This article was originally published on not your CISO on Medium. Read the full post →
During the last semester (Spring 2024) of my Master of Engineering in Cybersecurity at the University of Maryland, College Park, I joined the Innovation Fellowship cohort at the Academy for Innovation and Entrepreneurship. The project: apply design thinking to security awareness training.
Security awareness training has a reputation problem. Compliance teams love it. Employees hate it. And the data on whether it actually changes behaviour is, at best, mixed. The question I started with was: what would security awareness training look like if you designed it the way a product designer would — starting with the user, not the policy?
This post is a walkthrough of that process.