- Employee awareness
- 8 min read
Chief Information Security Officers, Information Security Officers, Data Protection Officers, Data Analysts and all associated professionals have developed expertise in their specialist field and by definition, are able to think effectively about problems in those areas. The challenge is presented when ‘experts’ in a field are required to educate the ‘novices’ entering the organisation or sector.
Understanding expertise is important because it provides insights into the nature of thinking and problem solving. Research shows that it is not simply general abilities, such as memory or intelligence, nor the use of general strategies that differentiate experts from novices. Instead, experts have acquired extensive knowledge that affects what they notice and how they organise and interpret information in their environment. This, in turn, affects their abilities to remember, reason, and solve problems.
There are five key principles of experts’ knowledge and their potential implications for learning and subsequent education of others:
When considering the information and cybersecurity novices across your organisation it is important to remember they will struggle to identify key risks as you do. Their knowledge and skill set will be at a superficial level, and they will have to ‘work hard’ to remember important information. As a specialist in your field, it does not mean you will be in a position to effectively educate others.
A fundamental understanding of how people learn and process information is required in order to effectively train and develop novices.
A multi-layered approach to help people learn is essential.
It starts by acknowledging that people process information in different ways. Every individual has a learning style preference, be that auditory, visual, reflective and kinaesthetic learning. Some people require detailed context and theories in order to learn, while others take a more experiential approach. In order to meet all these different learning styles and requirements learning has to be multi-layered.
The following diagram represents the different learning strategies that will need to be adopted to ensure novices develop in their role.
It is important to establish the skills knowledge and experience people bring with them. Use this as a platform from which to develop their knowledge and skills. Some training provides inbuilt pre-course assessments that then direct learners to the elements of the course where they have knowledge gaps.
Attention must be given to what is taught (information, subject matter), why it is taught (understanding), and what competence, mastery and positive behaviour looks like.
Learning with understanding is often harder to accomplish than simply memorising, and it takes more time.
Many learning opportunities fail to address understanding because materials present too many disconnected facts in too short a time and tests often reinforce memorising rather than understanding.
Ongoing observation and feedback are essential. This helps an educator, manager or other professional understand where the ‘novice’ is on their developmental corridor from informal to formal thinking.
Learning is influenced in fundamental ways by the context in which it takes place.
The norms established in the workspace have strong effects on any novice’s achievement. In some workplaces, the norms could be expressed as ‘it’s ok to do that, all the managers do’ or ‘we are encouraged to ask questions, to inform everyone’s learning’.
Others encourage risk-taking and opportunities to make mistakes, obtain feedback, and revise. Clearly, if novices are to reveal their preconceptions about a subject matter, their questions, and their progress toward understanding, the norms of the workplace must support this.
As an expert in your field, it doesn't necessarily correlate that you are an expert educator. That is ok, because there are expert educators to call upon. Applying a multi-layered approach to learning is critical in helping people develop important competencies. And considerations of social or cultural norms in the workplaces will have a dramatic effect on the development of secure working practices moving forward.
© The Security Company (International) Limited 2023
Office One, 1 Coldbath Square, London, EC1R 5HL, UK
Company registration No: 3703393
VAT No: 385 8337 51