Enhancing Cybersecurity Training: Effective Learning Strategies, Clear Communication, and Demand-Driven Programs
Best practices Effective Learning Strategies, Clear Communication, and Demand-Driven Programs in Cybersecurity Users: Training providers (public) | Training providers (private) | SMEs | Theme: Reskilling and upskilling | Action: Professional training | Beneficiaries: Industry | SMEs | Labour force (employed) | Labour force (unemployed) CYRUSCYRUS Project Enrico Frumento, CEFRIELAlessia Golfetti, Deep Blue In the constantly evolving realm of cybersecurity, the human aspect is crucial yet frequently underestimated. Cybersecurity involves protecting IT systems from threats posed by cybercriminals. These criminals might aim to manipulate systems, steal or export data, or disrupt or alter services. However, what occurs when individuals, rather than IT systems, become the focus of these attacks? Moving from targeting systems to targeting people necessitates a different methodology and a shift in tactics. The CYRUS European project developed personalised cybersecurity training programmes specifically for the manufacturing and transport sectors. The project identified key findings regarding the distinct skill shortfalls and training necessities within these industries. These sectors’ peculiar challenges are not merely technical. There is a strong request of personalised training to enable employees at every level, from the factory floor to the executive suite, to recognise and counter cybersecurity threats effectively. The other need is the decoding of complexity of cybersecurity, which often is more focused on basic skills and personal cyber hygiene. The challenge? Today, we witness an increasing demand for advanced skills and a chronic lack of dedicated time from learners. Due to these challenges, cybersecurity experts and instructors have explored alternative teaching methodologies in cybersecurity training. Cybersecurity is one of the most challenging areas due to the rapidly changing Tactics, Techniques, and Procedures (TTPs) used in cybercrime. Defensive technologies are keeping up with the same speed of change. This challenge is where CYRUS comes in – experimenting with pedagogical methodologies to enhance and make cybersecurity training more efficient. On one hand EU is heavily investing in creating training opportunities, but with a quite often sub-optimal approach. The result is a crowded panorama of training offerings, sometimes overlapping and of hetereogeneous quality. One of the challenges of CYRUS was to create a training catalogue which is clear, multilingual, prepared with modern pedagogical approach and ground based on which are the real pains of the working forces and companies. Our solution Select the proper learning paradigm among pedagogy, andragogy and heutagogy, especially cybersecurity learning: Instructional methodologies are categorised into four macro areas: Non-Interactive Learning, Interactive Learning, Shared Learning, and Evaluation and Monitoring, each tailored to address the unique needs of adult learners. Non-interactive learning methodologies, rooted in traditional pedagogy, emphasise direct instruction and structured content delivery. Interactive Learning methodologies, informed by andragogical principles, prioritise active engagement and collaboration among learners. Shared Learning methodologies, inspired by heutagogical principles, underscore the importance of community, collaboration, and knowledge-sharing. Evaluation and Monitoring methodologies are crucial in assessing learning outcomes and guiding ongoing improvement efforts. Do massive use of instructional design: The instructional design approach for the CYRUS Project reflects a dynamic and adaptive framework rooted in the principles of pedagogy, Andragogy, and heutagogy. Clarity of language: use the ISO 24495-1:2023 on plain language Ad-hoc training: Root your training catalogue on ground truth, which means the actual pains and lack of companies and people. For example, in the CYRUS project, one of the most requested courses was on personal and corporate cyber hygiene, which reflects the fear of most people of wrongdoing and perils in the cyber realm. We started to affect behavioural shifts in cybersecurity from there. Outcomes CYRUS free Courses catalogue: The CYRUS project is ongoing, and the course catalogue will be delivered in April. Chunk courses, choose the best learning paradigm, and keep content simple (i.e., the KISS approach) but effective: The pilot programs, performed between October 2024 and February 2025, helped us identify some interesting challenges and refine the training content. One of the most significant findings is the necessity to present the material in small, interactive chunks (e.g., chunking was preferred over nudging). This approach aligns with current trends in online training in other educational sectors, but less on cybersecurity, where long and complex courses are still the norm. Basic skills are the most requested: There is a greater demand for basic skills that are immediately applicable to everyday work. For instance, the most requested course was on personal and corporate cyber hygiene to protect themselves, their families and loved ones, and the corporation. Key takeaways Explore and Apply New Learning Paradigms: Effective cybersecurity training requires selecting the right approach or combination of approaches—pedagogy, andragogy, or heutagogy—based on the audience. Given that many learners are professionals balancing work and training, programs must be flexible, engaging, and tailored. Additionally, training programs for trainers are essential to ensure effective knowledge transfer. Cybersecurity Training must go beyond technical skills, behavioural shifts are key: Cybersecurity training is a risk reduction method that enhances an organization’s overall security posture. Training should foster a cultural shift where security is seen as a way to improve both personal and professional well-being. Instead of reinforcing a “”toxic culture of error,”” training should make online security natural and stress-free. The Role of Instructional Design: A strong instructional design framework, like the one used in CYRUS, helps create structured, impactful, and adaptive cybersecurity training programs. Clarity in Communication: Using ISO 24495-1:2023 plain language principles ensures that complex cybersecurity concepts are easily understandable, making training more accessible. Demand-Driven Training for Relevance: Cybersecurity training should be rooted in real-world concerns. In the CYRUS project, cyber hygiene training was in high demand, highlighting the importance of addressing learners’ fears and practical needs. This approach increases adoption and drives meaningful behavioral change. Learn more here