Circle 01
Circle 02
Circle 03

Join our mailing list

Subscribe to the TSC newsletter to receive exclusive news and advice
  • 01 March 2022
  • 3 min read

How do cyber experts educate novices? The challenges and dilemmas

Chief Information Security Officers, Information Security Officers, Data Protection Officers, Data Analysts and all associated professionals have developed expertise in their specialist field and by...
10

Chief Information Security Officers, Information Security Officers, Data Protection Officers, Data Analysts and all associated professionals have developed expertise in their specialist field and by definition, are able to think effectively about problems in those areas. The challenge is presented when ‘experts’ in a field are required to educate the ‘novices’ entering the organisation or sector.

Experts in the field

Understanding expertise is important because it provides insights into the nature of thinking and problem solving. Research shows that it is not simply general abilities, such as memory or intelligence, nor the use of general strategies that differentiate experts from novices. Instead, experts have acquired extensive knowledge that affects what they notice and how they organise and interpret information in their environment. This, in turn, affects their abilities to remember, reason, and solve problems.

There are five key principles of experts’ knowledge and their potential implications for learning and subsequent education of others:

  1. Experts notice features and meaningful patterns of information that are not noticed by novices.
  2. Experts have acquired a great deal of content knowledge that is organised in ways that reflect a deep understanding of their subject matter.
  3. Experts’ knowledge cannot be reduced to sets of isolated facts or propositions but, instead, reflects the context and applicability of that knowledge.
  4. Experts are able to flexibly retrieve important aspects of their knowledge with little attentional effort.
  5. Though experts know their disciplines thoroughly, this does not guarantee that they are able to educate others.

When considering the information and cybersecurity novices across your organisation it is important to remember they will struggle to identify key risks as you do. Their knowledge and skill set will be at a superficial level, and they will have to ‘work hard’ to remember important information. As a specialist in your field, it does not mean you will be in a position to effectively educate others.

A fundamental understanding of how people learn and process information is required in order to effectively train and develop novices.


Multi-layered approach

A multi-layered approach to help people learn is essential.

It starts by acknowledging that people process information in different ways. Every individual has a learning style preference, be that auditory, visual, reflective and kinaesthetic learning. Some people require detailed context and theories in order to learn, while others take a more experiential approach. In order to meet all these different learning styles and requirements learning has to be multi-layered.

The following diagram represents the different learning strategies that will need to be adopted to ensure novices develop in their role.


Additional considerations

Starting point

It is important to establish the skills knowledge and experience people bring with them. Use this as a platform from which to develop their knowledge and skills. Some training provides inbuilt pre-course assessments that then direct learners to the elements of the course where they have knowledge gaps.

Be clear

Attention must be given to what is taught (information, subject matter), why it is taught (understanding), and what competence, mastery and positive behaviour looks like.

Create understanding

Learning with understanding is often harder to accomplish than simply memorising, and it takes more time.

Many learning opportunities fail to address understanding because materials present too many disconnected facts in too short a time and tests often reinforce memorising rather than understanding.

Ongoing observation and feedback are essential. This helps an educator, manager or other professional understand where the ‘novice’ is on their developmental corridor from informal to formal thinking.

Cultural norms

Learning is influenced in fundamental ways by the context in which it takes place.

The norms established in the workspace have strong effects on any novice’s achievement. In some workplaces, the norms could be expressed as ‘it’s ok to do that, all the managers do’ or ‘we are encouraged to ask questions, to inform everyone’s learning’.

Others encourage risk-taking and opportunities to make mistakes, obtain feedback, and revise. Clearly, if novices are to reveal their preconceptions about a subject matter, their questions, and their progress toward understanding, the norms of the workplace must support this.


In summary

As an expert in your field, it doesn't necessarily correlate that you are an expert educator. That is ok, because there are expert educators to call upon. Applying a multi-layered approach to learning is critical in helping people develop important competencies. And considerations of social or cultural norms in the workplaces will have a dramatic effect on the development of secure working practices moving forward.


For further information on the multi-layered resources we have available please contact TSC at: +44 (0)1234 707 026, jenny.mandley@thesecuritycompany.com.

Conor 172
Written by
Conor Mckenna
I have a variety of experience within marketing covering multiple sectors, from large consumer goods and FMCG businesses to working as a marketing consultant in the IT service management industry.
View Profile

See how we can help you protect your organisation today?

Circle 01
Circle 02
Circle 03

Join our mailing list

Subscribe to the TSC newsletter to receive exclusive news and advice