Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

10 tips to develop cybersecurity knowledge within organizations

By Derek Kernus
security-training3-freepik1170.jpg
May 26, 2022

They say once you learn to ride a bike, you never forget. When it comes to cybersecurity, that bike is constantly changing, and the learning never stops. Continuing education is important for many professions, but it’s essential that everyone in the organization receives training in cybersecurity. 

Why everyone? Organizations can’t assume that all employees know or follow proper cyber hygiene in their personal lives. Allowing them to connect personal devices to the organization’s network or use company resources without training is taking a big chance with data, arguably one of the most valuable resources. Most hacks are the result of human error, and security leaders can train employees for that!

Growing a cybersecurity knowledge base within the organization does three things for the organization:

  1. Strengthens the first line of defense against cyber threats
  2. Helps embed a security mindset into the organization’s culture
  3. Develops security stance as a competitive advantage

To help get started, here are 10 of the best tips to help security executives and their organizations move the needle from cybersecurity zero to hero.

1. Determine cybersecurity needs. A deep assessment can help organizations consider all of the areas where cybersecurity is needed and how much of that need can be outsourced versus handled internally. Consider:

  • Strategic plans: What skills are needed to accomplish long-term goals?
  • Workforce: Does the organization have the talent needed? Will we hire up or train up?
  • Budget: What can be spent on training, certifications, and continuing education?  
  • Competition: What will it take to keep on par (or ahead) with others?
  • Culture: How is security viewed here? Is it part of how the mission is accomplished?

2. Establishing a training cadence. For cyber basics and awareness, companies should hold cybersecurity training every four to six months, including new schemes and tactics used by bad actors. Certification requirements range from classroom hours to continuing education credits to retesting.

3. Use free resources. Organizations don’t have to pay for basic training! There are some very good cybersecurity resources available free from the U.S. Government. Visit the Cybersecurity & Infrastructure Agency and the National Institute of Standards and Technology.

4. Get to the “why.” Cybersecurity training won’t “stick” unless employees understand their responsibilities and take their roles seriously. Ensure the training answers, “Why is cybersecurity important to our mission?”

5. Put employees to the test! Testing is a part of education. Send the fake emails, conduct hacking exercises, and role-play a simulated attack or ransom situation. Even employees who know they could be tested slip up — and these are teachable moments to slow down, trust their gut, and verify.

6. Align training and policies. Make sure to reiterate all the best practices covered in training by creating policies and rules — and putting them in the employee handbook. Guidelines for daily activities, as well as reporting requirements, help institutionalize cybersecurity practices.

7. Explain the HOW. Make a point to explain cybersecurity stance and monitoring techniques to employees. Not as a scare tactic (“We’re always watching!”) but rather to demonstrate the value of data, how seriously security is taken, and to help employees feel comfortable being a part of the solution.

8. Leverage experts. Many organizations have a wealth of cybersecurity knowledge within their IT and leadership staff that can be shared through lunch-and-learns, webinars, hands-on mentoring, and idea meetings. Internal instruction is good for teaching procedures, and tips and tricks learned in the trenches.

9. Reach to the top. Cybersecurity is an operational task that is part of every business. It’s the job of the security leader to know about it. Even if there are experts on staff or outside cybersecurity consultants who were hired, leaders should have a working knowledge of cybersecurity basics, the company’s posture, and areas where the organization faces risk — allowing the security leader to make informed decisions. If leaders are unsure or embarrassed to admit what they don’t know, they should brush up on the basics online and sit down with consultants to ask questions.

10. Keep the good going: Cybersecurity is not a “one and done” task. The landscape is changing so fast that it requires almost constant attention just to keep up. Training also takes time and repetition — especially for new skills or procedures. Fiercely protect the training budget, prioritize time for training, and create opportunities for everyone — from basic users to the pros, to apply what they have learned.  

 We occasionally hear from users who worry about investing in cybersecurity certifications and other marketable training. They don’t want to pay for training only to have employees take those skills to greener pastures. The advice is always the same: “You have to pay for expertise.” If organizations don’t increase compensation commiserate with skills, their people and training might walk out the door. However, in order to replace that person, they’ll have to increase their salary. Either way, they will pay.

KEYWORDS: cyber security risk management security awareness security operations

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Derekkernus

Derek Kernus is the director of cybersecurity operations at DTS and holds CISSP, CCSP and CMMC RP certifications.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

2025 Security Benchmark banner

Events

September 29, 2025

Global Security Exchange (GSX)

 

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • team-building-freepik1170x658.jpg

    5 tips to develop a best-in-class cybersecurity function

    See More
  • coins in jar

    4 security risk management tips for small to medium-sized organizations

    See More
  • Hacker graphic over map

    10 tips for small businesses to prevent cyberattacks

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing