skills Archives - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :


Just 12% of IT infrastructure & operations leaders exceed performance expectations

960 640 Stuart O'Brien
Only 12% of infrastructure and operations (I&O) leaders rate their function’s performance as exceeding CIO expectations in the face of continued economic headwinds.

“I&O leaders must support senior leadership by proactively contributing to their organization’s ability to navigate economic uncertainty,” said Cameron Haight, VP Analyst at Gartner. “Their destinies are interlinked, as a failure by the business to execute the proper strategy will have repercussions across the organization.”

The Gartner survey was conducted from April through July 2023 among 122 I&O leaders from enterprises in North America, EMEA and Asia/Pacific whose growth was impacted by external threats in 2022 and 2023.

I&O leaders cited cybersecurity risks as the most frequent threat impacting enterprise growth this year. Supply chain disruptions and talent and skills shortages are listed as the second- and third-most-important external threats deemed to impact growth, closely followed by inflationary pressures (see Fig. 1).

Figure 1. I&O Leaders’ Top External Threats Impacting Enterprise Growth

Source: Gartner (December 2023)

While seeking to combat many of these threats, I&O leaders are also being asked to meet organizational expectations with funding that only keeps pace with inflation at best. In 2023, 41% of I&O leaders’ budgets increased but stayed steady relative to inflation, while 37% of budgets were either cut or stayed steady but declined in real terms due to inflation. Just 27% of I&O leaders’ budgets increased and grew relative to inflation.

“While it remains to be seen what 2024 budgets will look like, the lack of real funding growth observed to date could cause projects to be deferred into next year, causing a cascading appropriations challenge,” said Haight. “Given this scenario, I&O leaders must work smarter to achieve business outcomes with fewer resources.”

Top Actions for I&O Leaders to Navigate Economic Headwinds
Based on the survey findings, Gartner identified three key actions that successful I&O organizations were adopting to counteract the forces of economic uncertainty. I&O leaders that leveraged these practices were three times more likely to help their enterprises better navigate a turbulent economy.

These actions include:

1. Developing a workplace environment that improves well-being and inclusiveness.
I&O leaders often face challenges recruiting and retaining the necessary talent to achieve their objectives. Within I&O teams that were rated as the most effective, 84% of leaders reported building a welcoming and inclusive workplace. Furthermore, 79% of I&O leaders at highly effective organizations ensured the holistic wellness of employees by holding them accountable for personalizing their well-being progress.

2. Undertaking actions that improve I&O efficiency through enhanced analysis capabilities.
Maximizing the impact of technology and other investments remains a critical focus for I&O leaders amidst continued economic uncertainty. According to the survey, 89% of leaders in highly effective I&O organizations formulate strategies for process transformation and optimization, and 82% identify opportunities to reduce technology costs through economies of scale or cross-enterprise synergies.

3. Enhancing I&O’s ability to become a full-fledged partner in digital business activities
I&O leaders may struggle to be viewed as a key partner with business leaders, due to an inability to easily link IT investments to business outcomes. To enhance their contribution to the organization’s digital business strategy, the survey found that 92% of effective I&O leaders foster better coordination of I&O digital investments across lines of business or product lines. Additionally, 84% apply objective analysis to translate enterprise priorities into investments that advance digital business potential, and 79% provide a common language for business and I&O stakeholders to coordinate digital investment decisions.

Photo by Austin Distel on Unsplash

The changing role of partners in SAP’s new cloud mindset

960 640 Guest Post

Recent changes from SAP has left many partners wondering what the next steps are in providing cloud services, especially given  SAP’s insistence on developing a ‘cloud mindset’, and emphasising its Activate Methodology and Fit to Standard workshops to achieve this. 

Up until this point, a change of direction to the cloud has had little impact upon consultants abilities to facilitate a deployment, or to provide daily customer support services.  But the introduction of RISE with SAP S/4HANA Cloud, public edition or private edition, has brought with it a different way of working than its predecessor, HANA Enterprise Cloud (HEC). Given SAP is now driving software infrastructure delivery, the role that SAP partners play has now changed.

From initial consultation to implementation, support to maintenance, as Robert MacDonald, Innovation & Technology Manager at Absoft explains, partners need to adopt a new cloud mindset and skill set to enable them to adapt to the change, and to successfully deliver RISE with SAP…

Identifying the change

Over the last ten years, SAP partners have been moving away from providing on-premise ERP solutions to move toward cloud based systems, such as Microsoft Azure.  Even despite what felt like a significant change as a result of switching licences and adapting to more varied cost/flexibility models, partners were able to keep disruption to their business to a minimum..  This was owed in part to the fact that partners were still in control of key aspects of the process, from initial scoping all the way through to implementation, and as such, did not need to train their staff in any new specific skills.

RISE with SAP has ushered in a great deal of change. Irrespective of whether a customer opts for RISE with SAP S/4HANA Cloud, public edition or RISE with SAP S/4HANA Cloud, private edition, the entire approach has changed  – and partners need to change with it .

On the surface, the process has been simplified. SAP has created a standard infrastructure and offers customers small/medium/ large architecture options to streamline pricing. An ‘adopt not adapt’ mindset means customers are encouraged to avoid any customisation – indeed customisation or extensibility, if required, can only occur outside the core S/4HANA product, using Application Programming Interfaces (APIs) to link to complementary cloud solutions.  So where do partners fit into this new model?

Embracing new skills

One significant impact will be felt by consultants who specialise in providing more traditional expertise, offering services in scoping and implementation and outlining business-specific requirements. These services are no longer necessary, and have been replaced with SAP’s Fit to Standard workshops, negating the need for custom development specification and GAP analyses, should the SAP ERP solution not support a specific customer need.

The challenge for partners now is convincing prospective customers of the benefits of a standardised best practice approach, and emphasising that customisation should only be used to differentiate themselves from competitors when using a standard cloud based deployment.  Because of this, consultants need to learn new skills.  They need to learn to assess a customer’s processes, identify those areas of differentiation that would justify the development of extensible solutions and work with department heads to achieve the change management required to match the SAP standard process.

Partners must take their ecosystem of consultants with an extensive skill set based on identifying problems, writing development specifications and managing project delivery and help them make the transition to this new approach. They need to dedicate time and resources to changing the mindset of customers to fit SAP’s new cloud mindset, and learning new management skills.

Providing Support and Enabling Delivery 

The new skills set requirements extend far beyond the initial consultation stage. RISE with SAP is delivered using SAP’s Activate Methodology, which has been updated to support the implementation of this standard cloud project. This again requires that Project Managers learn a new set of skills. From provisioning systems to testing, connectivity to networks and configuring interfaces, every request has to go via SAP.  For Project Managers who prefer to work internally with their own teams on these processes, it will take time to get to grips with SAP timelines, processes and people.

For example, SAP may insist on providing a week’s notice before connectivity is turned on, which is something that could be achieved within hours if working internally.  If the Project Manager is not familiar with these processes, the entire project could become rapidly derailed. In essence, this new approach and mindset from SAP is both a move to a more modern standardisation method, working concurrently with a more old-fashioned service request system, over which partners have no control.  It also has implications upon where SAP’s influence exists and where it doesn’t, which muddies the waters in terms of determining which areas of the service which will incur an extra cost, and which areas do not fall under the remit of SAP.

The new skill set is not limited to implementation – the same issues arise during ongoing support.  From system patches to updates, it is vital to ensure changes fit in with business timelines – avoiding month ends, for example. Despite not being in control of these processes, partners still have a key role to play in liaising with customers when an update is set to occur The key to avoiding those increases in cloud expenses that have impacted organisations in the past is the availability of a service that can organise downtime, alert any affected business areas, handle change control, and oversee testing.


SAP recognises that significant change in skill sets and processes are required  to facilitate  this new generation of cloud solutions and is investing in supporting its partners. But partners themselves will have to buy into this new cloud mindset and meet them halfway, if RISE with SAP is to be deployed successfully.  Partners can no longer rely on the same on premise product that they have become familiar with over the last 20 years, and set it up all across the board. Every partner must now collaborate closely with SAP, use the company’s methodology, embrace the lessons learned and work with the customer success teams.

This is fundamentally changing every aspect of the SAP partner role and this is something that took some partners by surprise – especially those that did not expect RISE with SAP to take off in the first place. How many partners have proactively recognised and documented the new support and maintenance model to ensure customers understand the changing roles of suppliers  and partners  in this new cloud mindset? How many have been through their first SAP Activate project and now understand SAP’s processes and timelines? Critically, how many are genuinely committed to creating and embracing a new cloud mindset in terms of skillset to support staff and to enable the smooth transition to this new model?

Ultimately, the success of each customer’s implementation is now inextricably linked to the speed in which partners adopt and embrace the new cloud mindset.

Image by Patou Ricard from Pixabay

Public-private partnership launched to tackle UK cyber skills shortage

960 640 Stuart O'Brien

It’s hoped more people will soon be able to secure fulfilling, highly skilled jobs in the cyber security industry through a new scheme to address the shortage of cyber security experts launches its next iteration.   

HM Government and training provider SANS have partnered to launch the Upksill in Cyber training programme to help UK  professionals make a career change into cyber security. The programme, lasting 14 weeks, offers training, career advice and interview training to help workers change careers into cyber security roles.  

So far, it has trained over 200 students with non-cyber backgrounds. Many have gone on to secure guaranteed job interviews upon successful completion of the training programme. 

Andrea Csuri, a recent graduate of the Upskill in Cyber programme has successfully switched from the retail industry to a cyber security analyst role. She said “The programme was incredibly comprehensive, covering a vast array of topics related to cyber security. I was able to connect with mentors who work in the cyber security field, which was of great interest to me. Additionally, the live sessions with a recruiter were a fantastic resource, providing me with insights and advice on how to navigate the job market in this field. I now work as an Analyst for a company that helps organisations manage their IT and cyber security risks”. 

Recent research by SANS Institute found that 44% of the UK workforce have considered a career change in the last year. However, only 6% have taken an interest in pursuing a career in cyber security despite ranking better pay, career advancement opportunities, and flexible working as the top three benefits of pursuing a career in cyber security. This is due to a lack of understanding about the industry, roles available or the skills needed to even consider pursuing a career in cyber security   

To tackle this, SANS and HM Government are now launching the second iteration of the programme, to power stronger growth and better jobs by upskilling more individuals into cyber security.   

Minister for Science, Innovation, and Technology, Viscount Camrose, said, “The UK is rapidly establishing itself as a world leader in cyber security, and ensuring people have the skills they need to access jobs in the industry is key to cementing and expanding that reputation”. 

“The Upskill in Cyber programme lets us do exactly that – removing knowledge and skills barriers for aspiring cyber security professionals, and supporting them into the exciting new careers which fuel innovation, drive growth and protect our economy”.   

Stephen Jones, Managing Director of SANS Institute, added: “We have found that certain businesses lack the incident response and governance cyber security skills needed to face up to the realities of a challenging threat landscape. Our training programme helps to eradicate these skills gaps, breaking down barriers to facilitate the transition into a career in cyber. Individualised training equips candidates with both a solid theoretical foundation and hands-on practical skills, enabling them to tackle the most pressing security threats that organisations face today.” 

“The Upskill in Cyber programme opens up the dynamic world of cyber security to people from all walks of life,” said Ciaran Martin, Director of CISO (Chief Information Security Officers) Network at the SANS Institute. “Our training approach will equip and empower candidates with the skills and experiences they need to make them deployable in the cyber security workforce in just a matter of weeks. Throughout the programme, candidates will receive world-class training and support, gaining first-hand access to key industry representatives to better understand rising threats, roles, and responsibilities. In our 2022 programme, 100% of the candidates were provided with multiple opportunities to interact with hiring organisations. We are excited to witness the programme’s continued growth and success this year, as it unlocks new career opportunities in a diverse, dynamic, and forward-thinking industry brimming with potential.” 

Schoolgirls encouraged to consider careers in cybersecurity by Aston University

960 640 Stuart O'Brien

One hundred female Year 8 student from Birmingham schools took part in an ‘explorer day’ organised by the Cyber Security Innovation (CSI) Centre at Aston Business School.

The Cyber girls event is part of the Cyber Kali project, for which a team of academics at Aston and Warwick Universities have been awarded funding by the UK National Cyber Security Centre (NCSC).

The CSI Centre at Aston University has a sustained record of engaging with schools in Birmingham through educational events in cybersecurity since the pandemic.

The event brought together role models from the industry and local government, including Vickie C (senior cyber consultant, CGI), Daljinder Mattu (senior policy advisor, Department for Science Information and Technology) and CyberWomen@Warwick representatives. UK Cyber Security Council CEO, Simon Hepburn, also shared his career journey into cyber security and the opportunities the sector offers.

Dr Anitha Chinnaswamy and Professor Vladlena Benson led the project from the CSI, which was funded by the NCSC’s Academic Centres of Excellence programme.

There were interactive workshops emphasising the importance of online safety, cyber-hacking, and how to protect oneself from online threats. The Gadget Guru Competition provided an avenue for the students to showcase their creativity and inventiveness. The day concluded with an award ceremony that recognised the competition winners for their exceptional efforts.

Dr Chinnaswamy said: “We would like to thank all who contributed to making ‘Cyber Kali Explorer Day’ a triumph, and we are confident that our efforts will bear fruit in the future.

“It is our responsibility to continue nurturing these bright young minds, providing them with the tools they need to succeed, and supporting them as they embark on their unique journeys.

“Our goal goes beyond this project, we work towards every opportunity inspire and empower the next generation of cybersecurity professionals, especially young women, to pursue their dreams and explore a field that has traditionally been male-dominated.

Professor Helen Higson also supported the event and said: “I am proud of the ongoing work of the CSI Centre, which continues to support the objectives of the National Cyber Strategy 2022.

“At Aston University, we recognise the importance of promoting diversity and inclusion, and equality, diversity and inclusion (EDI) is an integral part of our agenda.

Professor Zoe Radnor, Pro-Vice-Chancellor and Executive Dean of the College of Business and Social Sciences at Aston University, said: “Through our Cyber Security Innovation Centre and other initiatives, we aim to create opportunities for all individuals, regardless of their background or identity, to excel in the field of cybersecurity and contribute to building a safer and more secure digital world.”

Rackspace: IT departments plugging talent gaps with technology

960 640 Stuart O'Brien

77% of UK organisations, including IT operations, say they are finding ways for technology to do jobs formerly performed by people in the face of hiring and skills issues.

That’s according to new research from Rackspace Technology, which shows two thirds (64%) of UK companies are downsizing their staff, facilitated by technology, out of a necessity, with roles in customer service the most likely to be automated, as identified by 70% of business decision makers – followed by IT operations (62%), sales and marketing (57%), business operations (56%), and HR and admin (56%).

Half of UK companies (47%) have increased their IT investment due to the current economic climate, recognising the crucial role technology will play in improving performance and plugging skills gaps.

Almost two thirds (63%) are looking for technology to drive greater efficiencies, such as through moving infrastructure to the cloud, but the motivation for increased investment also extends to talent issues, with UK companies now investing 1.5 times more money in roles performed by technology than those performed by people.

This reflects the challenging labour market, with two thirds (65%) of companies finding it difficult to fill technical vacancies and a similar proportion (62%) struggling to retain IT staff.

This commitment to technology to combat talent shortages, and the consequent trend for an increase in IT investment, is also being driven by growing confidence in return on investment among senior leaders. Three in five (58%) organisations acknowledge established ROI on technology is encouraging further financial commitments.

It is also shifting the requirements for all staff, not solely those working in IT. The vast majority (85%) of UK companies now prefer non-technical staff to have a degree of technical proficiency, regardless of whether it’s a core element of the role. 

Mahesh Desai, Chief Relationship Officer, EMEA, at Rackspace Technology, comments: “In times of economic uncertainty, committing increased spend to technology is a risk a majority of companies simply must take in the face of technical skills shortages across the board.

“Not only can technology offset the reduced workforce available but it is a well-established way of driving business efficiencies as well – though only if used effectively.

“Three quarters (73%) of UK organisations also said cloud operations would be a key investment area over the next 12-18 months and while they have correctly identified an important tool in improving their operations, they will need to optimise these investments and strategies to feel the true benefit.

“It should also be noted that technology itself is very different to technical-proficient staff. A tough labour market and therefore necessity might be driving the growing role tech is playing within companies but finding and retaining capable staff will remain crucial for businesses to thrive.”

To download the full report, click here.

Take your IT security career to the next level with these excellent online courses

960 640 Stuart O'Brien
Our selection of online courses tailored specifically for the IT Security sector will enable you to both learn new skills and improve existing ones in 2023 and beyond – sign up today! These are specially-curated online courses designed to help you and your team, improve expertise and learn new things. The IT and Personal Development online learning bundle provides you with over 50 courses, which cover all areas of both professional and personal development:
  • CSS Certification Level 1
  • HTML 5 Certification Level 2
  • Introduction to Cloud Computing Certification
  • IT Security Certification
  • Website Development Foundations Certification
  • WordPress Certification
  • How to Handle Criticism at Work Certification
  • How to Improve Your Mental Health Certification
  • Building Your Confidence and Self-Esteem Certification
  • Managing Teams Certification
  • Master Planning Certification
And many more! Find out more and purchase your online bundle here For just £99 +vat (usually £149), you can share the courses with your colleagues over a 12-month period. Additionally, there are a variety of bundles available on all spectrums;
  • Personal & Professional Development
  • Healthcare
  • Sports & Personal Development
  • Human Resources
  • Customer Services
  • Health & Safety
  • Education & Social Care Skills
  • Sales & Marketing
  • IT & Personal Development
Book your courses today and come out of this stronger and more skilled!

CIISec CyberEPQ qualification will kick-start cyber security careers

960 640 Guest Post

The Chartered Institute of Information Security (CIISec) is now managing the UK’s first and only Extended Project Qualification (EPQ) in cyber security. The Level 3 CyberEPQ will give anyone from 14 years old the best possible opportunity to kick-start their cyber security career and will integrate with CIISec’s broader development programmes to provide a clear pathway to progress.

Originally introduced by Qufaro in 2016, the CyberEPQ provides a starting point for anyone considering a career in cyber security. Now under CIISec’s management, and with rebranding underway, the qualification will become a more integral part of helping people to start and then progress their cyber security careers, from apprenticeship to university to full employment. It will open access to the full support of a professional body and an extensive community, ranging from students and academics at CIISec’s academic partner institutions through to established security professionals and corporate partners.

“We’re delighted to welcome the Level 3 CyberEPQ into our broader programme,” commented Amanda Finch, CEO of CIISec. “This qualification provides a springboard for individuals to start their careers, and, embedded within our development programme, it will help individuals to understand exactly what skills are needed to progress in their roles. From cyber digital investigation professionals to system architects and testers to cryptographers to risk management professionals, the variety of roles available in the industry is vast and there are opportunities out there for everyone. This qualification will play a key role in attracting a fresh pool of talent, which the industry so desperately needs to keep up with evolving cyber threats.”

The qualification is underpinned by CIISec’s skills framework, which is designed to help individuals and organisations understand precisely what skills are needed to fulfil a specific role at a specific level. Students that enrol in the CyberEPQ will also have access to CIISec’s development programme, which supports individuals and their employers at all stages of their career, from apprenticeships to junior-level associates, to full members and people at the peak of their careers.

Contact the CyberEPQ team at CIISec for further information –

The Synack platform expands to confront the cyber skills gap

960 640 Guest Post

By Peter Blanks Chief Product Officer, Synack

At Synack, we’re committed to making the world a safer place. We’re doing that by helping organizations defend themselves against an onslaught of cyberattacks. We’re doing it by harnessing the tremendous power of the Synack Red Team, our community of the most skilled and trusted ethical hackers in the world, and through the most-advanced security tools available today.

Now, the Synack Platform is expanding to help organizations globally overcome the worldwide cybersecurity talent gap. I am excited to announce the launch of Synack Campaigns to provide on-demand access to the SRT, who will be available 24/7 to execute specific and unique cybersecurity tasks whenever you need them — and deliver results within hours. This new approach to executing targeted security operations tasks will fundamentally change organizations’ approach to cybersecurity by providing on-demand access to this highly skilled community of security researchers.

During my time at Synack, I’ve seen firsthand how the Synack Operations and Customer Success teams creatively engage with the SRT to address a growing range of clients’ security operations tasks, in addition to our traditional vulnerability discovery and penetration testing services.

Now, we are making these targeted security activities directly available to every organization in the form of Synack Campaigns, available through the new Synack Catalog, also launching today on the Synack Client Platform.

The new Synack Catalog, where customers can discover, configure, purchase and launch Synack Campaigns is available now on the Synack Client Portal. Please speak with your CSM to have this feature enabled for your organization.

I know from speaking to our clients across multiple industries that security teams are struggling to keep pace with the speed of product development. At the same time, they are trying to scale defenses to meet the complexity and magnitude of today’s threats. Our customers ascribe challenges with their growing backlog of security tasks such as CVE checks and cloud configuration reviews. On top of all of that, there’s the need to implement industry best-practice frameworks such as OWASP & Mitre Att&ck. Essentially, customer security teams are struggling with demanding workloads and have asked us for assistance in a number of areas:

  • On-demand access to talented Synack Red Team members who are available 24/7 and capable of completing diverse security operations activities across a growing range of assets.
  • A flexible security solution that can be configured to meet their specific needs in one centralized platform with their existing pentesting insights.
  • A security solution that delivers results quickly (hours and days, not weeks or months) and is aligned with their agile development processes.

Synack Campaigns expands the core capabilities of the Synack Platform, including our trusted community of researchers, an extensive set of workflows, payment services, secure access controls and intelligent skills-based task-routing to provide customers with the ability to execute a growing catalog of cybersecurity operations.

With Synack Campaigns our researchers can augment internal security teams by performing targeted security checks such as:

  • CVE and OWASP Top 10 vulnerability checks
  • Cloud Configuration Checks
  • Compliance Testing (NIST, PCI, GDPR, etc.)
  • ASVS Checks

Synack Campaigns are built to complement our vulnerability management and pentesting services, and help customers achieve long-term security objectives, such as Application SecurityM&A Due Diligence, and Vulnerability Management.

Level up in 2022 with these online courses for IT security professionals

960 640 Stuart O'Brien

Our selection of online courses tailored specifically for the IT Security sector will enable you to both learn new skills and improve existing ones – sign up today!

These are specially-curated online courses designed to help you and your team, improve expertise and learn new things.

The IT and Personal Development online learning bundle provides you with over 50 courses, which cover all areas of both professional and personal development:

  • CSS Certification Level 1
  • HTML 5 Certification Level 2
  • Introduction to Cloud Computing Certification
  • IT Security Certification
  • Website Development Foundations Certification
  • WordPress Certification
  • How to Handle Criticism at Work Certification
  • How to Improve Your Mental Health Certification
  • Building Your Confidence and Self-Esteem Certification
  • Managing Teams Certification
  • Master Planning Certification

And many more!

Find out more and purchase your online bundle here

For just £99 +vat (usually £149), you can share the courses with your colleagues over a 12-month period.

Additionally, there are a variety of bundles available on all spectrums;

  • Personal & Professional Development
  • Healthcare
  • Sports & Personal Development
  • Human Resources
  • Customer Services
  • Health & Safety
  • Education & Social Care Skills
  • Sales & Marketing
  • IT & Personal Development

Book your courses today and come out of this stronger and more skilled!

5 innovative cybersecurity training methods to try in 2021

960 640 Guest Post

By Juta Gurinaviciute, Chief Technology Officer at NordVPN Teams

As much as 88% of data breaches are caused by human error, but only 43% of workers admit having made mistakes that compromised cybersecurity. In the past year a third of the breaches incorporated social engineering techniques and the cost of a breach caused by a human error averaged to $3.33 million

To mitigate the risk, enterprises develop complex cybersecurity strategies and action plans, yet they are insufficient unless acknowledged by every member of their organization. Half of the Chief Information Security Officers (CISOs) plan to extend cybersecurity and privacy into all business decisions and that makes it every employee’s concern. 

With the ever-changing and evolving digital threats, maintaining cyber resistance is no longer limited to IT and security officers and depends on every member of the organization. Constant training is a way to build the team’s resilience against threats, yet it is not uncommon for them to turn into dull PowerPoint sessions, after which few remember the safety measures they should take. The problem is amplified by the workforce operating from home and not subscribing to security policies of the company.

CISOs and other stakeholders can grab employees’ attention by changing the methods of the regular cybersecurity training. Those who found training to be very interesting were 13 times more likely to change the way they think about cyber threats and protection against them. Therefore, organizations should seek memorable, entertaining and accessible ways to talk about complicated security matters.

5 ways to make cybersecurity training more attractive

Gamify it. Dull figures slide after slide, myriads of ‘dos and don’ts’ along with knotty safety procedures make the process lethargic. Quizzes, games, prizes and quality time with colleagues will enhance enjoyment and learning. Interactive activities boost engagement and thus yield better results when it comes to teaching staff about cybersecurity. 

Engage in friendly competition. The key element of the gamification is competition. However,  putting a prompt question within the video lesson or offering ‘innovative’ content is not enough. People are engaged when they have an incentive, be it a prize or pride. Companies should organize monthly, quarterly or yearly competitions to keep a workforce constantly aware of new threats and how to tackle them.

Make it rewarding. Turn the right answer into a badge, a discovered vulnerability into a star, and a year without an incident into a holiday bonus. People expect feedback while participating in a competition, and the reward system is the optimal way to do it. Instead of giving an opinion to everybody in private, security and IT professionals can award the achievements. They also help to track the progress of each employee and take the precautions if necessary.

Turn it into a team effort. Staying protected from breaches and attacks is everyone’s interest. Thus employees should be encouraged to work in teams and solve riddles with their colleagues. In a cybersecurity workshop, for instance, employees can be asked to craft a phishing email. This encourages them to find out more about this criminal technique, to look at the examples of it and thus recognize them at the first glance next time. 

Be understood. For information security professionals, IT and cybersecurity jargon is a native language.  Yet for accountants, marketers and many others it’s just a meaningless jabber. Make sure to speak clearly and to explain every term in plain language so the relative layman understands and remembers.

These tips also apply when teaching the staff how to use various cybersecurity tools, such as cloud services or VPNs. With people working remotely, many of them face the need to use two-factor authentication or secure connection for the first time as it was readily available by default at their usual workstations. Now they have to care for their and their company’s protection themselves. 

Cybersecurity is no longer a thing only information security and IT departments care about. As many workplaces rely solely on digital solutions which are used by the entire workforce, staying protected against cyberattacks requires everyone’s joint effort. The main notions of data security must be conveyed in an appealing manner.