Remember, a training program goes a lot deeper than a security training plan. For a program like this to be successful, you'll need to put a bunch of stuff in place:

• Project statement of work: Any large-scale project should start with a charter that defines what’s to be achieved and who’s responsible for its success. 

• Security training plan: This is where you define the training, its purpose, its methods, and every other aspect of the training itself. This can be broken down into smaller parts, such as:

  • Phishing awareness guide
  • Social engineering awareness guide
  • Approved use guide
  • Password policy guide
  • App and devices policy guide

• PowerPoint or slide deck: Use a presentation to get leadership and key stakeholders on board.

• Metrics matrix: An interactive tool with various ways to measure security culture, specific security behaviors, and the actual impact of your program.

• Security awareness maturity model: A stage-by-stage framework to plan, develop, and communicate the program’s progress to others.

This section is necessary for your security awareness training plan:

• Vulnerability and risk assessment: Understand your organization's vulnerabilities and the risks you face. 

• Program development: Develop an awareness program in response to those specific threats. If your people don’t know what to look for, nothing else really matters. 

By now, you see the limitations of a security awareness training strategy. It’s just words and ideas. But how do you actually do all that? Here’s how to put it into action:

Identify priorities and risks

Base the security training plan on your workforce’s risk and threat model. This means looking at the unique challenges your organization faces, as well as the threats shared in common with the competition. 

Set a timeline and milestones

Create a training calendar that outlines key milestones. This will allow you to track progress and give clear insight to the higher-ups into the time and effort needed at each step. 

Select content and vendors

Take care with this part, since it can make or break a project. Compare your existing internal capabilities and the cost of developing them further to bringing in external training partners. Will you be doing this often enough that building internal capacity has a higher ROI than bringing in the experts?

Assign roles

Clarify who’s in charge of rollout, tracking, and updates. Figure out who the project's key stakeholders are, and try to get them involved in delivering parts of the project. Make sure there is no ambiguity about who is supposed to be doing what. 

Communicate the plan

Build internal awareness to increase engagement and accountability. Everyone needs to see it, not just the people you've assigned tasks to. Nothing counters the dreaded "I had no idea that was my responsibility. You never told me," better than telling everyone, everything on the record. 

Learner engagement is key to your program’s success.  One of the best ways to achieve this is through competitions, rewards for demonstrating correct behaviour and culture, and anything else that makes learning exciting. 

The simple fact is that most people will not engage purely for “company spirit.”  But they will engage quite a bit more often if a reward is on the table.  Rewards could include leaderboards, gift cards, swag, and or other tangible things.

Huntress SAT is fast and easy to deploy. Our platform helps organizations of all sizes launch fully featured training programs with minimal lift and no need to create any training from scratch. Try it for free to see what we can do for you.