There are several options that are more practical and cost-effective if the company couldn’t afford to develop a SETA program. There are many frameworks, best-practices and guidelines on the internet that are cheap or even free. Frameworks such as NIST frameworks and SANS are both great materials that talk about awareness, basic and advanced security knowledge that are critical for the organization. Agencies that specialized in facilitating security awareness can also be fantastic platforms for employees or management to learn and practice, for example, ISACA offers webinars, certifications, and awareness courses for people to choose and leverage for their need.
Besides materials, companies can also choose to invest its important leaderships or positions in the organization to acquire professional certifications such as CISA, CISSP…… and so on, to help the company create an environment that is more aware in terms of security.
Hey Justin
Your suggestions offer practical and budget-friendly alternatives for companies that might not have the resources to develop a full-fledged SETA program. Utilizing freely available frameworks like NIST and SANS, and using platforms such as ISACA for security awareness training, is a great strategy. One question I have is: How would you prioritize which employees or leadership positions should pursue certifications like CISA or CISSP, and how would you ensure they effectively share that knowledge with the rest of the organization?
1. Online Resources
This tends to be the cheapest but resourceful source of practical training for employees. It is the cheapest and most practical option because some do provide virtual labs for practice and tests as and when needed and saves firms a lot of money if the same training is organized in person.
2. Industry Partnerships
Collaborating with security education-centered entities such as departments of universities or security organizations that are ready and willing to provide security education at no or minimum cost will be a good option.
3. Materials from Open Source
Some organizations provide helpful materials relevant to security training and these materials should be accessed at little or no cost which should be a practical and cost-effective way to train employees who can easily understand such materials.
4. Development in-house
It is a great idea and a practical cost-effective approach to also make use of knowledgeable staff within a firm to provide the needed security training.
I agree with the categories you have laid out here. My post also included developing training in house, industry partnerships, and online resources. One thing I did not include was open-source materials. This could be a very beneficial idea for an organization looking to be cost effective. Obviously, the materials would need to be vetted by subject matter experts within the organization but there is definitely a wealth of available information for the public to utilize in security training programs. Are there any key documents you could recommend an organization to use that is available open source?
Hi Charles,
Sure, there are key documents such as the NIST Special Publication 800-50, SANS Security Awareness Planning Toolkit, CIS Controls, ISSA Security Awareness Program Toolkit and many other documents that are available on open source and can be used by firms.
Cost-effective training will vary from organization to organization; to find cost cost-effective training upper management should decide on the budget that they are willing to implement towards security awareness training. Organizations should also take into consideration how security awareness training programs align with there long term goals and missions. Organizations can then decide on the medium that is the most effective to them whether that’s classroom-style training, security awareness websites and promotions. Helpful hints and visual aids can also prove helpful, acting as a supplement. SANS also provides cyber security training courses that can be beneficial to organizations; with both in person and online courses. Behavioral management tools such as ThreatSIM by Wombat Security, Phishme, or other Learning Management Systems (LMS) are also cost-effective SETA programs that organizations can implement.
I think this is a solid overview of how organizations can approach cost-effective security awareness training. One key element that could be emphasized further is the importance of tailoring training to different employee roles (RBAC) and risk levels within the organization. Also, when deciding on cost-effective solutions, it’s worth considering open-source or free resources in addition to paid options. Platforms like CISA or other government resources offer free training modules that can be supplemented with more specialized paid courses, like those offered by SANS. This hybrid approach could help organizations with tighter budgets. How will the organization assess the ROI of these programs over time? Would you suggest integrating key performance indicators (KPIs) or metrics for measuring both cost-effectiveness and training impact?
Such pragmatic and affordable training could start by focusing on online platforms and offering extensive training courses on cybersecurity concerns at reasonable prices. Websites like Udemy, Coursera, and LinkedIn Learning offer employee security awareness training with flexible learning options. Most courses in those portals could cover general topics like phishing, password security, and social engineering and would quite be suitable for general staff training.
Worth mentioning are more specialized contents from SANS Institute Security Awareness Training and/or the course CEH from EC-Council. Both will be substantially more expensive, but SANS has enterprise packages which generally will be more reasonably priced for groups of employees. In case the budget is low, CISA offers free training and materials to any organization around the world, StaySafeOnline.org of the National Cyber Security Alliance also has free awareness materials to be included in internal programs.
Steven Lin,
Great work with your write-up and outlining cost-effective training options for an organization. What will be the quality of learning outcomes for employees between the general online training program like Coursera and the specialized training program like SANS?
There are various ways by which an organization can find practical cost-effective training for its employees.
Online Resource Platforms
An organization can get free online resources from online platforms like YouTube, edX, Duolingo, LinkedIn Learning, GitHub, etc. which will provide it with a variety of formats of information such as amination content, movies, text, documentaries, and self-paced learning courses.
Industry-Related Resource
Industry-related material is another perfect way in which an organization can continue to get cost-effective practical training resources. The cybersecurity industry does have an equivalent industrial resource such as ISACA, which is an example of how low-cost distribution of training through publications and certification can work. NIST framework or ISO 27001 security framework is also a resource that is available for cost-effective training.
Internal Expertise
One option available to an organization is to train its employees, is through existing internal expertise which is cost-effective. This can be achieved through informal meetings in which expert employees will share their experience, (whether we are talking about experiences with customers or the company internally) or at more organized formal workshops, seminars, or webinars. The organization can introduce mentorship programs where new employees will be supported and guided by experienced hands in the performance of their duties.
Hey Daniel
You’ve presented some excellent options for cost-effective employee training, ranging from online platforms like YouTube and LinkedIn Learning to industry-specific resources such as ISACA, NIST, and ISO frameworks. Utilizing internal expertise through mentorship and organized workshops is also a smart way too.
Great Elaboration there, Daniel! I think infosec training and awareness materials/training sessions should be an investment worthy industry in the coming times. Considering the emerging technologies and concerns regarding information sharing and safeguarding, i think there are people who are doing this for a living! What do you think?
Sara, you have explained a wide range of affordable training options. Indeed, Udemy and Coursera are models of the available training for general staff at low costs. Your remark to government resources such as NIST is right on the mark and often just overlooked for free high-quality materials. I’d want to emphasize that the use of internal experts, as one pointed out, saves costs but ensures this training is relevant to the particular needs of the organization. These are altogether the key avenues that provide flexibility and practicality.
Organizations can find a variety of ways for cost effective employee training:-
1.)Industry-Specific Associations:These associations often offer training and certifications relevant to their specific fields.
2.)Leverage Online Learning platforms:- youtube ,coursera, Udemy
3.)Organizations can reach out to training Agency or use Training agency videos.
4.)Meetings, discussions, webinars and staying updated with the latest news of the topics.
5.)EC-Council provides comprehensive training programs, both online and in-person, to help individuals and organizations enhance their cybersecurity knowledge and skills.
By carefully evaluating these options, organizations can find practical and affordable training that meets their employees’ needs and contributes to their overall development.
Just read your take on this matter. Do you think that large organizations should also incorporate some of the free training and awareness materials available through online websites, forums and communities? It could be useful for basic learning, training drills etc. What do you think?
I recommend that organizations find practical, cost-effective training for employees through the following sources:
1) Online Learning Platforms: Websites like Coursera, Udemy, and LinkedIn Learning offer a variety of affordable courses on information security topics, allowing employees to learn at their own pace.
2) Industry Associations: Organizations such as SANS Institute and (ISC)² provide specialized training and certifications that can be beneficial for employees in technical roles. They often offer webinars and workshops that may be more affordable than full courses.
3) Open Educational Resources: Institutions like MIT and Harvard offer free online courses through platforms like edX.
4) Webinars and Conferences: Attending industry webinars and conferences can provide valuable insights and training at little or no cost, often covering current threats and best practices.
You mentioned a lot of alternatives that I didnt consider in my post. I really enjoyed your suggestion of LinkedIn Learning. I have taken some of their classes and I found the information to be easily digestible. You also mentioned the MIT and Harvard free courses. I didnt realize they offered courses on information security, but I have to assume that is some of the best cost-effective training an organization can give to their employees. Those were very creative suggestions and I would definitely recommend them to anyone looking to instill good security practices in their organization!
Organizations can use publicly available standardizations like NIST or SANS. Despite being modeled for federal agencies the information can be interpreted and applied to any organization. Depending on the size and budget of the organization they could use external online/agency training programs already created. Organizations can also supplement their own training programs with tools like ThreatsSIM and PhishMe to understand the vulnerabilities in their organization.
Hi Sarah,
I agree, utilizing standard frameworks like NIST and SANS can help ensure comprehensive coverage of security topics. Incorporating tools like ThreatsSIM and PhishMe can also provide hands-on learning experiences for employees. Do you think customizing these training programs based on industry-specific threats would further enhance their effectiveness
Finding cost effective training will depend on the needs of the organization and their training budget. Once the type of training the organization needs is identified and their training budget is allocated, they can begin looking for cost effective training methods. Professional organizations such as ISACA and SANS may offer discounts on training for current members. One method of training that is cost effective is identifying a key individual and sending that person to a specialized external training program. That individual can then return to the organization and act as the internal trainer within their organization. Much of a SETA program can also be developed within the organization itself and taught by specialized personnel. Vacca Chapter 33 also suggests behavior management tools such as ThretSIM by Wombat security. Behavior management tools can be very cost effective because it allows an organization to tailor their training to key areas of concern. For example, an organization could use ThretSIM to craft fake phishing emails that can be customized by an organization’s department or industry. This platform would allow an organization to be very deliberate and cost effective in the type of training they choose for their employees.
Hi Charles,
Sending out a key individual to a specialized training program is a great idea, not only is it cost-effective, but it can also build a culture of learning and teamwork within the organization. To add to your idea, I think it will be beneficial for an organization to purchase online resources that allow for security awareness across all levels. How might an organization determine who might be the best fit to send to a specialized external training program?
Organizations looking for reasonably priced security training might utilize low-cost courses available on web sites as Cybrary, Coursera, or edX. Free materials from government websites such as NIST and CISA provide helpful rules and toolbox. These choices let companies—especially the smaller ones to get the required training without having to invest much.
Companies may also make advantage of internal resources by having IT professionals provide seminars or security instruction. Affordable security awareness and phishing simulation tools abound on sites like KnowBe4 and Infosec IQ. Combining these outside systems with internal training can help companies very much.
While selecting information security training for employees, it is essential to balance the quality with affordability, making sure that the right training is provided at reasonable cost. Organizations can find practical cost-effective training for its employees via the numerous sources listed below:
1. Online security training platforms (KnowBe4, Cybrary, SANS)
2. Free or low-cost resources (US federal trade commission’s data safety and consumer privacy guidelines, Google phishing quiz, Staysafeonline by National Cybersecurity Alliance)
3. Internal Training/ Knowledge Transfer (delivered via in-house security experts)
4. Government and Non-profit sources (Cybersecurity and Infrastructure Security Agency, National Institute of Standards and Technology, Open Web Application Security Project)
5. Paid Learning Platforms (Udemy, LinkedIn Learning, Coursera)
6. Phishing Simulation Tools (Phishme a paid product & Gofish which is an open source tool)
7. Industry Conferences and Webinars which are free to join upon registration.
Practical cost-effective training is dependent on the budget the organization is willing to spend on security training. For some organizations, it may be cost-effective to develop an in-house program, consisting of presentations created by the organization’s security employees. Organizations with a higher budget could also consult outside organizations, who specialize in developing and administering security training programs. These organizations may also find it beneficial to use behavioral management tools advocated by the Vacca reading. These tools consist of ThreatSIM by Wombat Security, Phishme, or any other highly rated Learning Management Systems.
Organizations seeking practical and cost-effective cybersecurity training for employees have to consider quality as well as affordability of programs. Online learning platforms like Coursera, Udemy, and LinkedIn Learning offer a range of cybersecurity courses at affordable prices, ideal for both general staff and technical professionals. Platforms like Cybrary and Infosec Institute provide cybersecurity-specific training with free basic courses and subscription-based advanced content, while SANS Security Awareness is renowned for high-quality, enterprise-level training solutions. Subscription-based services such as KnowBe4 provide automated training and phishing simulations that help organizations reinforce cybersecurity awareness cost-effectively. Additionally, leveraging in-house expertise for internal workshops and promoting peer-led learning through security champions can be a low-cost way to develop a security focussed mindset. For technical staff, certifications like CompTIA Security+ or (ISC)² Certified in Cybersecurity offer affordable ways to upskill. By combining these diverse resources, organizations can ensure comprehensive and budget-friendly cybersecurity education for their workforce.
To identify the most suitable option, upper management should first determine the budget they are willing to allocate. It’s essential for organizations to align their security training programs with their long-term goals and mission. For some companies with medium to low budget, finding online resources may be the most effective solution. For example, the SANS Institute offers both in-person and online cybersecurity courses that can benefit organizations. Additionally, tools like ThreatSIM by Wombat Security is an useful resource too.
Justin Chen says
There are several options that are more practical and cost-effective if the company couldn’t afford to develop a SETA program. There are many frameworks, best-practices and guidelines on the internet that are cheap or even free. Frameworks such as NIST frameworks and SANS are both great materials that talk about awareness, basic and advanced security knowledge that are critical for the organization. Agencies that specialized in facilitating security awareness can also be fantastic platforms for employees or management to learn and practice, for example, ISACA offers webinars, certifications, and awareness courses for people to choose and leverage for their need.
Besides materials, companies can also choose to invest its important leaderships or positions in the organization to acquire professional certifications such as CISA, CISSP…… and so on, to help the company create an environment that is more aware in terms of security.
Haozhe Zhang says
Hey Justin
Your suggestions offer practical and budget-friendly alternatives for companies that might not have the resources to develop a full-fledged SETA program. Utilizing freely available frameworks like NIST and SANS, and using platforms such as ISACA for security awareness training, is a great strategy. One question I have is: How would you prioritize which employees or leadership positions should pursue certifications like CISA or CISSP, and how would you ensure they effectively share that knowledge with the rest of the organization?
Clement Tetteh Kpakpah says
1. Online Resources
This tends to be the cheapest but resourceful source of practical training for employees. It is the cheapest and most practical option because some do provide virtual labs for practice and tests as and when needed and saves firms a lot of money if the same training is organized in person.
2. Industry Partnerships
Collaborating with security education-centered entities such as departments of universities or security organizations that are ready and willing to provide security education at no or minimum cost will be a good option.
3. Materials from Open Source
Some organizations provide helpful materials relevant to security training and these materials should be accessed at little or no cost which should be a practical and cost-effective way to train employees who can easily understand such materials.
4. Development in-house
It is a great idea and a practical cost-effective approach to also make use of knowledgeable staff within a firm to provide the needed security training.
Charles Lemon says
Hey Clement,
I agree with the categories you have laid out here. My post also included developing training in house, industry partnerships, and online resources. One thing I did not include was open-source materials. This could be a very beneficial idea for an organization looking to be cost effective. Obviously, the materials would need to be vetted by subject matter experts within the organization but there is definitely a wealth of available information for the public to utilize in security training programs. Are there any key documents you could recommend an organization to use that is available open source?
Charles
Clement Tetteh Kpakpah says
Hi Charles,
Sure, there are key documents such as the NIST Special Publication 800-50, SANS Security Awareness Planning Toolkit, CIS Controls, ISSA Security Awareness Program Toolkit and many other documents that are available on open source and can be used by firms.
Lily Li says
Cost-effective training will vary from organization to organization; to find cost cost-effective training upper management should decide on the budget that they are willing to implement towards security awareness training. Organizations should also take into consideration how security awareness training programs align with there long term goals and missions. Organizations can then decide on the medium that is the most effective to them whether that’s classroom-style training, security awareness websites and promotions. Helpful hints and visual aids can also prove helpful, acting as a supplement. SANS also provides cyber security training courses that can be beneficial to organizations; with both in person and online courses. Behavioral management tools such as ThreatSIM by Wombat Security, Phishme, or other Learning Management Systems (LMS) are also cost-effective SETA programs that organizations can implement.
Aaroush Bhanot says
Hi Lily,
I think this is a solid overview of how organizations can approach cost-effective security awareness training. One key element that could be emphasized further is the importance of tailoring training to different employee roles (RBAC) and risk levels within the organization. Also, when deciding on cost-effective solutions, it’s worth considering open-source or free resources in addition to paid options. Platforms like CISA or other government resources offer free training modules that can be supplemented with more specialized paid courses, like those offered by SANS. This hybrid approach could help organizations with tighter budgets. How will the organization assess the ROI of these programs over time? Would you suggest integrating key performance indicators (KPIs) or metrics for measuring both cost-effectiveness and training impact?
Steven Lin says
Such pragmatic and affordable training could start by focusing on online platforms and offering extensive training courses on cybersecurity concerns at reasonable prices. Websites like Udemy, Coursera, and LinkedIn Learning offer employee security awareness training with flexible learning options. Most courses in those portals could cover general topics like phishing, password security, and social engineering and would quite be suitable for general staff training.
Worth mentioning are more specialized contents from SANS Institute Security Awareness Training and/or the course CEH from EC-Council. Both will be substantially more expensive, but SANS has enterprise packages which generally will be more reasonably priced for groups of employees. In case the budget is low, CISA offers free training and materials to any organization around the world, StaySafeOnline.org of the National Cyber Security Alliance also has free awareness materials to be included in internal programs.
Daniel Akoto-Bamfo says
Steven Lin,
Great work with your write-up and outlining cost-effective training options for an organization. What will be the quality of learning outcomes for employees between the general online training program like Coursera and the specialized training program like SANS?
Daniel Akoto-Bamfo says
There are various ways by which an organization can find practical cost-effective training for its employees.
Online Resource Platforms
An organization can get free online resources from online platforms like YouTube, edX, Duolingo, LinkedIn Learning, GitHub, etc. which will provide it with a variety of formats of information such as amination content, movies, text, documentaries, and self-paced learning courses.
Industry-Related Resource
Industry-related material is another perfect way in which an organization can continue to get cost-effective practical training resources. The cybersecurity industry does have an equivalent industrial resource such as ISACA, which is an example of how low-cost distribution of training through publications and certification can work. NIST framework or ISO 27001 security framework is also a resource that is available for cost-effective training.
Internal Expertise
One option available to an organization is to train its employees, is through existing internal expertise which is cost-effective. This can be achieved through informal meetings in which expert employees will share their experience, (whether we are talking about experiences with customers or the company internally) or at more organized formal workshops, seminars, or webinars. The organization can introduce mentorship programs where new employees will be supported and guided by experienced hands in the performance of their duties.
Haozhe Zhang says
Hey Daniel
You’ve presented some excellent options for cost-effective employee training, ranging from online platforms like YouTube and LinkedIn Learning to industry-specific resources such as ISACA, NIST, and ISO frameworks. Utilizing internal expertise through mentorship and organized workshops is also a smart way too.
Parth Tyagi says
Great Elaboration there, Daniel! I think infosec training and awareness materials/training sessions should be an investment worthy industry in the coming times. Considering the emerging technologies and concerns regarding information sharing and safeguarding, i think there are people who are doing this for a living! What do you think?
Sara Sawant says
For cost-effective employee training we can consider:
1) Online Platforms: Udemy, Coursera, LinkedIn Learning.
2) Government Resources: NIST guidelines, free training.
3) Industry Groups: SANS, (ISC)² webinars, workshops.
4) Internal Training: In-house sessions using internal experts.
5) Webinars: Free or low-cost online sessions.
Steven Lin says
Sara, you have explained a wide range of affordable training options. Indeed, Udemy and Coursera are models of the available training for general staff at low costs. Your remark to government resources such as NIST is right on the mark and often just overlooked for free high-quality materials. I’d want to emphasize that the use of internal experts, as one pointed out, saves costs but ensures this training is relevant to the particular needs of the organization. These are altogether the key avenues that provide flexibility and practicality.
Rohith says
Organizations can find a variety of ways for cost effective employee training:-
1.)Industry-Specific Associations:These associations often offer training and certifications relevant to their specific fields.
2.)Leverage Online Learning platforms:- youtube ,coursera, Udemy
3.)Organizations can reach out to training Agency or use Training agency videos.
4.)Meetings, discussions, webinars and staying updated with the latest news of the topics.
5.)EC-Council provides comprehensive training programs, both online and in-person, to help individuals and organizations enhance their cybersecurity knowledge and skills.
By carefully evaluating these options, organizations can find practical and affordable training that meets their employees’ needs and contributes to their overall development.
Parth Tyagi says
Hi Rohith,
Just read your take on this matter. Do you think that large organizations should also incorporate some of the free training and awareness materials available through online websites, forums and communities? It could be useful for basic learning, training drills etc. What do you think?
Lili Zhang says
I recommend that organizations find practical, cost-effective training for employees through the following sources:
1) Online Learning Platforms: Websites like Coursera, Udemy, and LinkedIn Learning offer a variety of affordable courses on information security topics, allowing employees to learn at their own pace.
2) Industry Associations: Organizations such as SANS Institute and (ISC)² provide specialized training and certifications that can be beneficial for employees in technical roles. They often offer webinars and workshops that may be more affordable than full courses.
3) Open Educational Resources: Institutions like MIT and Harvard offer free online courses through platforms like edX.
4) Webinars and Conferences: Attending industry webinars and conferences can provide valuable insights and training at little or no cost, often covering current threats and best practices.
Elias Johnston says
Hi Lili,
You mentioned a lot of alternatives that I didnt consider in my post. I really enjoyed your suggestion of LinkedIn Learning. I have taken some of their classes and I found the information to be easily digestible. You also mentioned the MIT and Harvard free courses. I didnt realize they offered courses on information security, but I have to assume that is some of the best cost-effective training an organization can give to their employees. Those were very creative suggestions and I would definitely recommend them to anyone looking to instill good security practices in their organization!
Sarah Maher says
Organizations can use publicly available standardizations like NIST or SANS. Despite being modeled for federal agencies the information can be interpreted and applied to any organization. Depending on the size and budget of the organization they could use external online/agency training programs already created. Organizations can also supplement their own training programs with tools like ThreatsSIM and PhishMe to understand the vulnerabilities in their organization.
Sara Sawant says
Hi Sarah,
I agree, utilizing standard frameworks like NIST and SANS can help ensure comprehensive coverage of security topics. Incorporating tools like ThreatsSIM and PhishMe can also provide hands-on learning experiences for employees. Do you think customizing these training programs based on industry-specific threats would further enhance their effectiveness
Charles Lemon says
Finding cost effective training will depend on the needs of the organization and their training budget. Once the type of training the organization needs is identified and their training budget is allocated, they can begin looking for cost effective training methods. Professional organizations such as ISACA and SANS may offer discounts on training for current members. One method of training that is cost effective is identifying a key individual and sending that person to a specialized external training program. That individual can then return to the organization and act as the internal trainer within their organization. Much of a SETA program can also be developed within the organization itself and taught by specialized personnel. Vacca Chapter 33 also suggests behavior management tools such as ThretSIM by Wombat security. Behavior management tools can be very cost effective because it allows an organization to tailor their training to key areas of concern. For example, an organization could use ThretSIM to craft fake phishing emails that can be customized by an organization’s department or industry. This platform would allow an organization to be very deliberate and cost effective in the type of training they choose for their employees.
Lily Li says
Hi Charles,
Sending out a key individual to a specialized training program is a great idea, not only is it cost-effective, but it can also build a culture of learning and teamwork within the organization. To add to your idea, I think it will be beneficial for an organization to purchase online resources that allow for security awareness across all levels. How might an organization determine who might be the best fit to send to a specialized external training program?
Yash Mane says
Organizations looking for reasonably priced security training might utilize low-cost courses available on web sites as Cybrary, Coursera, or edX. Free materials from government websites such as NIST and CISA provide helpful rules and toolbox. These choices let companies—especially the smaller ones to get the required training without having to invest much.
Companies may also make advantage of internal resources by having IT professionals provide seminars or security instruction. Affordable security awareness and phishing simulation tools abound on sites like KnowBe4 and Infosec IQ. Combining these outside systems with internal training can help companies very much.
Parth Tyagi says
While selecting information security training for employees, it is essential to balance the quality with affordability, making sure that the right training is provided at reasonable cost. Organizations can find practical cost-effective training for its employees via the numerous sources listed below:
1. Online security training platforms (KnowBe4, Cybrary, SANS)
2. Free or low-cost resources (US federal trade commission’s data safety and consumer privacy guidelines, Google phishing quiz, Staysafeonline by National Cybersecurity Alliance)
3. Internal Training/ Knowledge Transfer (delivered via in-house security experts)
4. Government and Non-profit sources (Cybersecurity and Infrastructure Security Agency, National Institute of Standards and Technology, Open Web Application Security Project)
5. Paid Learning Platforms (Udemy, LinkedIn Learning, Coursera)
6. Phishing Simulation Tools (Phishme a paid product & Gofish which is an open source tool)
7. Industry Conferences and Webinars which are free to join upon registration.
Elias Johnston says
Practical cost-effective training is dependent on the budget the organization is willing to spend on security training. For some organizations, it may be cost-effective to develop an in-house program, consisting of presentations created by the organization’s security employees. Organizations with a higher budget could also consult outside organizations, who specialize in developing and administering security training programs. These organizations may also find it beneficial to use behavioral management tools advocated by the Vacca reading. These tools consist of ThreatSIM by Wombat Security, Phishme, or any other highly rated Learning Management Systems.
Aaroush Bhanot says
Organizations seeking practical and cost-effective cybersecurity training for employees have to consider quality as well as affordability of programs. Online learning platforms like Coursera, Udemy, and LinkedIn Learning offer a range of cybersecurity courses at affordable prices, ideal for both general staff and technical professionals. Platforms like Cybrary and Infosec Institute provide cybersecurity-specific training with free basic courses and subscription-based advanced content, while SANS Security Awareness is renowned for high-quality, enterprise-level training solutions. Subscription-based services such as KnowBe4 provide automated training and phishing simulations that help organizations reinforce cybersecurity awareness cost-effectively. Additionally, leveraging in-house expertise for internal workshops and promoting peer-led learning through security champions can be a low-cost way to develop a security focussed mindset. For technical staff, certifications like CompTIA Security+ or (ISC)² Certified in Cybersecurity offer affordable ways to upskill. By combining these diverse resources, organizations can ensure comprehensive and budget-friendly cybersecurity education for their workforce.
Haozhe Zhang says
To identify the most suitable option, upper management should first determine the budget they are willing to allocate. It’s essential for organizations to align their security training programs with their long-term goals and mission. For some companies with medium to low budget, finding online resources may be the most effective solution. For example, the SANS Institute offers both in-person and online cybersecurity courses that can benefit organizations. Additionally, tools like ThreatSIM by Wombat Security is an useful resource too.