From Infodump to Transformation: Re-imagining Digital Security Training

All right. And I'll have you bring your thoughts to a close. And I'll finally introduce myself. My name is Isabelle. I use they or she pronouns. And I want to tell you the story of how I got here. My background is in public health education. I started off doing HIV prevention work and then rapidly shifted into intimate partner violence primary prevention education. So I focused a lot on how to keep really bad lifealtering things from happening to other people. When I applied to do this talk, I realized like, oh my god, I have actually trained thousands of people over the course of my life. And it kind of blew my mind, but that's a that's a

digression. I worked in nonprofit for about 15 years, and to be honest, nonprofit straight up did not pay the bills. My first job paid me less than $12,000 a year. Not lying. And so literally to pay my bills, I moonlit as a model and I started learning cyber security tactics and privacy tactics in order to protect myself. I was constantly putting myself into vulnerable vulnerable situations and I was worried and I was also living this double life. Right? In my day job, I might be working with children at my night job. Yeah. So, I built this security mindset out of this understanding of just how easy it is for someone to take your data and ruin your entire life.

In my day job, I was often the technical person, the unofficial tech person on staff. I would bring computers back from the dead. I was an Excel an Excel spreadsheet queen. Um, I was the person who was like, "Well, why doesn't the Wi-Fi work? What if I poke it?" Um, and in spite of all of this, in spite of all the tactics I was learning and I was also supporting survivors with, I didn't see myself as a technical person. And in 2020, that changed for me. I attended a workshop put on by uh members of the hacking hustling collective and uh some folks from the electronic frontier foundation and it magic happened. Um EFF and Hacking

Hustling did one thing that I thought I think is they still do this like pretty cool which is they put the ed their education their technical education into context. So, back in 2020, I was learning about encryption and how does encryption work, but within the context of the uh lawful access to encrypted data act. I don't know if anybody here remembers that. It's fortunately dead now, I think, but it was all about like our government wanting to put back doors in. Um, and so I was learning this stuff within the context of understanding how it would impact me, how it would impact the people that I worked with and everybody that I cared about. And that was really

important. It lit this fire in me in that workshop. I think it's also worth mentioning that for the first time I was learning technical things from other women and queer people. So I left that workshop with two understandings starting to bloom within me. one that I was smart enough to understand everything they were talking about. And that was the first time that it happened to me. And two, I was starting to understand that technology was power and that it was power that I could take hold of, that power that I could help my communities take hold of, that we could use to protect each other. And so within a month of attending that training, I was building cyber security guides for

activists. I was trying to get people off of um using like Instagram and Snapchat to organize. Um I was learning about mesh networking. I uh started learning how to code and my world just opened. Six years later, I am now a uh I have a small security and privacy consultancy. I am a volunteer and an organizer with techies for reproductive justice. You can look us up. We do cool stuff. Um and we're still recruiting. Um and then I also work for a cyber security and IT company. Um, I'm here I should say as myself. Uh, I do I'm not representing my employer. Um, and also if my employer if you're watching this, this is not at

you. Um, I started designing this talk long before I worked for you. Um, in all of the roles that I now hold, I work with lay people. I help them understand technology. I help them apply it to their lives. and we figure out how things work together. I do a lot of education, a whole lot one-on-one. I lead trainings. I do PowerPoint free workshops, um, which is really great. Part of me hates that I'm using PowerPoint right now, but so this topic is really important to me. Um, when I'm out there working with folks, I'm seeing a lot of people right now who are scared. And why shouldn't they be when there's all this stuff happening

when they are are bombarded with this information? On the bright side, folks are starting to gain an awareness of, oh, I have data. My data exists and it can be used to harm me, right? So that's great. There's also a lot of folks who are stepping up to fill this need that is arising within our communities. I think that's awesome. I want to encourage that. And I see a lot of folks who are going out into their communities to teach about cyber security and they're coming from a corporate context. Um, and that has some ways of doing things that go along with it that I don't think always works so well. Um, and I'm seeing folks, there goes my mic.

I'm seeing folks fall into some traps and I want to talk about that. I'm seeing a lot that's not working or that I think can be working better. I want to emphasize that like I don't know everything. Um, I am here with ideas. I am here as a peer. Um, I don't think I know more than anybody else here in the room who's out in your communities also doing education. Um, I'm just here to present some ideas and I'm hoping to also learn from you. So, I do want to hear from you throughout this this uh time we have together. So, let's talk about it. When I'm working with other trainers to build trainings, I'm usually I'm usually

seeing them focus on just a few things. Um, primarily content. How much can I pack into this one hour? That is all that I will have with these people. Um, if you're a uh more advanced trainer, maybe you're starting to think about what uh what am I going to put on my slides? Um, am I going to use graphics? um what are things going to look like? If you're a little bit more advanced, maybe you're starting to think about frameworks.

I maybe feel you're a really advanced trainer, you're starting to think about how do I explain things in simpler language, which is great. So, I think we start off with the best intentions when we're going into trainings. Um, and somehow things still go wrong. So, I want to talk about what's not working. And I also want to hear from you. I'm going to start us off. Um, the thing that maybe one of the things that drives me crazy um is death by PowerPoint. Oh my gosh, I'm seeing a couple people nod in sympathy. A couple people are giggling. They know what I'm talking about. You know what death by PowerPoint is? Um, there's a talk on YouTube. It's

a TED talk. You can look it up. Um, it is by a guy named David JP Phillips. I'm not going to get into everything that talk covers. Go watch it yourself. It's less than 20 minutes. I recommend it. Um, death by PowerPoint. I hate it. What are some things that other folks are seeing that are not working? >> Yeah, >> being overly technical to people who aren't in it and just boring them with acronyms. >> Yeah, boring people with acronyms. Being overly technical. Yeah. What else? >> Yeah, >> lots of talking to them and not giving them the chance to engage and try things. >> Absolutely. Talking to people, talking at them, not giving opportunities to

engage, not letting them try things. Yeah. Awesome. Yeah. >> Context removed training where it's hypothetical and not >> Oh my god. Yes. I heard context removed trainings where everything's hypothetical um and it's not anchored in the realities that people are dealing with. Yeah. >> Yes. >> Not telling your learners what you're trying to accomplish. >> Not telling your learners what you're trying to accomplish. Yes. I skipped over that part, didn't I? Uh my hope here is that you walk away with one or two things to try. That's what I'm trying to accomplish. So, I'll backtrack and address that. Thank you. What else isn't working? >> Yeah, >> I guess making it like a checkbox approach and just make it if it's a

yearly requirement or quarterly requirements, make it something that you click through to just check a box and not truly grasp the concept of what you're trying to put out there. >> Yeah, absolutely. Approaching things like checklists. um approaching things like your annual uh security training that everybody hates, right? Even you you in here, you hate it. Most most people hate it, right? Yes. >> Complex scaffolding. I mean, I like to see trainings that grow on each other over time. >> Yeah. >> And that circle back over time to the original subjects to allow people to not only learn but practice them and then circle back. Awesome. Yeah. So, for folks who couldn't hear, not circling

back, not using repetition, not giving folks opportunities to practice and come back and do more. Yeah. Awesome. I'm going to add in uh also that people are getting overwhelmed, especially in community trainings, right? A lot of I've keep seeing this over and over again, like we bombard them with information and then they're at the end they're just like, "Oh my god." like and they don't know. You you've given them everything they need to do, but there's no way they can act on it because emotionally they're just they're overwhelmed. A lot of folks are also just anxious and maybe maybe they leave even more anxious than when they came in because they've just learned like how scary it truly is

out there. So, there's there's a lot of stuff. Um, another one that I see, two more I want to specifically call out. Uh, tool evangelism. Um, I'm a little guilty of this. There are some tools that I think can do no wrong, but um, what I mean by this is, uh, I'll give you an example. I had, um, a neighbor who came to me for support. Um, somebody told her that she should get a burner phone for when she travels cuz she goes to protests sometimes. Um, and so she went out, she bought an iPhone because she knew that that was, you know, going to be the better option. And what did she do? She

logged in with all the same stuff um and put all the same stuff on there until her so-called burner phone exactly resembled her default phone. Um then she was like, "Wait a second, what?" Yeah. So things weren't explained to her. She wasn't given a framework to think about things, right? And then she went out there and she spent a lot of money on something that was completely ineffective, right? Um, another thing that I see is like gatekeeping and weird hierarchies. Um, and I'll I'll I'll get on my soap box about this. Um, we as technical people, um, I don't think it's good when we There goes my mic again. I don't think it's great when we are held as like the

sole keepers of knowledge and when that is reinforced. We are expensive. We are hard to access. Um and if we are not teaching others that this is within their grasp, we are doing them a huge disservice. Okay. I think there's also uh on our part some misplaced expectations um that if we're doing an hour training, people are going to remember everything that we say. Um, I think expecting feelings not to matter is a misplaced expectation. Um, the longer we sit, the more people will learn is another one that I see. Um, where that talking at people leads to learning. I'm doing it right now. I want to ask why are we doing things this way? Right? Especially in the

context of community trainings, we don't have to. We're on our own time. We have room to play. We can experiment. We can do things that don't work and try to do things better the next time. We have room. Okay. So, here I want to go back to this question that you all kindly thought about at the beginning. What makes a good teacher or what makes a great educational experience? I see people put down care, knowledge, practice, understanding. Teachers are open, curious, being relatable to your audience. Good teachers motivate curiosity and continuous learning. There's they have passion. Someone put a fire emoji next to that one. Nice job. Let's see if I can scroll down here.

A good teacher is mindful of the desired end goal of the student and is attentive to the needs of the students each step of the way. Great ability to think like the student uh recognize when their where their current understanding is and the route to lead them to full understanding. Good teachers have imagination, understanding of the students obstacles and readiness to learn. They have passion. They're knowledgeable. No dumb question environment. They create curiosity, encouraging people to ask stupid questions. Awesome. Deep understanding of subject matter with the ability to optimize the specific information they deliver and focus on with time. Patience. Someone put free food. Nice. Uh multiple modalities provide students with agency. Genuine desire to help. Material design to

experience level. Adjusting to the way students learn. Limiting teacher talk time. Yeah, I'm going to work on that. Energizing students help them helps them learn to think about an area. All right, all of these are awesome and yeah, adoptable, hands-on, ask good questions, empathy, accuracy, makes you feel curious, motivates you, they're attuned, push you the right amount. All right, so we know how to do this, right? We know what we're working towards. So, how do we get from here to all of this great stuff? How do we do that? I have a few ideas for you. Um, but some of those ideas are coming going to come in the form of questions. Questions I think are going to be helpful for you to

ask.

So I'm actually asking this. What can participants get from you that they cannot get from watching a YouTube video? >> Yeahity. >> Yeah. Interactivity. Yes. In the back. >> Eye contact. >> Eye contact. Yeah. What else? >> A personal experience. >> Personal experience. Yeah. You're a human, right? Maybe you're a human who has some things in common with the other people that you're sharing space with, right? That was meaningful for me somehow, not in a conscious way, but in a subconscious way. >> Yeah. >> Feels more real. Like I'm more likely to do something as someone in front of me is talking about than a random paper video. >> Yeah, absolutely. Um, this is backed up

by by some neuroscience research. We learn better in community. We learn better when we're learning with real people. It's pretty cool. Yes. >> A tailored experience that change as you ask questions. >> Oh my gosh. Yeah. A tailored experience, right? >> Any other thoughts? >> Yeah. >> Yeah. Love that. That's so important. They said real recognition, real celebrations. Um, I might add on to that attunement, you know, being able to tap into where people are, um, celebrating with them, adjusting to where they're at, things like that. So, sometimes when I when I do this um, as a workshop, um, folks just say like, "Oh, you can answer questions." Um, and I think the answer to this question is

much bigger and it's something to hold on to as we go into trainings. It's something to be thinking about as we put things together. Um, another question I want to ask, what is the most important outcome of the trainings that you facilitate? >> What do you think? Go ahead. >> Measurable improvement. >> Okay. Measurable improvement. Yep. >> Actions. >> Actions. Love it. I think that the actual engagement of the user a lot of time because just from my experiences if the if the engagement is low then I can pretty much almost assume that the actual results going to be not very favorable. >> Yeah, that's great. >> But if there is actual engagement then I

kind of gauge the whole trend by itself as well. >> Awesome. Actual engagement just for for the recording I'll say that. >> Yes. >> Trust. >> Trust. Yeah. So important. Right? You want people to trust you. You want them to come back to us. Okay. I have one more that I want to put forward that I think is critical, especially based on all the things you just told me when you uh answered through that QR code. It's how participants feel when they leave. Some of you are starting to touch on this. Anybody know who this is? >> Who is it? >> Burton. Lavar Burton. Yeah. Uh Jordy on Star Trek. Also the star of Reading

Rainbow. Lavar Burton is my hero. When I was a little kid, uh every day after school, I would go home. I would watch Reading Rainbow. 30 some odd years later. Do I remember the contents of those books? No. But I remember what Lavar Burton taught me which was to love reading. He inspired me with a like a passion for reading which gave me so much good stuff in my life. Um and he also linked to like where do I where do you go to like get more of this cool thing. He wasn't like hey show up tomorrow to watch my show again. He was like no go to your library and do this on your own. Right.

So, when I'm thinking about how do I make my trainings um when I'm working with community members better, I think about how do I be like Lavar Burton? Um part of that I think is engaging with a lot of enthusiasm. Um I want to inspire people to care about this subject. So like, you know, I'll get into, you know, MFA is cool. UB Keys are freaking cool, right? We do these things not out of compliance, but because they're cool, right? Okay. Um, another thing that I think ties into this is, um, I just want to highlight again, don't gatekeep. Emphasize that knowledge is out there. Lavar said, go to the library. You don't have to go

through me. Um, in all of my trainings I do with community members at the beginning, I tell folks, I am just here as a guide. You can learn everything I am going to teach you out there for free on the internet on your own. And I emphasize that because I think it's super important. So if we think about how we want participants to feel curious motivated interested inspired, comfortably challenge, a lot of things you all came up with earlier. Have this be your north star, right? How do you have people walk out the door feeling all of those things that you want them to feel? Another thing, um, somebody touched on this is we want folks to actually learn

something, right? We want them to gain understanding. How do we do that? Uh, well, let's talk about some tactics that help participants learn. Here are some cool hacks. I promised in my description I would give some cool hacks. Um, one, 90 minutes is pretty much the max uh amount of time that somebody can pay attention. Um, this came up in the last training um that uh Travis did uh earlier today. Spaced repetition. I think somebody else mentioned this earlier. Um, coming back around to do things another time. When I was in public health education, um, for some reason it was like six touches was like the mysterious magic number that works. So, if you got people in the room with

you six times, that's when their behavior would change. I know that sounds like a really high number, but for some reason, it works. Um, another thing, reduce cognitive load. Um, particularly important for PowerPoints. Uh, if you might notice, my uh slides are not covered in text. They're very simple. There's very few words there. Use color. Color is linked with information retention. So are images and simple graphics. If I'm showing a graphic and I can't understand what it means in like four seconds or less, it's not a good graphic. Um, another thing that I think is great is humor. This is my most impactful slide. Anytime I show this um to real people, they they they will laugh. somebody in

the audience giggles. Um, and somebody feels like kind of embarrassed and like I don't know, maybe they're like a little ashamed, but like you know, they they laugh because deep down they understand. This is like super simple. It's little funny. Um, and afterwards, those people who have giggled because they're embarrassed, what do they do? They come and talk to me about like, okay, fine. How do I set up a password manager? Another tactic um that I want to highlight is emotional connection. There's a reason I told you all about myself at the beginning. Um some struggle is always going to be better than passive consumption. So giving folks opportunities to engage with what you're talking about, try things out as

somebody mentioned earlier. Um, and then giving folks frameworks to think about over rules to follow, moving away from checklists. So, with that, I'm going to show you some neat frameworks. Um, and then after that, I want to hear from y'all about some of the things that you are doing that you have found useful. So, this guy is Paulo Friier. um he was an educator and a philosopher um who worked with low-income people in Brazil and Chile. Um and he had this weird idea that education is not neutral. Um learning is a political act. And he was particularly critical of what he called the banking model of education. In the banking model of education, students are viewed as empty vessels to

deposit knowledge into. It's kind of dehumanizing if we're honest. It also reinforces some of those power dynamics that I mentioned earlier like this idea that like I am the knowledge holder and you are the passive receiver. Um and I think that's not great uh because that leads to tech solutionism and misunderstandings. Um, I hear people coming to me who say, uh, I use Signal or I use Proton Mail, so we're definitely safe for monitoring. Or, um, there's no way that there's malware on my device. I use a VPN. Um, yeah, this is what happens, I think, when we just try to deposit knowledge into folks without giving them anything else. I am not an expert on free air. Um, but

then there's like a really rich body of work. I recommend looking them up. Um, but there's a few ideas I just want to dig into quickly. Problem posing, dialogue and co-learning, critical consciousness, and then this idea of knowledge action reflection loops. In problem posing, we start out with participant generated scenarios. We analyze them together and we as the experts are there as facilitators. Someone in the earlier talk today brought up as a comment like hey maybe you should ask the people you're in a room with like what do they already know and where are they starting from right I think this is great this leads to oh some stuff that uh actually ties into neuroscience emotional connection

it leads into problem solving it gives folks practical knowledge so we might start off by asking the question well what happens if someone infiltrates our group chat and I as the expert might say what information would be the most dangerous if it fell into the wrong hands. That's our starting place in dialogue and co-learning that kind of ties into that. Um there's horizontal conversation meaning we are on a level playing field or we're trying to be on a level playing field um as experts and participants. We're starting from the learner's reality and we're there to bring some of the technical chops. I think this leads to more nuanced security decisions for folks. One of my pet peeves is like that

popular advice of like don't bring your phone to a protest and like yeah okay um but what if I have a disability and I need my phone? What if I'm a parent and I need to stay in touch with the folks who are taking care of my child? What if I'm in a strange place? I don't even know how I'm going to navigate to the protest like if I don't have a maps app, right? So, if we use dialogue and co-learning, if we're talking with folks, we do in like um in public health, we might think about this as like harm reduction, right? How do we prepare you to go into this situation that we know

is going to be risky and keep you as safe as possible? How do we adjust this to work for you? Okay. Critical consciousness is this idea. This is what EFF did for me. They connected personal experience with social, political, and economic forces at play. So all of this stuff is what is on a lot of people's minds, right? And a lot of it ties into social, economic, and political forces. And if we start to understand what's at play and how it works from there, we can start to take action towards self-determination. And that is what I did and that is what I try to do for others. So if we do this, I think it leads to

more accurate threat modeling. Um I know it leads to better engagement beyond the lesson and yeah, it leads to a sense of empowerment which is pretty awesome. I also have this idea uh from Fier of a knowledge action reflection loop. You put things into practice. You look at what worked, what didn't worked, what was challenging, and then you go back and you change things and then you repeat. Right? This is also uh one that I think ties into neuroscience. Um when we're hands-on, we learn things better. So, we try it out. we evaluate it, we go back, we adjust. Um, it also ties into this idea of space repetition. So, okay, we're revisiting these concepts and

seeing if they still apply, what adjustments we need to make, and yeah, we get improvement over time. All right, so I just gave you a whole lot to think about. And as I said at the beginning, we are here as peers. So I want to try to break you out of this moment of like oh you've just been sitting for like last 10 minutes passively consuming information. I want to hear from you. What are some things that you are doing when you are going and you are teaching yourselves that you see are working? >> Yes. >> So from experience like I took over as security manager where I started working. >> I'm going to hand you the mic.

>> Yeah. >> And um most of the people who were on my ship were very young. They were like 18 19 years old. I'm like, "How do I make this fun for them? How could I gify it and get everybody engaged?" So, as soon as I walked up before I even started a PowerPoint, I'd point to the youngest person in the crowd. I said, "Whose responsibility is security?" Like, and then they would like, "Oh, it's everybody's responsibility." And I'd say, "Hey, give me an example." And then I would turn it into a giant room conversation and then say, "Give me an example of what a security threat is." And then I'd look at the next person

like, "Why? Like, what kind of security threat is that?" and just turn everybody and I I turn it into a giant chat basically and in my head I like have you know what I want to cover. So >> that's freaking awesome. >> No death by PowerPoint. >> No death by PowerPoint, just conversation. I saw you had your hand up. >> So I'm not sure I can follow that one because that's great. But one of the things I found in teaching how to recognize fishing is you put examples up. >> Um gee, the CEO sent you an email asking you to buy gift cards. First of all, why is the CEO emailing you? especially on your personal account. Why are you

buying gift cards to the CEO? I mean, there's you start with an example. I had a colleague I co-trained a group of people with who pulled emails out of the spam filter partly because his co his his c internal customers are saying, "Oh, the spam filter is not working. We're not getting any spam. Wait a minute. Um, it's working just fine." He created a persona for the training called fake Mike. Real Mike, the CEO, was laughing in the back of the room during the training. So that's actually something I do in my trainings for like my main job now. We use real examples. Um and uh one of the the fun things I'll do in there is I'll

also put side by side like um the uh fake Dropbox fishing email and then like a real Dropbox email and we'll see like which one is real. Um and then we also look at the ones from um that are spoofed like this was an email you were expecting from a real person who exists. So yeah, real examples. Awesome. Yeah. >> Here, I'll stand up. Um, I won't say where I work, but I work for a company that does experiential AI training. And what we just recently did was did what he just said, except have an AI talk to a person directly about a something they just clicked on and say, "Why did you click on this?" And then

have a back Oh, >> with an AI that's all recorded. And then there's a rubric behind that that says by the end of this, the user should be able to recognize the points in this email that are a that are are spam uh indicators and it takes about five minutes. >> Nice. What a cool idea. I think I saw some folks in the back there. What else are you seeing work? Yeah.

>> So, I think one of the challenges is there's a lot of really smart people in security and just because you're smart about a topic doesn't make you a good instructor >> and they mistake a presentation for a training. It's like let me present a bunch of information to you and they've never done any work instructional design or so what you brought up about hands on aspect of it and giving people an opportunity to actually practice in the classroom >> and have discussion with their peers about the previous day's homework, especially if it's a multi-day class where it's like, okay, so we did the homework last night and today's breakout session is talking to each other about

what was hard about the homework, what was easy, like learning from one another about, oh, that worked for you, great, and then coming back and sharing that with the class. And so I think one of those things that really cutting down on that talking head of the peanuts teacher and getting into that discussion and hands on you. >> I love that. I think that also sort of ties into that um idea of like the the knowledge action reflection kind of loop. Yeah. Anyone else? Yeah. Go ahead. I'll let So, we use real world fishing training um examples, but we also do knowledge checks. So, if someone gets a wrong answer, we do feedback loops of why they

probably thought that was the right answer. So, they're not only just like clicking through these knowledge checks, they're learning to why they assume that so that they can be better for next time. >> That's awesome. Yeah, great idea. So I was going to add in something that we had to do with our training specific for technical engineering side. Thank you. So in this regard somebody who's heavy tech like kind of security engineers in this aspect is we advise them to actually teach that specific topic because a lot of times somebody a good way to both reinforce your learning habits it's also to provide this as a teaching tool to somebody else. So a lot of times kind of going off of a

yeah somebody who mentioned over there saying it's like make them come back and give feedback and our kids be like hey who's good at this topic and that's a lot of times how I was asked as well is can you tell us something you know about this and then we can kind of stem off of that because it kind of plays off both the confidence aspect as well. If somebody's confident enough to talk about it and kind of is well verssed in the topic itself able to relay the information very eloquently specifically as well. So that's kind of one of the big ones we use as well. >> Yeah, I think that ties into like this

idea of like learning and community um which somebody else mentioned in the an earlier my mic keeps going in and out earlier training today or an earlier talk today. Um which is pretty cool. I think I saw there uh a few years back I used to work at a continuing care retirement facility as the security administrator. So I would often have to go through you know, every month or so and give talks to, you know, the the elderly residents on security and how to how to deal with things. And I think the one thing that no one mentioned that I think helped or that I saw the most um benefit out of was giving people the

confidence to work past uh decision fatigue. So even if you can get someone to use password managers as an example, even if you can get someone to understand the why, uh they will often times be paralyzed by the how of they go and they Google password managers and they find a list of six or seven and they go well which one's the right one and if you know that's a whole other level of technical details that they're now not aware of and then they just don't. So getting people to the point where they feel confident enough to just say maybe it doesn't matter which one is the best one as long as I know that I'm in the right

area I'm making improvements. >> I think that was probably the biggest thing that I found the biggest roadblock I found was getting people past choice fatigue. >> I'm I'm so happy you brought that up. I want to jump off of that. Um one of the things that I do in my volunteer role with techies for reproductive justice is I am a tech doula. Um, if you know what ad doula is. Anybody not know what ad doula is? Okay, cool. I see some people smiling because you do know. Um, ad doula is someone who supports um a pregnant person through child birth. Um, they're not a doctor, they're not a nurse. They have some medical training,

but they're really there to support the parent um and ensure their best interests are taken care of. Um, and so as a tech doula, um, one of the things that I do is I help folks with decision fatigue. Um, and I guide them through the process and I really sit down and get very hands-on with them. So like, all right, step by step, we're going to do this together. Let's install the password manager. Let's install the browser extension. You know, I'll help you uh go through the steps of importing your your passwords from this other thing and like, okay, this is what this red warning means here. Don't freak out. Um, yeah. So, it's extremely hands-on.

Um, and I understand and it's not going to go over well in every corporate environment. Time is money, but in the context of my community work and my activism, it's extremely effective. Um, and it helps people build confidence. Um, and there's plenty of opportunity for me as a supportive person to be able to say like, "Look at you. We get to celebrate wins." Um, and I get to reinforce that this is something that they are capable of, that they can handle. Um, and it's pretty cool. Any other ideas? Yeah. More in the um vein of like the pre-trained communication. So, I try to be aware of like the position of power that security can have in an

organization. And so, like before I reach out to an individual or a team, I try to go through their manager or their leadership. the familiar people can give them a heads up that security is going to be reaching out and then kind of prepare them with like this is why they're reaching out. These are what I'm going to try to accomplish when we do meet. Um and then just kind of set that up hopefully a couple weeks in advance. Um just to give them time to get used to the idea of talking to security. >> Yeah, I think that's great. Recognizing that security can be really scary. Um and giving some care for that relationship is awesome. Yeah. I also

want to ask um are there challenges that you're facing? >> Yeah, go ahead. >> I think one of the biggest ones, right, >> is getting people who are not in cyber security to get bought into that mission. So that's why I say like being relatable to your audience and not like you said not talking at them or trying to play the IQ Olympics and explain how much smarter you are than them. >> Explain the why it's important and like start really really low and get complex over the hour >> and just be relatable and be understanding that hey maybe somebody who is a mechanic that's going to security awareness training doesn't know what a VPN is. So, like don't talk down

to them. Let's show them what that is so they can be safe. >> Yeah. There's so many awesome things you just touched on in there. I see another hand in the back. >> Yeah. And >> sorry, >> and kind of building off of that, at least from what I know from my field of work is >> finding out the thin line where it ends and security starts. >> A lot of times what happens is, oh, you're security or you're it. Well, clearly you must know what's going on. just I was I have popups on my screen and I'm like okay cool let's get into it but it already did something about I'm like what did I do oh they just made a

ticket for me >> I'm like okay well this is the next step at this point we want to look at they made a ticket to me and I'm the other side I guess the security team >> so that's the challenge you often spend time this important crucial time of a event going on is trying to explain and do this coaching at the time well it would have been useful to be like initial training just tell here's a between the two. Here's how they're related and just a quick shield with them to that point. >> Yeah. Giving people enough context for whatever you're doing to support them to be effective, more effective. Awesome.

>> To to also go off of Firstman's point, I I would add that the biggest issue I see is kind of pushing past the mental barriers that people have built up over a long time of convincing themselves they're stupid. >> Totally. >> There's there's this kind of idea of we have a lot of platitudes and we've said some of them today. Not that I think it's inherently bad, but one is um whose job is security, it's everyone's. You say that to a group of people. And for someone who has spent their entire life being told they're dumb for not understanding technology, that they just roll their eyes. They say it's my job and I don't understand it. Well, I don't

understand my job very well. Clearly, I'm not very good at it. And it's very difficult to convince them that that's a facade. They have the capability. They're not stupid. They just, you know, it's it's this um this buildup of lack of confidence, right? >> And it's like a wall that I I don't have an answer for how to get past it um once it gets bad enough. But I think that's probably the biggest challenge I've seen. >> I think my personal answer to that I've already had on screen, which is feelings matter, right? I think one of the most important things folks can walk away from uh a training that you do like one of

the most important things they can walk away with is feeling like they can actually understand something. feeling like they're capable, feeling interested, feeling intrigued, feeling that sense of trust that you're someone they can go with go to for more questions. Um, and I don't think we get there through uh powerpoints, um, through rushing. I think we do a better job getting there when we take time for emotional connection, for conversation, when we take time to start in the realities that people are living in. Um, and I won't say like it's not hard. I won't tell you like how many I think I think I was a little bit that person. I had that a lot of that like internalized

sexism. I think that, you know, made me feel like, oh, well, my friends are technical, but that's not me. Um, and after enough time, it finally hit me that I was smart enough. So, I think if it's possible for me, I think it's possible for everybody else with enough care. Okay, let's do like one one more. last challenges folks want to bring up. Yeah. >> Balancing time constraints desire for having that connection of scalability. >> Totally. Yeah. I think um especially if you are working within the context of your day job um and and let's be real like even if you're working in the context of community work like we all still have limited time. Um and

knowing I think just knowing what can be possible um if we ask for more time if we ask to structure our trainings differently or if we just ask like hey you know what if instead of doing two you know two security trainings a year that are going on the same content what if we split the content and we have a little bit more time to dive in right um even just knowing like what our guiding light is we can start to think creatively about like well how can we work within the confines that exist um within our jobs. Um I'm not going to say it's going to be easy, but I think it can help. Um and then again, I think a

lot of what I've been talking about has been uh community trainings in that context where I do think there is more freedom and we don't have to do it the way we do at work, right? We can experiment, we can have fun. Yeah. Okay. So um I want to thank you all so much for your thoughts and your in uh your insights um your challenges your questions. I want to close just by saying um teaching well is one of those ongoing cycles. It's ideally we get that knowledge action kind of reflection loop happening again. Um and I want to give us all the opportunity to continue to engage So here is my current signal username.

Um there is also a signal group you can join to continue this discussion and I encourage you to do that. Um there's a lot of knowledge in this room. There's a lot of folks who I can see uh nodding their heads um that are dealing with the same kinds of challenges um and maybe you didn't see them because maybe they're behind you or over on the other side of the room. And I think we can all do better if we learn from each other. Um so I'm just proposing one simple little signal group um as a way to do that. Um just as an example, uh somebody threw me into a signal group with three

other educators last September and we are we are doing very cool things now. Um uh we are friends. We live in different parts of the country. Um some of us we get to visit each other. um when we're in each other's cities, which is very cool. Um and we have become better better educators um as a result of just having these casual conversations with each other um just in a single group. Um so I want all of you to also have the opportunity to do that um and continue to engage. Um feedback is a gift. So uh if you feel compelled to give feedback, you can do so at the session link here. Um, and I want to say

thank you everybody for taking the time to be here today, for taking the time to care um about the communities that you serve and care about each other. So, thank you.