Career Paper: Security Awareness Trainer

Posted by fgonz006 on

Generally speaking, a job in cybersecurity requires an interdisciplinary set of

technical abilities, intellectually challenging domains, and research-focused subject

disciplines. It is a job that is significant to securing the social and technological domains

of human life; security awareness trainers rely extensively on social science research

and ideas. Understanding human motivations, decision-making processes, and the

social engineering tactics used by attackers are critical for developing effective security

awareness initiative programs that are effective, influencing positive security behaviors

within an organization, and developing more effective security strategies that are more

user-friendly and benefit a diverse population because it affects everyone around us.

I am new to this field, and everything that I have gone through in the courses that

I have taken for Cybersecurity, all have similar paths. The field keeps evolving, but one

thing for sure is that social science research and social science principles are needed in

the execution of daily tasks. They use these factors to address individual behavior,

marginalized populations, and broader societal effects that keep changing.

As a security awareness trainer, you are required to be a subject matter expert

that will be able to create updated training for all personnel, be able to create and teach

about current cyberattacks and to be able to explain it in as simple as possible terms. I

have always been involved in training personnel, so it comes easy to me, because I

understand the social factor of the equation, you need to understand your audience to

be able to get through a well thought out training season. Not to mention other related

tasks that will be needed by whomever I end up working for.

Cybersecurity awareness training is an essential part of protecting an

organization’s information and systems from cyber threats, but it has to be done right,

and properly documented, one must keep all records to track all the changes and

trainees. As cyber-attacks become more complex and frequent, personnel must be

educated on how to recognize and respond to these dangers. This paper examines

ways for effective cybersecurity awareness training, with a focus on identifying typical

cyber hazards such as phishing, malware, and social engineering, as well as

implementing data protection best practices. which again falls into social sciences due

to the fact that you need to identify key components necessary, human components and

key strategies based on your audience that might be effective and be more vulnerable

than others.

As companies and individuals rely more as digital technologies advance and

evolve, the possibility of cyberattacks and data breaches increases on a daily basis,

training will always be required to be updated as well. Cybersecurity is necessary not

only to safeguard sensitive data and systems, but also to protect an organization’s

reputation which can bankrupt a company if broken, preserve customer trust, and

comply with local and government regulations.

By identifying your audience, you should be able to create a training plan that

can be successful, you might want to incorporate interactive learning for does that

learned better with visuals, live security drills to keep awareness and to keep them on

their toes, practice simulated attacks to see how they respond, and can even make it

fun for them, so they can retain the information better, because games can directly have

people more engage and be better prepare and be enhance their understanding of

cybersecurity.

Every group is different and requires a different approach, cybercriminals do not

discriminate, we are all equals that have something that can be taken, if we let them.

I know that by having interactive training makes for a better workplace, not only

that they are learning, they are engaging in practice and are building comradery within

themselves, straightening the companies security. It is imperative to build a more

conscious-security culture within the workplace, building from lessons learned and

personal involvements and consistent training, something that some companies lack.

My 27 years in the company I work for, only required compilations, so within the

office, we passed the answers to the annual cybersecurity training, we even completed

it for personnel not present. All the company and manager cared is that we all met the

deadline to be able to brief higher up that we were good on training. Going thru the

courses i have learned and value more what back in the day was just consider a simple

task with no importance, but as we move forward, and we learn more and more about

the risk of cyber threats, and on how devastating they can be to a person or company, it

need to be a more rigid way to make people understand the risk so that they can be

capable to report and mitigate the risk associated with cybersecurity threats.

In conclusion, any field related to cybersecurity like this one, relies heavily in the

social science research and social science principles because it involves people, at the

end of every key board, regardless of what they are doing there is a human person at

the end, this is an evolving field, and my believe is that it will never stop growing, there

will always be a new innovation, a new hack so they will always be something new to

learn. Understanding the human mind is the next frontier, to understand human

behaviors on the why of things. One thing for sure is that we will always be connected to

the web, so we need to understand the human connection to the love of technology.

References:

Khando, K., Gao, S., Islam, S. M., & Salman, A. (2021, April 16). Enhancing employees

information security awareness in private and public organisations: A systematic

literature review. Computers & Security.

https://www.sciencedirect.com/science/article/pii/S0167404821000912

Prümmer, J., Steen, T. V., & Berg, B. V. D. (2023, November 9). A systematic review of

current cybersecurity training methods. Computers & Security.

https://www.sciencedirect.com/science/article/pii/S0167404823004959

Ready, M., & Ok, E. (2024, January 13). (PDF) cyber security awareness

training:strategies for educating employees on Cyber Threats and Safe Practices.

https://www.researchgate.net/publication/388508669_Cyber_Security_Awareness_Train

ingStrategies_for_educating_employees_on_cyber_threats_and_safe_practices

Leave a Reply

Your email address will not be published. Required fields are marked *