We have all say through the standard company training on cyber-security. It usually starts with an hour or two trapped in a packed seminar room, surrounded by colleagues pretending to take notes but really playing Words With Friends on their smartphones, followed by bad coffee and slightly stale pastries.
Peter Vanheck, from Central Queensland University wanted something different. Rather than the annual compliance-focussed "tick a box" training, he wanted to work with his team to develop an ongoing program that engaged the university community and made cybersecurity something everyone was aware of. But he wanted to do it in a more engaging way than traditional training.
During the 2017 AusCERT conference Vanheck how he did this with his team. By taking a multi-disciplinary approach, that used the skills of the broader CQUni community, he created a cyber awareness and education program that has transformed how people work at the university.
Vanheck's journey in developing the Cyber Heroes program began with a request for him and his CIO to present on cybersecurity to the board. Sitting in the foyer, a few minutes before their presentation, it dawned on Vanheck that the presentation they had prepared was flawed. The problem wasn't the content - it was the focus. They approached the presentation from a technical point of view.
"I was sitting there, going through the presentation in my mind. I looked at my CIO and said to him 'I think we've got this wrong'", said Vanheck.
Vanheck advocated a "human firewall". The idea was to engage everyone at CQUni in cybersecurity. Despite doing everything they could from a technical level, Vanheck was still seeing issues created by people plugging infected USB drives and clicking links in emails. He knew people were the key.
"We needed something that was different. We needed something that was creative. We needed something that was simple. Something that would make a difference," said Vanheck.
After several months of attending conferences and consulting with experts he knew he needed to look outside the traditional information security community. The creativity he wanted wasn't something he saw in his IT workforce.
Realising he needed the most creative people he could find so he established relationships with other executives within CQUni. That lead him to working closely with marketing and other creative people.
"The buy-in I got from those people from this simple cybersecurity message made a real difference to the program".
The program Vanheck embarked on wasn't all smooth sailing. After investing time and money with an external marketing organisation, Vanheck abandoned the idea they brought to the table of a cybersecurity mascot personified in an octopus.
Sign up for CIO Asia eNewsletters.