Peer-Driven Insights

Awareness & Training

Active Ambassadors in This Topic

Melinda Lemke

Melinda Lemke

King Spalding

Services (non-Government), 1k - 5k

United States
J

John Tziortzis

Centennial College

Education, 1k - 5k

CA
Bianca Wirth

Bianca Wirth

TBC

Government, 10k+

AU
View All Community Ambassadors

Community Posts

How do you ensure accessibility standards are being met in your digital products/services?

Read More Comments

Have you ever personally conducted workshops/activities for security awareness training with your own board members? What was most effective? What would you do differently today?

Read More Comments

CISOs, which cybersecurity certification do you feel is most important for a security professional on your team to obtain?

Certified in Risk and Information Systems Control (CRISC)10%

Certified Information Security Manager (CISM)50%

Certified Information Systems Security Professional (CISSP)31%

Something else2%

None of these4%

View Results

How can you use peer pressure to enforce secure behavior? Have you ever tried/observed successful examples of this or similar tactics?

Read More Comments

How would you handle individuals who just can't stop clicking repeatedly on phishing emails?  Do you do corrective training and/or implement technical solutions (e.g. defanging) and at what point do you get 'punitive'? At what point would you dismiss the employee for lack of 'cyber competence'? 

Read More Comments

What do you use for your annual employee security training?

A training purchased from a vendor39%

Freely available open-source training material42%

A training created by your company17%

View Results

What’s your personal opinion on phishing tests — should cyber professionals rethink this as a method for security awareness training, or is it a necessary practice?

Read More Comments

If your organization evaluates security practices as part of IT/engineering employees’ performance review, how do you measure that? Can you share any best practices or tips on how to approach this?

Read More Comments

Do your IT helpdesk staff receive more frequent training on social engineering attacks compared to other employees?

Yes72%

No27%

Do you think rewarding or recognizing individuals for secure behavior is an effective strategy? How is this tactic applied at your organization?

Read More Comments

What tips can you offer leaders who are looking to incorporate gamification into security awareness training? Is there a simple way to do this internally or is it typically best to seek out a third party service provider?

Read More Comments

What are the benchmark completion rates for risk management training (e.g., personal info protection, fraud prevention, emergency measures, business continuity)? In cybersecurity, we target 100% and see 98%+ industry-wide. What about these other areas?

How have you approached integrating humor or storytelling into security awareness materials? What do you consider the biggest do’s and don’ts?

Read More Comments

How can you build a brand for the security function that helps to reinforce secure behavior across the business?

Read More Comments

What advice can you offer security leaders currently trying to win executive support to create a secure behavior and culture program? How should they frame the business case for an SBCP?

Read More Comments

Do you have processes for gathering feedback on security awareness training? How can leaders create effective feedback loops to identify and make improvements when needed?

Read More Comments