learning transfer
play

LEARNING TRANSFER WHY DOES IT FAIL Identification of training needs - PowerPoint PPT Presentation

P RACTICAL S ECURITY A WARENESS L ESSONS L EARNT AND B EST P RACTICES Stefan Schumacher sicherheitsforschung-magdeburg.de stefan.schumacher@sicherheitsforschung-magdeburg.de DeepSec 2019 S TEFAN S CHUMACHER (@0 X K AISHAKUNIN ) P RACTICAL S


  1. P RACTICAL S ECURITY A WARENESS L ESSONS L EARNT AND B EST P RACTICES Stefan Schumacher sicherheitsforschung-magdeburg.de stefan.schumacher@sicherheitsforschung-magdeburg.de DeepSec 2019 S TEFAN S CHUMACHER (@0 X K AISHAKUNIN ) P RACTICAL S ECURITY A WARENESS D EEP S EC 2019 1 / 22

  2. A BOUT ME S TEFAN S CHUMACHER (@0 X K AISHAKUNIN ) P RACTICAL S ECURITY A WARENESS D EEP S EC 2019 2 / 22

  3. T HE O BSTACLES OF A T RAINING ◮ Motivation of your Workforce ◮ Instructional Design of a Security Awareness Campaign ◮ Dealing with Complexity ◮ Transferring the Training Outcomes to the Job S TEFAN S CHUMACHER (@0 X K AISHAKUNIN ) P RACTICAL S ECURITY A WARENESS D EEP S EC 2019 3 / 22

  4. M OTIVATION T WO F ACTOR T HEORY BY H ERZBERG ◮ satisfaction and discontent are independent dimensions ◮ discontent is raised by extrinsic factors status, fear of losing your job, relations between coworkers and superior ◮ satisfaction is raised by intrinsic factors sense of achievement, recognition, taking over responsibility ◮ you actually can only demotivate people S TEFAN S CHUMACHER (@0 X K AISHAKUNIN ) P RACTICAL S ECURITY A WARENESS D EEP S EC 2019 4 / 22

  5. M OTIVATION INTRINSIC / EXTRINSIC ◮ Intrinsic motivation: behaviour that is driven by internal rewards ◮ Extrinsic motivation: behaviour to earn external rewards or avoid punishment S TEFAN S CHUMACHER (@0 X K AISHAKUNIN ) P RACTICAL S ECURITY A WARENESS D EEP S EC 2019 5 / 22

  6. M OTIVATION ◮ good communication means to motivate the other party ◮ motivation means the other party shows a behaviour I want them to show ◮ motivation means to drop an old behavioural pattern in favour of a new pattern ◮ motivation means to address an unfulfilled need and showing how to fulfill it ◮ the better someone can picture the fulfillment of the need, the better motivated they will get S TEFAN S CHUMACHER (@0 X K AISHAKUNIN ) P RACTICAL S ECURITY A WARENESS D EEP S EC 2019 6 / 22

  7. M OTIVATION Don’t sell the steak – sell the sizzle S TEFAN S CHUMACHER (@0 X K AISHAKUNIN ) P RACTICAL S ECURITY A WARENESS D EEP S EC 2019 7 / 22

  8. M OTIVATION K EEP IN MIND ◮ Only current behaviour can be influenced at once! ◮ Every recurring behaviour has been trained through learning processes. ◮ Changing recurring behaviour requires new learning processes. ◮ Every learning process takes it’s time. S TEFAN S CHUMACHER (@0 X K AISHAKUNIN ) P RACTICAL S ECURITY A WARENESS D EEP S EC 2019 8 / 22

  9. D IDACTICS / I NSTRUCTIONAL D ESIGN ◮ teaching methods ◮ theory and practice of teaching and learning ◮ the science that turns you into a teacher ◮ general didactics: general teaching methods, how learning and teaching works, how to structure teaching ◮ specific didactics: with regards to a specific learning field, eg. subjects in school ◮ learning outcomes might get obsolete ◮ teaching a click path isn’t viable S TEFAN S CHUMACHER (@0 X K AISHAKUNIN ) P RACTICAL S ECURITY A WARENESS D EEP S EC 2019 9 / 22

  10. D IDACTICS C OMPETENCIES ◮ find roles: who does what and how ◮ professional fields of activity (according to a profession) ◮ learning situation and professional action S TEFAN S CHUMACHER (@0 X K AISHAKUNIN ) P RACTICAL S ECURITY A WARENESS D EEP S EC 2019 10 / 22

  11. C OMPLEXITY ◮ psychological regulation of work � IO Psychology ◮ theory of action ◮ decomposition of a complex action into less complex actions ◮ taking away the act of making a decision by establishing rules eg password rules S TEFAN S CHUMACHER (@0 X K AISHAKUNIN ) P RACTICAL S ECURITY A WARENESS D EEP S EC 2019 11 / 22

  12. L EARNING T RANSFER ◮ the workforce learnt something ◮ but doesn’t transfer it on the job ◮ for several reasons ◮ this is a huge problem in trainings S TEFAN S CHUMACHER (@0 X K AISHAKUNIN ) P RACTICAL S ECURITY A WARENESS D EEP S EC 2019 12 / 22

  13. LEARNING TRANSFER WHY DOES IT FAIL ◮ Identification of training needs and interests of the workforce ◮ Identification of roles the relevant learning outcomes ◮ Determination of learning contents and learning places ◮ instructional design and teaching methods ◮ Cost Control ◮ Success Control and Evaluation S TEFAN S CHUMACHER (@0 X K AISHAKUNIN ) P RACTICAL S ECURITY A WARENESS D EEP S EC 2019 13 / 22

  14. L EARNING T RANSFER ◮ on the job ◮ wrong selection of participants ◮ learning outcomes are undefined or not clear enough ◮ learning contents don’t fit to the job ◮ training is not accepted and carried by management and employees ◮ no time for the training and transfer of the training outcomes ◮ by the learners ◮ lack of insight into the applicability of the learning contents on the job ◮ lack of practise of the new behaviour ◮ lack of motivation on the job S TEFAN S CHUMACHER (@0 X K AISHAKUNIN ) P RACTICAL S ECURITY A WARENESS D EEP S EC 2019 14 / 22

  15. E VALUATION 1. the methodologically sound measurement 2. the science-based benchmarking of processes and outcomes 3. to better understand and design practical training measures through the evaluation of effectiveness, controlling and reflection To achieve this, we have to methodise and document processes and outcomes S TEFAN S CHUMACHER (@0 X K AISHAKUNIN ) P RACTICAL S ECURITY A WARENESS D EEP S EC 2019 15 / 22

  16. E VALUATION T ARGETS ◮ the success of a completed training ◮ gather information for the instructional design of future trainings ◮ help reflect on a training ◮ to estimate and justify the costs of a training especially the costs of not doing the training ◮ management loves business indicators ◮ CFO: What happens if we spend money training our people and then they leave? CEO: What happens if we don’t and they stay? S TEFAN S CHUMACHER (@0 X K AISHAKUNIN ) P RACTICAL S ECURITY A WARENESS D EEP S EC 2019 16 / 22

  17. S TORYTELLING S TEFAN S CHUMACHER (@0 X K AISHAKUNIN ) P RACTICAL S ECURITY A WARENESS D EEP S EC 2019 17 / 22

  18. W HY ? ◮ Motivation ◮ Show how easy it has become to start generic attacks with Kali, Metasploit etc. ◮ Show the consequences of a successfull hack ◮ Show that unfocused mass attacks happen all the time ◮ Storytelling S TEFAN S CHUMACHER (@0 X K AISHAKUNIN ) P RACTICAL S ECURITY A WARENESS D EEP S EC 2019 18 / 22

  19. S TORYTELLING ◮ lively storytelling motivates better than a dry list of facts ◮ has been used for centuries in all cultures of the world ◮ very good for the transportation of complex knowledge ◮ generates memories and supports learning mechanisms ◮ embed a Live-Hacking into a fitting story S TEFAN S CHUMACHER (@0 X K AISHAKUNIN ) P RACTICAL S ECURITY A WARENESS D EEP S EC 2019 19 / 22

  20. S TORYTELLING L IVE -H ACKING FOR TEACHERS ◮ Hacker is a 15 year old pupil ◮ How long does he take to learn how to hack a Windows PC? (Youtube, 1h) ◮ What does he have to know and be able to do? (Almost nothing) ◮ Which Software does he need? (Kali, Metasploit) ◮ Where does he find those hacker tools? (Google) ◮ Examples: MafiaBoy/Stacheldraht, Operation PayBack ◮ the bottom line: Effort and Complexity S TEFAN S CHUMACHER (@0 X K AISHAKUNIN ) P RACTICAL S ECURITY A WARENESS D EEP S EC 2019 20 / 22

  21. S ONSTIGES ◮ https://sicherheitstacho.eu Eye Candy ◮ https://cybermap.kaspersky.com/de ◮ https://threatmap.checkpoint.com/ThreatPortal/livemap.html ◮ Honeypots (SLAC2018) ◮ https://www.shodan.io/search?query=webcam S TEFAN S CHUMACHER (@0 X K AISHAKUNIN ) P RACTICAL S ECURITY A WARENESS D EEP S EC 2019 21 / 22

  22. ◮ sicherheitsforschung-magdeburg.de ◮ stefan.schumacher@sicherheitsforschung-magdeburg.de ◮ sicherheitsforschung-magdeburg.de/publikationen/journal.html ◮ youtube.de/Sicherheitsforschung ◮ Twitter: 0xKaishakunin ◮ LinkedIn: Stefan Schumacher S TEFAN S CHUMACHER (@0 X K AISHAKUNIN ) P RACTICAL S ECURITY A WARENESS D EEP S EC 2019 22 / 22

Recommend


More recommend