Security Awareness in a Tech Workforce: The Human Element – Part 2
Pointing out how the human element remains critical in a tech organization’s cybersecurity framework, the Techronicler team asked security experts and tech business leaders to share one specific initiative they implement to foster a sense of security awareness in a tech workforce.
Our team received some great opinions in response and we now share the most insightful among these with you!
Don’t forget to read the other articles in this series:
Read on
Oliver Aleksejuk
Implement a gamified security training program. This approach turns cybersecurity education into an engaging, competitive experience. Employees participate in regular challenges that simulate real-world scenarios, such as identifying phishing emails, securing workstations, or responding to potential data breaches.Points are awarded for correct actions, and leaderboards showcase top performers.
Gamification not only makes learning more enjoyable but also reinforces key security concepts through repetition and practical application. The competitive element motivates staff to improve their skills continuously.
Also, the program can be updated regularly with new challenges reflecting emerging threats, ensuring the workforce stays current with evolving cybersecurity landscapes. This initiative transforms security awareness from a dry, mandatory exercise into an integral part of the company culture, significantly improving overall cyber resilience.
Oliver Aleksejuk
Managing Director, Techcare
Wayne Selk
Human error continues to play a significant role in cybersecurity events. Phishing and social engineering rely on people making mistakes. The most common cybersecurity incident cited by companies is the old standby of a lost device.
The greatest chance of success in getting people to change their behaviors and embrace their role in security is to embed cybersecurity into an organization’s culture. This starts at the highest level with executive buy-in and commitment. Identify security champions within the organization.
Choose a “clarifying event” to explore and discuss with the goal of reaching a consensus on what’s best for the organization.
Educate and engage staff in cybersecurity best practices. If you have a healthy culture – one that is supportive, inclusive, diverse, and allows for mistakes – you can create a cybersecurity-first mindset. By leveraging your existing values, you can intertwine your culture and cybersecurity.
Wayne Selk
VP of Cybersecurity Programs, CompTIA
Lissa Poirot
I believe gamification is an underrated but effective way to create that cybersecurity awareness in a tech organization. By turning security training into interactive, competitive challenges, it engages employees more deeply than traditional methods.
I’ve seen how incorporating quizzes, simulated phishing attacks, and real-world scenarios with rewards for top performers encourages a sense of personal responsibility. Instead of passively absorbing information, people are actively learning how to spot risks. The competitive nature also drives peer-to-peer discussions, reinforcing the learning experience.
What often goes unnoticed is how these games build knowledge and create a security-conscious culture.
Employees start thinking critically about risks in their daily tasks, which isn’t easily achieved with just annual training sessions.
Lissa Poirot
Director of Content, Joy Wallet
Andrew Lugsden
Security testing can be a useful tool to highlight the need for security awareness. If the test and results are managed correctly, it can be used as a tool to emphasize the need to be more security conscious or can congratulate individuals on their secure response when faced with a potential security issue.
Social Engineering, Phishing, and Security tests are methods that can be used to assess different aspects of a company’s security and each serves a useful function to help companies and individuals improve.
Andrew Lugsden
Security Consultant, Forge Secure
Ruth Jennifer Cruz
In an era where technology dominates, the most controversial yet effective initiative for enhancing cybersecurity awareness is enforcing a mandatory ‘tech-free hour’ every week. This initiative compels staff to engage in face-to-face discussions about cybersecurity threats and prevention strategies without the use of digital devices.
The underlying philosophy here is radical but simple: by temporarily disconnecting from technology, employees can develop a deeper understanding and appreciation of cybersecurity's human aspects, thus fostering a more vigilant and informed workforce.
This method not only challenges our dependence on tech but also reinforces the critical role of human vigilance in safeguarding digital assets.
Ruth Jennifer Cruz
Product Manager, Wolf King USA
Sead Fadilpašić
I can share what I did years and years ago, before I was working in the cybersecurity space – I was working for this very small company, with an owner who just straight up did not believe in security. He didn’t think it was a big deal, or that we needed to worry about it. But we were dealing with client data and we were basically one breach away from complete disaster.
So I had a friend basically break into our system. It was shockingly easy, and I think it shocked my boss into paying attention and taking it seriously. We need to remember that it’s humans hacking into these systems, so it takes a human to think about how to get around it.
Sead Fadilpašić
Cybersecurity Consultant and Writer, Restore Privacy
Ali Qamar
As the founder of ExtremeVPN and a privacy advocate, I’ve seen how vital it is to add the human element to a tech organization’s security strategy. Below, I’ve outlined a brief response, as requested, on the topic in your HARO query:
A great way to boost security awareness is to create "security champions" in different departments.
These champions are tech-savvy team members, either volunteers or handpicked by leadership—in our case, the head of our security lab. They act as cybersecurity advocates within their teams and undergo specialized training to stay updated on security practices and threats.
These champions foster a security-conscious culture by leading discussions. They share quick tips and serve as contacts for security concerns. This decentralized approach makes security part of the daily workflow. It helps employees adopt secure behaviors more easily.
Ali Qamar
Founder and Director, ExtremeVPN
Seth Geftic
One initiative we’ve found incredibly impactful is interactive, scenario-based security awareness training. Having a security awareness training that goes beyond the typical “check the box” approach is key in ensuring employees actually get something out of it.
People learn best when they’re actively engaged, and using real-world scenarios does that.
Some ideas are scenarios where users must recognize phishing attempts, social engineering tactics, and other potential threats, things they might realistically face in their daily work life.
An hands-on approach like this fosters not only awareness but also confidence, turning each and every employee into an active line of defense.
Seth Geftic
Vice President of Product Marketing, Huntress
Alex Li
Due to the involvement of user data in our work and the fact that almost all of our work is done online, we have always attached great importance to fostering a sense of cybersecurity awareness in our workforce.
Our main way is to implement a cybersecurity training program. We use online courses and regularly organize offline collective learning to enhance employees’ understanding of security threats. The training covers common issues such as password management, data protection, and remote work security, and shows the severity of security vulnerabilities in real-life cases.
We also set up some Q&A questions and a reward mechanism to encourage employees to join actively and strengthen their security awareness. In addition, we conduct some cybersecurity simulation exercises, in which our technology team will simulate common network attack scenarios such as phishing emails, malware downloads, etc. Employees can learn how to identify and respond to potential threats in a secure environment and make cybersecurity a conscious behavior in daily work.
The Techronicler team thanks these experts and business leaders for taking the time to share these valuable tips on security awareness in a tech workforce.
Connected Posts:
Security Awareness in a Tech Workforce: The Human Element – Part 1
Security Awareness in a Tech Workforce: The Human Element – Part 3
If you wish to showcase your experience and expertise, participate in industry-leading discussions, and add visibility and impact to your personal brand and business, get in touch with the Techronicler team to feature in our fast-growing publication.
The Techronicler Team
Categories
- Business & Strategy (18)
- News & Trends (7)
- People & Culture (10)
- Technology Deep Dives (5)
- Tools & Platforms (9)
Recent Posts
- Fighting Back Against Deepfakes: Cybersecurity Strategies for 2025 12 Dec, 2024
- State of the Remote Workplace: Predictions for 2025 12 Dec, 2024
- The AI Data Dilemma: Balancing Innovation with User Rights 12 Dec, 2024
- The Innovation of AI Chatbots: A Call for Ethical Reckoning 12 Dec, 2024
- Remote Work’s Uncertain Future: Challenges and Headwinds in 2025 12 Dec, 2024
You may also like
