Effective Cybersecurity Compliance Training for a Vendor-Neutral Certification Body

A vendor-neutral cybersecurity certification body providing emerging technology certifications for business, data, developer, IT, and security professionals. It partners with small and large organizations to provide certifications and micro-credentials. Their successful certification candidates come from representative organizations and universities spanning over fifty countries. 

‍

Traditional compliance training faces the risk of disengagement, leading to non compliance, causing both financial and reputational damage to an organization. 

Additionally, our client wanted to address these issues: 

• The existing instructor-led training was not adequate in covering all aspects of social engineering.
• The human element of security was neglected and not given its proper due. 
• Awareness of social engineering tactics and an exposure of key vulnerabilities through training was missing.

It was deemed necessary to make the training less about compliance and more about relevance, without taking away the core purpose of the training.

‍

ELB Learning quickly realized that the business goal was to narrow the widening skills gap between the human grasp of emerging and diverse cyber-related crimes and the ways to deal with them. Leading through examples and situations that would lend more meaning to the learners in their day-to-day work was identified as the way forward. 

Based on the requirements and the source content provided by the client, ELB Learning created cybersecurity content as an interactive eLearning course with three modules:

• Identifying the Need for Security
• Securing Devices
• Using the Internet Securely

Learners were guided through the following sections in each module:

‍Discover: Primes the learner and provides a rationale for the importance of the learning that follows. 

‍Activate: Simple scenarios are presented in comic-strip style, where learners need to make decisions that will determine subsequent consequences. 

Learn: The core content of the course was chunked into logical segments and multi-modal learning, using video nuggets, was leveraged to improve retention. 

Consolidate: An interactive recap process brings all the concepts together for key takeaways or guidelines.

Evaluate: There are two levels of assessments: topic-level knowledge checks that provide remedial feedback and a final, graded course-level assessment.

‍

Increased awareness: the number of reported incidents increased while the number of interventions decreased by 30%. 

This demonstrated an increase in awareness of how to avoid attempts such as social engineering within the end-user community, enabling cybersecurity professionals to address the highest risk items and focus on prevention and detection.

The ROI for small partner organizations showed an upward trend ranging from 40% to 60%, while larger partner organizations showed an even bigger percentage of 60% to 75% ROI.

‍