so good that we do the training.

07:15

We actually have to

07:17

test people on it. Now. I'm not talking about a written test like like a little, uh, like the illustration I haven't and on the right hand side, but ultimately,

07:29

what the policy is, how to actually execute it. We actually grade the people on it, and this could be key personnel watching over one shoulder as they walk through what they would do in the event.

07:43

Maybe not a fire, but let's say, um,

07:46

there's a power loss in the building, and we have their steps to be taken to restore power and get the server room up and running as an example.

07:56

Well, the I T department would have set procedures and everyone has their role and they would have gone through the wall, curl up, crawl, walk run phases of it. Now they're gonna actually apply it, and you have someone there who's evaluating them. Well, Jim Jim forgot to call down Teoh Coal Con

08:16

to call the

08:16

Cities Electrical Company to make sure the backup circuits were turned on. Or Sally forgot to forgot that she needed to turn on the generator

08:30

that's located in the building that provides power to the server room. Whatever it is, you could do any example. But it's not, too.

08:39

It's not, too to penalize anybody, but it's to have people understand how well they're performing the tasks. It also tells your leadership

08:48

how well you've done things, so when they can have count confidence that that the right things will be done when needed. But also

08:56

maybe it's that they have to re emphasize training. If if let's, let's say,

09:01

uh, the expectation of the goal is to get everyone out of a building in a fire in under five minutes. But it takes everybody constantly 10 or 12 minutes when they're being tested. Well, then we need to run more fire drills. We need to make sure every department knows what their planets. We need to make sure we clearly designate,

09:20

um, if people are going to the wrong rally points around the building,

09:24

well, then

09:26

we may. We need to walk. Maybe we need to have, ah, one hour class the teacher, the departments to reiterate and reinforce Why that training is important.

09:37

One thing to the businesses conduce Oh, and this is this is, um

09:41

I've actually gotten the chance to help out at the state level with this, um

09:48

is actually using third party individuals,

09:50

people who have pretty much no steak or ownership and what goes on but who can honestly and objectively evaluate and assess as well as have the expertise to test the individuals involved in this. And,

10:05

uh, when it

10:07

at one time, I was I When I was a student, I was helping out

10:15

the state of Indiana. When I was at Purdue, they were doing a an exercise with a lot of the individual

10:24

utility companies around the state who will be providing power in the case of some kind of disaster. Oh, have to restore power, I should say. And, um,

10:35

I was there taking notes as they were talking through and doing their tabletop exercise, explaining the kinds of challenges they see and how they best respond. And I was just observing them and I was recording, and I would make annotation saying this. This plan doesn't work. Every company might want to institute the plans that

10:54

ABC Electrical suggested that they do with their with their customers because it will mean

10:58

faster,

11:01

faster restoration of power,

11:03

etcetera. And that's that's the advantage that 1/3 party can bring to this because they really have no stake in the game other than evaluating

11:13

what the training that's going on. And the other thing, too, is they can bring a very different perspective to it.

11:22

Sometimes through analogy, through experience, they might cease. See something that none of the people who do these things regularly will see because they've got that they've got tunnel vision or they're so focused on. This is the way we've always done it. This is the way we're going to do it.

11:37

And that third party and my pain would be could make a suggestion, saying, instead of doing it,

11:43

ABC is your steps do steps 123 1st and that will ensure

11:50

that that would improve efficiency of of the training or how you restore the power when the

12:00

when you lose it, for example,

12:03

and a very important part of training is, it gives us the opportunity to look at the plan,

12:11

hopefully, objectively

12:13

and see where where things have changed about Flynn. Maybe it's maybe there were flaws in the process. May be, You know, when we talked through it, it sounded like a good idea. Sounded like would work really well. But we forgot

12:28

certain, um,

12:30

circumstances. Certain contingencies weren't accounted for,

12:33

uh, new unknown variables. Maybe there's changing technology.

12:39

It used to be here as an example. There always used to be the

12:46

certain kinds of fire suppression systems used in buildings. Well, when companies start to realize that water suppression systems weren't effective enough, they included chemicals in them. Then there was a consideration off. Well, if we use chemicals and water That's bad for computers.

13:03

What different fire suppression systems can we use

13:07

so that we don't

13:09

guarantee the loss of all of our equipment?

13:11

And those things changed over time because,

13:15

you know, one point they didn't have the computers. Now, you know, Then they had to start account for these new new assets within the company.

13:22

And then it's also the chance to identify where you have missing or failing equipment to do that should be there to produce a certain result.

13:35

So let's do a check on learning

13:39

we trained. Uh,

13:41

excuse me.

13:43

I will read the question. The answer is I will give you some time to think about it. Then I will explain whether right answers right in the wrong answers were wrong.

13:50

We trained how to respond an adverse event for all of following, except

13:54

to gain an understanding of what is expected of us

13:58

as a way to impress the boss

14:01

to improve our response time

14:03

or to ensure minimal disruption resulting from the event

14:22

on the

14:24

the right answer is

14:28

okay,

14:30

So obviously this is not about impressing the boss. It is about showing the boss that

14:35

people are properly training ready to respond in the case in address event. But it's certainly not to impress him. It's about understood. It is about understanding what is expected of us and understanding what the process is. It's about improving our response time so that quicker, quicker reactions save lives

14:56

and

14:56

reduce the amount of harm than event may cause.

15:01

And it also ensures that a minimal disruption will take place before we're back up performing it, even if it's at a reduced state still performing the business to some level until we can fully get back to 100% operability.

15:18

So in this lesson we covered three areas. First, we talked about the importance of training.

15:24

I showed you how company contest its plan

15:28

and also how to update the plan based on experience.