Right-Sized Security Training — The Case For The Learning Burst

By Craig Kunitani, COO and CTO, Security Mentor

Most of us aren’t weekend warriors, logging extensive hours of training for the next marathon.  But, we look forward to walking the dog, biking around the neighborhood, or a round of golf.  And when we worry that we’re not exercising enough, we can reassure ourselves that short bursts of exercise are just as good, perhaps better. Fortunately, studies indicate that short bursts and interval training help people burn fat and increase fitness levels, even in 15-20 minute sessions.

That’s great news for us busy people, but what does it have to do with security awareness training? Quite a bit, actually.

The return on investment of interval training is powerful enough to keep us motivated, and we’re not as easily bored. The same can be said for educational training — short, focused sessions keep you engaged and interested. We see similar effects on the brain from learning bursts as we see on physical fitness levels from brief but intense exercise.

Workout Burst

Exercising for brief periods at very high intensity interspersed with brief periods of moderate rest, a program known as high-intensity interval training (HIIT), is simply one of the best ways to get in shape, in part because it produces a tremendous boost in human growth hormone (HGH), aka the “fitness hormone.”

These workouts are considerably shorter than endurance workouts like an aerobics class or hour on the treadmill, requiring as little as four minutes of very intense activity combined with rest intervals, for a total workout of 20 minutes or so. A study from the Metabolism journal summarized by Inspiyr compared a 20-week endurance-training (ET) program to a 15-week burst-training program. The HIIT group showed a nine-fold greater fat loss than the ET group. Moreover, some experts argue that short and strenuous exercise may be safer than conventional exercise.

Learning Burst

So now that you’re inspired to hit the gym, let’s talk about how this brief-but-intense approach translates to learning. As most employees are too busy for long training sessions, a series of short lessons can break up the same amount of information into more digestible bits. Lengthy courses often leave learners in information overload, as too many disparate topics or details are covered.

Learning bursts however, are “to the point” and deliver bite-sized information on a focused topic, resulting in better absorption and more engaged participation. Much like your workout, learning is most successful when short but meaningful lessons are delivered frequently and reinforced over time. This is especially true in today’s workplace where, on average, employees get interrupted every 11 minutes and switch to a new task every 3 minutes.

The Right Fit

Security awareness training aims not only to impart information, but also to change behavior. In order to accomplish this, learners must be as engaged and focused on the lessons as possible. Studies in neuroplasticity (the human ability to “rewire” our brain) show that casual exposure to new ideas or habits is not enough for new behavior to become ingrained. Short, intense learning sessions are especially effective for security training. Because they don’t require a major time investment from the learner, capturing and keeping their attention for the duration of the lesson is easier, and more frequent sessions make a greater impact through timely repetition and reinforcement.

It’s important to remember that the millennial cohort is a major and growing portion of today’s workforce. This younger generation has a unique relationship with technology and digital information. Thanks to a lifetime of video games and always connected mobile digital communication/media, they are used to doing everything at “twitch speed” and have little patience for lengthy lectures. Burst learning is a great fit for their preferences and data consumption habits (think “snackable content”).

Most of us are already overwhelmed by information and stimuli, thanks to urban living, ubiquitous smartphones, and rich media everything. Smaller doses of eye-opening security risks, combined with focused solutions, are more sustainable and leave trainees with the sense that defending against security threats is a manageable and worthwhile exercise.

Barring an unforeseen technological and cultural revolution, we have to accept that we’re in this cat-and-mouse cybersecurity game for the long haul. A business’ employees are its first, and potentially best line of defense. Effective, efficient security awareness training is essential to building a sustainable culture of stewardship and vigilance.

Security fitness is as important to healthy businesses as physical fitness is to healthy bodies. Frequent bursts of focused learning are a powerful approach to strengthening security in the modern workplace.

Craig Kunitani is COO, CTO, and co-founder of Security Mentor, a pioneer of innovative security awareness training that drives real behavior change by combining engaging, highly interactive training with content-rich lessons that convey critical security information. He manages the operations and technology direction of the company. Kunitani has nearly three decades of experience in the information security, computer industry, and physical sciences. His contributions have been as a researcher, software developer/engineer and manager. Kunitani holds certification as a Certified Information Systems Security Professional (CISSP) and earned a master’s degree in atmospheric science from the University of Wisconsin-Madison, and a bachelor’s degree in statistics from University of California-Berkeley.