Two puzzle pieces fitting together with glowing light behind them
What is likely missing from your security awareness training program?

Security awareness training programs – most organizations have them.

The trouble is that a large percentage of security awareness programs are not effective. Here are some of the specific problems that I keep hearing about from business leaders and front-line staff all over the world, as they describe their security awareness training programs:

The list of complaints goes on, and on, and on….

Meanwhile, many security teams try and stuff as much detailed technology content as possible into their awareness programs – not realizing that quality is much more important than quantity when it comes to security awareness training. These flawed programs will not change behaviors or enhance the security culture. In fact, some programs even cause animosity towards security staff and treat security awareness training as a punishment, rather than equipping staff to be security ambassadors.

But what if you could actually offer engaging, interactive security awareness training that was helpful, intriguing and even fun for staff – while still ensuring compliance with laws, policies and standards?

What if you actually had the majority of staff say “thank you,” after taking the lessons?

What if your employees saw the benefits to their personal and professional lives, and even gained insights for their families and 7x24x365 lifestyles in areas ranging from phishing to social media to global travel?

Security Mentor Experience

I first discovered this Security Mentor difference in 2011 when I was Michigan’s Chief Security Officer. We had a “death-by powerpoint” awareness approach that yielded 11 audit findings with only about 3,000 out of 50,000 staff taking the enterprise security awareness training in 2010.

So my team searched the world, talked to top companies, issued a request for proposal (RFP), looked at a dozen products, watched four live demos – and finally picked Security Mentor in 2012.

Why? Because the interactive lessons were appealing, engaging, interactive and even fun. That’s right, Security Mentor pioneered a new concept using the latest best practices from online training studies. Another big difference was the “brief, frequent and focused” content that was offered monthly (or in some cases every other month) to keep security top of the mind.

But the best was yet to come for us.

After we rolled-out the training enterprise-wide, I was pleasantly surprised by the overwhelmingly positive feedback. Everyone loved it – and openly told us so. In fact, the training improved the relationship between the security team and business areas.

Even agency directors who were usually critical of our IT department actually came over and thanked us for the “great new concept in training.” One business director actually told me it was the best things the IT department ever did.

We went on to win the National Association of State CIOs (NASCIO) award for the top cybersecurity project in the nation in 2013, largely for the Security Mentor difference and our new Michigan Cyber Range. Staff left hundreds of comments and they were amazingly positive. In 2014, the National Governor’s Association called this gamified approach to security training a best practice nationally.

To some, hearing “thank you” may seem far-fetched, but these are just a few of the many ways that Security Mentor’s training programs rises above rest of the security awareness training market.

Closing Thoughts

Fast-forward five years, and Security Mentor offers much more content, and more services (like PhishDefense), in more browser formats (like HTML5) with more great case studies in different public and private settings.

But perhaps most important, front line staff continue to love our training.

Meanwhile, management sees how Security Mentor creates a positive security culture that reduces risk by enabling employees to be the front line of defense.