Enhancing Cybersecurity Training: Effective Learning Strategies, Clear Communication, and Demand-Driven Programs
Best practices Effective Learning Strategies, Clear Communication, and Demand-Driven Programs in Cybersecurity Users: Training providers (public) | Training providers (private) | SMEs | Theme: Reskilling and upskilling | Action: Professional training | Beneficiaries: Industry | SMEs | Labour force (employed) | Labour force (unemployed) CYRUSCYRUS Project Enrico Frumento, CEFRIELAlessia Golfetti, Deep Blue In the constantly evolving realm of cybersecurity, the human aspect is crucial yet frequently underestimated. Cybersecurity involves protecting IT systems from threats posed by cybercriminals. These criminals might aim to manipulate systems, steal or export data, or disrupt or alter services. However, what occurs when individuals, rather than IT systems, become the focus of these attacks? Moving from targeting systems to targeting people necessitates a different methodology and a shift in tactics. The CYRUS European project developed personalised cybersecurity training programmes specifically for the manufacturing and transport sectors. The project identified key findings regarding the distinct skill shortfalls and training necessities within these industries. These sectors’ peculiar challenges are not merely technical. There is a strong request of personalised training to enable employees at every level, from the factory floor to the executive suite, to recognise and counter cybersecurity threats effectively. The other need is the decoding of complexity of cybersecurity, which often is more focused on basic skills and personal cyber hygiene. The challenge? Today, we witness an increasing demand for advanced skills and a chronic lack of dedicated time from learners. Due to these challenges, cybersecurity experts and instructors have explored alternative teaching methodologies in cybersecurity training. Cybersecurity is one of the most challenging areas due to the rapidly changing Tactics, Techniques, and Procedures (TTPs) used in cybercrime. Defensive technologies are keeping up with the same speed of change. This challenge is where CYRUS comes in – experimenting with pedagogical methodologies to enhance and make cybersecurity training more efficient. On one hand EU is heavily investing in creating training opportunities, but with a quite often sub-optimal approach. The result is a crowded panorama of training offerings, sometimes overlapping and of hetereogeneous quality. One of the challenges of CYRUS was to create a training catalogue which is clear, multilingual, prepared with modern pedagogical approach and ground based on which are the real pains of the working forces and companies. Our solution Select the proper learning paradigm among pedagogy, andragogy and heutagogy, especially cybersecurity learning: Instructional methodologies are categorised into four macro areas: Non-Interactive Learning, Interactive Learning, Shared Learning, and Evaluation and Monitoring, each tailored to address the unique needs of adult learners. Non-interactive learning methodologies, rooted in traditional pedagogy, emphasise direct instruction and structured content delivery. Interactive Learning methodologies, informed by andragogical principles, prioritise active engagement and collaboration among learners. Shared Learning methodologies, inspired by heutagogical principles, underscore the importance of community, collaboration, and knowledge-sharing. Evaluation and Monitoring methodologies are crucial in assessing learning outcomes and guiding ongoing improvement efforts. Do massive use of instructional design: The instructional design approach for the CYRUS Project reflects a dynamic and adaptive framework rooted in the principles of pedagogy, Andragogy, and heutagogy. Clarity of language: use the ISO 24495-1:2023 on plain language Ad-hoc training: Root your training catalogue on ground truth, which means the actual pains and lack of companies and people. For example, in the CYRUS project, one of the most requested courses was on personal and corporate cyber hygiene, which reflects the fear of most people of wrongdoing and perils in the cyber realm. We started to affect behavioural shifts in cybersecurity from there. Outcomes CYRUS free Courses catalogue: The CYRUS project is ongoing, and the course catalogue will be delivered in April. Chunk courses, choose the best learning paradigm, and keep content simple (i.e., the KISS approach) but effective: The pilot programs, performed between October 2024 and February 2025, helped us identify some interesting challenges and refine the training content. One of the most significant findings is the necessity to present the material in small, interactive chunks (e.g., chunking was preferred over nudging). This approach aligns with current trends in online training in other educational sectors, but less on cybersecurity, where long and complex courses are still the norm. Basic skills are the most requested: There is a greater demand for basic skills that are immediately applicable to everyday work. For instance, the most requested course was on personal and corporate cyber hygiene to protect themselves, their families and loved ones, and the corporation. Key takeaways Explore and Apply New Learning Paradigms: Effective cybersecurity training requires selecting the right approach or combination of approaches—pedagogy, andragogy, or heutagogy—based on the audience. Given that many learners are professionals balancing work and training, programs must be flexible, engaging, and tailored. Additionally, training programs for trainers are essential to ensure effective knowledge transfer. Cybersecurity Training must go beyond technical skills, behavioural shifts are key: Cybersecurity training is a risk reduction method that enhances an organization’s overall security posture. Training should foster a cultural shift where security is seen as a way to improve both personal and professional well-being. Instead of reinforcing a “”toxic culture of error,”” training should make online security natural and stress-free. The Role of Instructional Design: A strong instructional design framework, like the one used in CYRUS, helps create structured, impactful, and adaptive cybersecurity training programs. Clarity in Communication: Using ISO 24495-1:2023 plain language principles ensures that complex cybersecurity concepts are easily understandable, making training more accessible. Demand-Driven Training for Relevance: Cybersecurity training should be rooted in real-world concerns. In the CYRUS project, cyber hygiene training was in high demand, highlighting the importance of addressing learners’ fears and practical needs. This approach increases adoption and drives meaningful behavioral change. Learn more here
Targeted digital skills training for job seekers in Cyprus
Best practices Targeted Digital Skills Training for Job Seekers in Cyprus Users: Training providers (public) | Training providers (private) | Theme: Reskilling and upskilling | Action: Education programmes/courses | Beneficiaries: Industry | SMEs | Learners (STEM background) | Learners (non-STEM background) | Labour force (employed) | Labour force (unemployed) LEVELUPlevelup-skills.eu Dr Celia Hadjichristodoulou Christiana Stylianou Stephani Theophanous The Level Up project supports the upskilling and reskilling of 15,000 business leaders or managers, SME professionals and job seekers in advanced digital skills. It provides industry-relevant, short training courses across Cyprus, Germany, Greece, Italy, Finland, Hungary, and Poland. The business model of such courses is built around practicality, relevance, and wide accessibility, but also requires high engagement rates and meaningful career impact, to ensure they are sustainable in the long run. The challenge? GX set out to train 1,510 people in digital skills from the project’s target audience. However, reaching the final target required a differentiated approach, as the project operated in a competing digital skills training landscape. The main challenge was ensuring high engagement and meaningful participation, despite numerous competing free and paid online training programs. Simply offering digital skills courses was not enough—they needed to be distinctive, highly practical, and directly relevant to participant needs. As revealed through a detailed needs assessment conducted by GX and the Careers Office of one of Cyprus’ largest universities, some of the major barriers to effective digital upskilling included: Existing digital skills training was too broad and lacked practical, industry-specific applications. Many available courses were not offered in Greek, making them less accessible to local professionals and SMEs. Job seekers and SME employees/owners strongly demanded specialised training in AI applications, digital marketing strategies, and no-code development tools. Our solution To address these challenges, Level Up conducted an initial assessment of digital skills gaps within SMEs, identifying thematic areas with the most urgent need for specialised training, i.e. data analytics, social media marketing, advanced Excel, cybersecurity, and Artificial Intelligence (AI), among others. Those thematic areas informed the design of targeted training courses, ensuring alignment with real-world industry demands. The project also incorporated a hybrid learning model, combining online and in-person instruction to maximise accessibility. GX proceeded with launching three targeted digital skills courses, delivered online via Zoom, focusing on: AI fundamentals TikTok marketing for SMEs Website development using no-code tools Outcomes 400 Registrations per session 150 Active participants per session 60 Asynchronous learners watched the course recordings By mid-2024, GX had already trained approximately 800 participants in various digital skills topics, laying the groundwork for the final Phase 2 of the training initiative. By early 2025, with the above high-demand courses and in combination with some additional courses on topics related to PowerBI and Advanced Excel, GX had successfully trained over 1,500 participants, surpassing the project’s initial goal. Feedback from the course evaluation survey indicated that many participants from the three high-demand courses found the training highly relevant and aligned with their needs. This reinforced the importance of specialised and practical digital training, ensuring that courses addressed real-world applications and industry demands. Building on this success, additional seminar-based courses were introduced for various age groups, to ensure continuous learning opportunities and keep up with emerging digital trends. As a VET provider, GX utilised its expertise to expand its course offerings, maintaining relevance and adaptability in digital skills training. In addition, the high engagement rates encouraged new collaborations with instructors from the Level Up project, strengthening the impact and outreach of digital upskilling efforts and allowing for the further development of new training initiatives through organisations like the Human Resource Development Authority of Cyprus (HRDA). Key takeaways Embrace continuous adaptation of digital skills training to reflect emerging trends and participant feedback. Develop and update courses iteratively, based on real-time engagement metrics and evaluations, enhances the long-term impact and sustainability of training initiatives. Collaborate with universities, industry experts, and experienced trainers to improve course quality and expand outreach, ensuring higher participation across diverse demographics. Design modular courses with focus on scalability and adaptability to diverse audiences. Customisation and localisation are essential for advancing engagement, inclusivity, and sustainable digital skills development. Learn more here