Share this
How to Ask for Honest User Feedback on Your IT Security Training Program
by Reflare Research Team on Dec 22, 2021 7:07:00 PM
Both tech and non-tech staff understand how important IT security is, and they will happily tell you what they think of your training initiatives if you ask them. Are you ready to hear it? And even if you are, what are you going to do next?
First Published 22nd August 2020 | Latest Refresh 22nd December 2021
Tendai loved completing the company's new cyber security compliance training on his corporate brick.
4 min read | Reflare Research Team
Coming to Conclusions
In the previous research articles from our 'Ultimate Guide to Creating and Delivering an IT Security Training Program' report, we have guided you through the planning, selection and execution of a training program.
Below, help you debrief your trainees once their training is complete and ask the right questions to gain the insights needed to iteratively improve the training experience.
The Right Questions Can Unlock the Right Answers
It is important that you make sure that trainees feel comfortable answering the following questions truthfully. If required, reassure them that there are no wrong answers, and that contrarian insights are welcomed. Also consider if these questions are better asked one on one or in a team setting, or state that you are collecting their feedback anonymously.
Questionnaire
Was the training what you expected it to be? How and how not?
Quite often your trainees will have a finer appreciation for the applicability of the training in their real-life day-to-day workflow. How helpful was this training? What was missing from the curriculum? Was there anything in the program that surprised you for better or worse? Can you give an example of how you will use something you’ve learnt from this training in your job? Do you experience any circumstances where lessons from the training would actually work against the security of the organisation?
Be sure to ask open, explorative questions when the trainees start to disclose what they really think, even if it’s negative feedback. Is this feedback that is the fuel that feeds into your evaluation of what to do differently next time? Without it, you are doomed to repeat the same mistakes you don’t know you made.
What challenges did you face during your training?
This is a great question to help you evaluate if your training was too condensed, or if you incorrectly assumed the trainees had sufficient preconceived knowledge before the training began. If you have recently changed IT security training programs, look to understand what they did or didn’t like from the old training, and benchmark it against their feedback on the new training.
Were these stated challenges just an acceptable level of ‘capability stretch’ that’s needed to develop new skills, or were you asking too much from trainees? What is the tempo and velocity of the training to fast? Were there sufficient opportunities to apply hands-on experience to the learnings in real-time? What would they have preferred to experience to not have these learning challenges?
It is important to be empathetic when receiving this type of feedback. Don’t seem dismissive when you hear it because they had a problem with something that you’ve put a lot of effort into creating. Instead, listen attentively, do not judge, put yourself in their shoes, and seek to understand where they are coming from. Be sure to thank them for their honesty, and confirm that the feedback will not be used against them in any way.
Furthermore, you can build credibility by showing the impact of the feedback as you make changes to future training programs. Make sure you provide a feedback loop back to the trainees, so they can identify the value they have contributed in sharing their experiences with you.
How closely did the training match your daily workflow?
So many training solutions deliver ‘out of the box’ lessons that are completely devoid of the trainee’s workflow. Use this opportunity to really understand which components of your training delivered a meaningful impact on the day-to-day activities of your staff.
Training without applicability or context delivers low trainee engagement, zero knowledge retention, and no behavioural change (not to mention the lost productivity and a waste of your budget). Suppose you find that trainee feedback is reporting high amounts of irrelevant in your training program. In that case, this means that even the training requirements were incorrectly scoped at the beginning of your design process, or you are training the right content to the wrong people.
Misdiagnosis of training objectives can happen, but it is easily avoided when addressed earlier in the training design process, which you can read about here.
One way to mitigate this risk is to ensure that your materials are easily customisable to your trainee’s reality. There are now IT security training solutions that provide efficient and cost-effective ways of customising training content that delivers low-effort / high-value returns.
There are no longer acceptable excuses for getting this wrong twice.
Download: Use this simple-to-use questionnaire to capture trainee feedback which will feed into your next iteration of training design. (pdf)
What would you improve the training?
This is a very open-ended question, but deliberately so.
The people who use your systems and networks day-in / day-out understand every little problem and risk that an adversary could exploit. Listen to them. Learn from them. They can not only give you valuable insight about trends and future training requirements long before leadership learnt about them, but they also can provide you with some brilliant ideas for how to improve the overall training experience.
Cyber security is fluid, and staying on top of all the changes, trends, and emerging threats is not easy. If you listen to your trainees, and independently verify what they are saying is correct, then you will be ahead of the game for the next training cycle.
Furthermore, you can subscribe to the Reflare Research Newsletters, which will periodically update you with the latest trends in IT security training. As an example of this, you can read up on some relevant information on the topic below.
Share this
- December 2024 (1)
- November 2024 (1)
- October 2024 (1)
- September 2024 (1)
- August 2024 (1)
- July 2024 (1)
- June 2024 (1)
- April 2024 (2)
- February 2024 (1)
- January 2024 (1)
- December 2023 (1)
- November 2023 (1)
- October 2023 (1)
- September 2023 (1)
- August 2023 (1)
- July 2023 (1)
- June 2023 (2)
- May 2023 (2)
- April 2023 (3)
- March 2023 (4)
- February 2023 (3)
- January 2023 (5)
- December 2022 (1)
- November 2022 (2)
- October 2022 (1)
- September 2022 (11)
- August 2022 (5)
- July 2022 (1)
- May 2022 (3)
- April 2022 (1)
- February 2022 (4)
- January 2022 (3)
- December 2021 (2)
- November 2021 (3)
- October 2021 (2)
- September 2021 (1)
- August 2021 (1)
- June 2021 (1)
- May 2021 (14)
- February 2021 (1)
- October 2020 (1)
- September 2020 (1)
- July 2020 (1)
- June 2020 (1)
- May 2020 (1)
- April 2020 (2)
- March 2020 (1)
- February 2020 (1)
- January 2020 (3)
- December 2019 (1)
- November 2019 (2)
- October 2019 (3)
- September 2019 (5)
- August 2019 (2)
- July 2019 (3)
- June 2019 (3)
- May 2019 (2)
- April 2019 (3)
- March 2019 (2)
- February 2019 (3)
- January 2019 (1)
- December 2018 (3)
- November 2018 (5)
- October 2018 (4)
- September 2018 (3)
- August 2018 (3)
- July 2018 (4)
- June 2018 (4)
- May 2018 (2)
- April 2018 (4)
- March 2018 (5)
- February 2018 (3)
- January 2018 (3)
- December 2017 (2)
- November 2017 (4)
- October 2017 (3)
- September 2017 (5)
- August 2017 (3)
- July 2017 (3)
- June 2017 (4)
- May 2017 (4)
- April 2017 (2)
- March 2017 (4)
- February 2017 (2)
- January 2017 (1)
- December 2016 (1)
- November 2016 (4)
- October 2016 (2)
- September 2016 (4)
- August 2016 (5)
- July 2016 (3)
- June 2016 (5)
- May 2016 (3)
- April 2016 (4)
- March 2016 (5)
- February 2016 (4)