June 29, 2020
June 29, 2020
Contributor: Taylor Lee
Many employees view security awareness training as boring and hard to understand, so finding the right talent with the right skills to lead your training program is critical.
With a week until the due date, only one-quarter of employees at a midsize accounting firm have completed the latest cybersecurity training module. This module on avoiding phishing scams at work is something every employee should want to know about and yet, like many security programs, this one is creating very little engagement. Why?
Many employees view security training as boring and hard to understand. Creative, fun or engaging are words rarely associated with security awareness training. The problem may not be the subject itself, but how it’s taught and aligned to employee objectives. Finding the right talent with the right skills to lead your training program is critical.
By 2022, 60% of large organizations will have a full-time equivalent (FTE) dedicated to security awareness.
But not all security experts are experts in employee education. Security professionals are traditionally thought of as technology-focused and not often associated with creativity, public speaking and persuasiveness — key abilities needed for learning program leaders.
So how do you hire the right people who will make security awareness training engaging and effective? Security and risk managers can follow these three steps:
Partner across the organization to improve security training and identify new talent. Don’t overlook one of your most important resources –– your wider organization network. Security leaders can find useful practices through collaboration with corporate teams that have run enterprise-wide training initiatives. They can also ask for one-on-one meetings with senior business leaders to discuss required talents and skills and who in the network might have them.
Hire security awareness talent with learning, development, marketing and communications skills. Using creativity to increase interest and the ability to condense complex material into easy-to-understand training are essential skills needed for successful security awareness leaders.
Consider talent with a strong learning and development background versus a security background. It’s possible to mentor that individual to be successful in a security awareness role. Look for people with expertise in training who understand adult learning styles and behavior modification techniques. Strong program management skills are also essential.
Write a security awareness manager job description that clearly defines the experience and attributes you require. Before you begin writing, clarify:
With these areas defined, you can then write a clear job description including the role and responsibilities, candidate criteria and education required.
When you hire security awareness leaders with the right skills who know how to present information in a thought-provoking and engaging manner, employees will learn faster and remember more. And that makes your organization’s security stronger.
Join your peers for the unveiling of the latest insights at Gartner conferences.
Recommended resources for Gartner clients*:
Gartner clients can read the full research report Hiring the Right Talent to Run Your Security Awareness Program by Sam Olyaei, et al.
*Note that some documents may not be available to all Gartner clients.