Dr. Stern on Security Training That Actually Changes Behavior

Most security awareness training (SAT) is just a "check-the-box" exercise for compliance, not a way to actually change behavior. In this short video, adult-learning expert Dr. Joshua Stern breaks down why that "once-a-year, click-through" approach rarely sticks. And what it actually takes to build safer habits in the workplace.

Drawing on research-backed best practices, Dr. Stern explains how real-world psychology—like urgency, authority, and even the fear of looking silly—can nudge good employees into making risky choices. He shares why effective SAT needs to be relevant and engaging, focusing on real-world application rather than just memorization.

The goal is to minimize human error by improving detection skills, while building a positive security culture where people feel safe raising their hand, asking questions, and speaking up when something looks off.

Check out the video to hear Dr. Stern’s take. Then, dive into his full report to see what "doing SAT right" looks like in practice.

Most SAT programs that I've come across fall short in terms of creating lasting change. A lot of these trainings are put together with compliance in mind and really nothing more than that. They're trying to check a box and deliver information and maybe raise awareness, but they're not thinking about how to change behavior or do it in any lasting way. I'm Doctor. Joshua Stern, and my area of expertise is adult learning. I've dedicated my career to helping companies, helping universities create learning experiences and designing them with adult learners in mind. So why is security awareness training so important? If you run a company, you want to educate your employees about security risks and ideally change their behavior to safer behaviors. Something like sixty percent of breaches are due to human error. It just takes one employee to click on an innocent looking email that's actually a cyber threat and you're in trouble. And so this idea that humans are the softest targets in any organization stuck with me. The traditional model once a year training, it just really isn't enough. When I started reviewing Huntress' training, I was immediately impressed with the way that they were aligning with what I know is best practice for adult learners. What stood out to me was that their lessons were story driven, case based, and fun. They were also short form and animated. Another thing that stood out to me was the interactivity. There was real world relevant actual cybersecurity threats. I believe it will lead to significant behavioral change in terms of improving employees' detection skills and also their willingness to report incidents. Overall, everything that Huntress is doing, I think, will lead to lowering of human driven risk. And that is the goal of SAT. If you want to learn more about these adult learning best practices, please refer to the report that I wrote, which really explains in more detail what adult learning is, why it's so important, and how Huntress is doing it right.

Dr. Joshua Stern, Ph.D

Dr. Stern on Security Training That Actually Changes Behavior

See Huntress in action