To support this challenge, we applied our 20 years of experience in the security industry to develop Riscure Academy – a training solution designed to build more robust security competence and embed foundational and advanced security knowledge at different levels of your organization, in a scalable and effective way.
The science behind the Riscure Academy
Over the past 2 years, we have been on a mission to deliver security training in a more optimal way, to help organizations drive security forward. We also were forced to innovate due to Covid and a more remote world.
The most important takeaways from our experience are the following:
- ELearning doesn’t work – online learning has many great qualities. It scales very well and allows us to get information in front of a lot of people fast, with a low impact on your organization. But with a training industry standard 6% completion rate and a lack of context, which an experienced trainer usually brings to the table, pure self-directed online training is not something we can fully embrace.
- Classrooms don’t scale – historically, our customers have loved having trainers present in the classroom, and we do still do classroom style training for certain programs. It works great for dealing with the nuances and complexity of hardware security, and we can get a lot done in a few days. But this approach is not very scalable for our trainers nor your organization. Trainees are away for days at a time, and if they leave your organization tomorrow, you’re back to square one with a knowledge gap. Moreover, there is often just too much information and bad coffee in a pressure cooker setting for this to be effective for knowledge transfer and retention.
We also learned a lot from popular learning models and frameworks, like 70-20-10 and Ebbinghaus Forgetting Curve / Spaced Repetition. Applying these pragmatically, we know we need to be actively mentoring during training, offering a lot of interactivity and practice/assignments, as well as spacing out our training over some reasonable amount of time.
So how do we more effectively train large numbers of trainees on security in an ongoing way?
While we do still train in the classroom on occasion or when the material demands it, many of the programs in our portfolio now combine online learning with live (virtual) interaction with our trainers. We incorporate the best of both worlds into the Riscure Academy learning experience platform. Trainees get a seamless and digital learning experience while still being able to interact with experts periodically.
So how does this work?
For our online programs, our blended learning approach combines
- self-paced e-learning on our learning platform, with
- lots of interactivity and practice using embedded simulators and even physical targets, includes
- periodic live mentoring sessions (on Zoom) led by our senior & principal analysts, and adds
- assessments with a certificate for maximum engagement & high completion rates.
We structure this all into a seamless experience for a group of trainees (typically 4-10) who follow the program together. This helps with accountability, a sense of a team effort, and ultimately very high completion rates. The advantage of this is that Riscure can run many programs simultaneously, remotely, and unlike traditional training, they are very effective in transferring knowledge.
Who is our training for?
We offer a variety of programs, from awareness about ISO 21434 aimed at decision-makers, managers, and architects, to fundamental embedded systems security training for anyone, to expert-level training on Designing Secure Bootloaders. We also provide highly practical training on SCA & FI using Riscure Testing Tools specifically.
Trusted Security Training Partner
While we offer a wide portfolio of programs on security training, we understand that needs differ from market to market and customer to customer. There is no easy one size fits all solution. Within the scope of our portfolio, we work with you to develop curriculums of often multiple programs per group or audience type to address a variety of needs.
How do we support you?
Riscure Academy is aimed at providing support to enterprises in a variety of use cases. For example:
- Upskilling technical teams on security, with a blue or red team perspective, enabling them to identify common and recurring security mistakes or develop new products with security built-in from the start;
- Periodic onboarding support for new hires: from zero to hero with the help of Riscure Academy;
- A refresher to enable your team to stay relevant/up to date;
- Bringing management up to speed on the fundamentals of embedded system security;
- Perform a team skill assessment to analyze the skill level of your team and get them up to standard.
- And much much more!
Do you want to know more about Riscure Academy’s new blended approach? Tune in to our on-demand webinar Fast & Curious: the Riscure way.
Take a look into the new learning platform from Riscure Academy in this short demo.