Much has been made about the\u00a0cybersecurity skills gap, and for good reason. There is a scarcity of cybersecurity professionals worldwide, which makes networks and those who depend on them\u2014which is almost everyone\u2014less safe. This is compounded by the fact that humans continue to be the weakest link in an organization\u2019s cybersecurity posture. There is an insufficient number of professionals to keep networks secure, and there is a general lack of cybersecurity awareness by employees making basic mistakes that create greater cyber risk.Clearly, employees need consistent,\u00a0high-quality training\u00a0on basic cybersecurity and cyber-awareness. One barrier, though, is that in today\u2019s machine-speed business environment, it is difficult to break away from daily tasks to take part in traditional live or online training initiatives that require long blocks of time. Organizations need a new training paradigm that delivers appropriate content without disrupting business.The Benefits of Non-Traditional TrainingThe traditional view of training is of people sitting in a classroom for several hours or days with an instructor or facilitator at the front of the room. Or of sitting in front of a computer working through many modules of a self-pace training course. While these methods of training can be quite effective, the field of training and education has evolved considerably over the last several years.There are many forms of less traditional training methods that have proven to be very effective and can address challenges CISOs are facing in building a truly cyber aware workforce. Implementing many of these non-traditional techniques means that employees are away from their workplace far less (in some cases not at all) and transforms the learning experience from an isolated event where the learner \u201cconsumes training content\u201d toa culture of continuous learning where employees are \u201cactive participants\u201d in a more informal, social, interest-driven learning process.There are many scientific benefits to some non-traditional training techniques such as reduction of cognitive load leaving learners feeling more engaged and increasing the levels of information retention. The scientific benefits are beyond the scope of this post, but there is no shortage of scientific data available to anyone online. Examples of non-traditional training techniques include:Job Aids:\u00a0As stated above, training doesn\u2019t always need to be employees sitting in a classroom. There are many times when employees need to perform tasks that are exceptions to their day-to-day routine and that can be quite complicated and unfamiliar. Often these tasks can be learned far more effectively through the use of job aids. A good example of this is when an employee receives an email that could be malicious. Rather than wading through a large training manual or trying to remember the specific characteristics of malicious emails that were discussed in a previous class, an employee can reach for a job aid. This type of job aid could be as simple as a two-sided laminated sheet with one side describing the characteristics of various malicious emails and the other side with simple flow charts of what to do. This is essentially \u2018Just-in-Time\u2019 learning that will soon become second nature to the employee.Microlearning:\u00a0Microlearning is a general concept of providing relatively small chunks of learning to participants where and when it is appropriate. Microlearning content can be delivered in a variety of ways ranging from modern learning management systems (LMS) that push microlearning content to users. Or it can be through less formal means such as quizzes integrated into regular news letters or informal activities. Microlearning is an ongoing trend that meets the particular needs of today\u2019s fast-moving organizations and their employees. \u00a0While it is a general concept that applies to a number of techniques, Microlearning is best suited for skills-based learning which is quite applicable to cybersecurity skills and awareness. With the landscape changing so often, microlearning can be delivered regularly to reinforce security topics and required skills, increasing the odds of retention and compliance.Gamification: Gamification is a technique using elements comprised of video game design in learning environments. The goal of gamification is to engage learners through familiar fun activities and in some cases create a competitive and or social environment. By gaining points, elevating their status level, getting to the top of a leaderboard or one of many other gaming techniques, users are inspired to continue learning. Gamification of learning can be implemented in a number of ways and to a number of degrees. It can be as simple as awarding points as people participate in ongoing microlearning activities, or more complex live in-person \u201ccapture-the-flag\u201d competitions. From a cybersecurity awareness perspective, gamification of learning could be implemented in conjunction with MIS teams sending out simulated phishing attacks and awarding points to employees who avoid the attacks and can identify various characteristics. The Fortinet XPerts Academy event in Latin America is a good example of gamification being used in a much more extensive manner to create excitement and engagement before a training event even starts. Take a look at the\u00a0challenge video\u00a0sent to registered participants.\u00a0\u00a0\u00a0Digital Badging:\u00a0Digital badges are defined as \u201ca validated symbol or indicator of an accomplishment, skill, quality or interest\u201d. While not a training technique itself, digital badging can be a great tool to motivate behavior and engage learners by recognizing achievement. Digital badging can also be used as a mechanism to communicate a person\u2019s status or membership within a community. In fact, digital badging is quickly becoming an alternative to traditional technical certification designations that often require significant time and financial investment by individuals. In 2011 the whitepaper \u201cAn Open Badge System Framework\u201d by Peer 2 Peer University and The Mozilla Foundation became the catalyst for what has become an effective network of open digital badging systems that allow individuals to share their badges broadly across the internet with peers, credentialing bodies, potential employers and others. This can be a great enabler for CISOs and HR departments wanting to assess skills and knowledge of potential new hires into an organization. It can also be a great tool for internal compliance teams to easily measure and report on critical cybersecurity awareness of the general employee population.\u00a0Awareness Campaigns: While not as technological as gamification or digital badging, an often overlooked method of training is leveraging existing awareness campaigns. These campaigns can be focused specifically on a training initiative such as cybersecurity awareness, or could be larger campaigns that are well aligned with your learning objectives \u2013 such as Cybersecurity Awareness Month. They can be internal campaigns or external campaigns that typically provide a significant number of resources and support. The Association for Talent Development for example promotes an\u00a0Employee Learning Week\u00a0each year, citing a growing skills gap and the need to remain competitive in today\u2019s global economy. An industry awareness campaign like this can be a great vehicle to launch or expand a cybersecurity awareness campaign.Developing a Cyber Aware WorkforceNo matter which training formats you choose, you will need solid cybersecurity information to convey. Below are some best practices that should be included in every training initiative aimed at creating a Cyber-Aware Workforce.Overhaul your passwordsFor now, passwords remain a necessary evil. Because we have so many online accounts, it\u2019s too hard to remember that many different passwords. So, we tend to use the same password for all of them.Instead, try one of these options. Use a password vault that stores the username and password for each account, so all you have to remember is the single password for that application, and it takes care of the rest. Or create a tier of applications and then create more complex passwords to remember for each group. One set for sites like social media, another for places you pay your bills and another for your bank.Two-factor authentication is an additional option, requiring you to enter a password and then validate that login using some other form of authentication, such as entering a code sent to your mobile device. This significantly increases the security of your accounts and data.Become email and web scam-savvyNever open an email or click on an attachment from someone you don\u2019t know \u2013 especially when it includes an enticing subject line, such as a cash reward or a bill for something you didn\u2019t purchase. In addition, know that compromised accounts are regularly used to send malware to individuals in their contact list because recipients are far more likely to open those emails and attachments. If an email message from someone you know seems strange or out of character, check with them first before you open it.Don\u2019t click on links in advertisements sent to your email or posted on websites unless you check them first. Does the website look professional? Are there lots of popups? Is there bad grammar or misspelled words?\u00a0If you hover your mouse over a link, you should be able to see the real URL.\u00a0Does it replace letters with numbers, or is it unusually long? If so, don\u2019t click on it.Check your Wi-FiPublic Wi-Fi access points are not always safe. Hackers can connect to a public access point and then broadcast themselves as that access point, which means they can intercept all data between you and your online shopping site, bank, home security system and so on.\u00a0It\u2019s often hard to tell a good access point from a bad one. Ask an establishment for the name of its Wi-Fi SSID before you connect. And consider installing VPN software on your device so you can make a secure, encrypted connection to a known service.Defend against viruses and malwareFind industry- and consumer-recognized anti-malware software, keep it updated and run it regularly. For more advanced users with a laptop or desktop, also consider maintaining a clean virtual machine on your device that you can switch to for your more security-sensitive browsing or to perform online transactions where security is paramount.Update your devicesHackers are highly adept at targeting vulnerabilities that are already well known but which are not being protected against. The developers of your devices, as well as the apps you run on them, all issue regular security updates to protect you from known threats. Download and run these updates as soon as they become available.A Continuous Training and Education CultureCybersecurity remains a primary concern for all organizations, and cybersecurity awareness training needs to be part of any successful strategy to keep networks and data safe. The BYOD, work-anywhere culture increases risk, but it also provides greater opportunity to train employees on good cybersecurity practices using a variety of non-traditional training techniques. By evolving your organization\u2019s training strategy to include a variety of non-traditional techniques for your cybersecurity needs, you have the potential to do more than build a Cyber-Aware Workforce, you have the potential to change the overall learning culture of your organization and become a true\u00a0Learning Organization.\u00a0\u00a0Learn more about Fortinet\u2019s\u00a0NSE Institute\u00a0programs, including the\u00a0Network Security Expert program,\u00a0Network Security Academy program\u00a0and\u00a0FortiVets program.