Is security training for employees effective?

Security & GRCTraining & Certification
1.3k viewscircle icon6 Comments
Sort by:
Director of IT in Software4 years ago

This has been very effective for our organization, we do it for every new employee and annually for everyone.

Lightbulb on1
CTO in Education4 years ago

Depends very much on the training, the employee, and senior management buy in

Lightbulb on2
Senior Director, Defense Programs in Software4 years ago

Yes, but as with any good digital adoption training it needs to relevant, responsive, and personalized to the employees.

Lightbulb on2
Head of Enterprise & Solution Architecture4 years ago

An important part of security training is the practical test. The only company I worked with that did that was Salesforce. The red team would send fake emails to all the employees to see who would open them. And it was not to blame anyone; it was a part of the education and a great exercise. I’ll be honest, I fell for them at least once if not a couple times, which is a little scary because I think I'm pretty safe and I couldn't figure out whether it was a fake email or not.

There also are great tools—like Splunk, for example—that provide great monitoring over infrastructure. But then it becomes an issue of cost. Not many SMBs and startups can afford solutions like Splunk.

Founder and CIO4 years ago

Some of the tools that are out there—such as those for phishing—are probably pretty effective. Some of them occasionally send faux phishing messages to people to see how they react and then coach them according to how they respond. 

We used to have to do compliance training where I worked because it was a medical device company. It was like a chore, but in the end you felt a bit empowered to have done it. You felt like you knew a bit more about some of the business’s risk; the same thing happens through cybersecurity training.

Content you might like

In terms of ZeroTrust and organizations building out their environments in such a way that makes sense and minimizes risks. As a medium to large enterprise, are you satisfied with your progress to date? To riff a bit more on this topic , NIST 800-207 is a good read, it covers both greenfield and continuous improvement ZeroTrust scenarios. Similar to data compliance, I think most of us never experience greenfield.

Yes59%

No24%

Unsure10%

Too early to tell6%

View Results

Our organization is subject to data retention requirements over very long periods (50 years or more). Do your organizations face similar constraints? If so, what long-term retention strategy have you implemented for these regulated data, and what technologies or solutions do you use to ensure their durability and compliance?

Read More Comments

Are you considering a move to the Gartner SASE model?

Yes, going with a best of breed model - multi-vendor27%

Yes, going with a single vendor SASE model44%

Learning/Planning Phase9%

No.18%

View Results

Why do you think there are so few mature AI-driven autonomous pentesting solutions on the market, and why does this topic seem to generate more hype than in-depth technical discussion?

Read More Comments

We are considering a scanning solution for detecting Personal Information (PI) in our data assets, mainly AWS S3, DynamoDB, Salesforce, etc. We need the solution to detect PI, identify the type (e.g., infotype), and optionally map it to our own PI categories. We are currently considering BigID. Do you have experience with this tool or any other tools that can help us scan across different data platforms and technologies?

Read More Comments