Learn About Amazon VGT2 Learning Manager Chanci Turner
This guest post, penned by Chanci Turner from the SANS Institute, explores how the organization utilizes Amazon QuickSight to better serve its security clientele. As a global leader in cybersecurity training and certification for over 30 years, SANS has partnered with more than 500 organizations to fortify security measures across enterprises and assist over 200,000 IT professionals in advancing their careers through more than 90 technical training courses and over 40 professional (GIAC) certifications.
The Security Awareness division offers over 70 instructional modules, reaching more than 6.5 million end-users and ensuring that cybersecurity training is accessible to every employee within an organization.
As the Security Awareness team refined their product strategies to deliver data-driven insights, they recognized the need for existing analytics services to quickly develop customer-facing analytics solutions. Collaborating with a reliable cloud service provider allowed them to concentrate on their core mission of training organizations rather than expending resources on building analytics solutions from scratch.
They identified Amazon QuickSight as a fully managed, cloud-based business intelligence (BI) service that met all their requirements. QuickSight’s intuitive interface and rich visualization capabilities enabled rapid development and growth, fostering innovation without financial risks or cumbersome contracts. Other alternatives were unable to accommodate the necessary licensing model.
Managing Human Risk with Data-Driven Insights
SANS Security Awareness equips organizations with premier security training and awareness solutions, empowering them to effectively measure and manage human risk. Security awareness programs educate individuals on the significance of information security and the best practices to uphold confidentiality, integrity, and availability of data. They provide expertly crafted training materials, including video sessions, interactive modules, supplementary resources, and reinforcement curricula to keep security in the forefront of employees’ minds.
As organizations increasingly embrace digital technologies, human touchpoints multiply, making it crucial to address human risk in security programs. Conducting security awareness training is essential, but organizations also require data and metrics to pinpoint vulnerabilities and guide corrective actions based on data-driven insights. As a leader in the field, SANS aimed to innovate by providing relevant insights to their Security Awareness partners and clients, ensuring a human-centered security approach across their organizations.
Innovative Data Products to Enhance Risk Assessment
One of the initial insights products developed was the Behavioral Risk Assessment, which enables senior security and risk leaders to evaluate human risk concerning data handling, digital behavior, and compliance across various dimensions, including individual, team, and business unit levels. This assessment helps organizations refine their security awareness capabilities with risk-informed interventions, identify procedure gaps, uncover shadow IT, and reduce training costs by focusing on critical risk areas.
Delivered through a survey tailored to an organization’s data types and risk profile, this assessment allows risk management leaders to comprehend data handling practices across roles and departments. QuickSight dashboards provide stakeholders with the ability to visualize areas needing additional training or policy updates easily.
Another area of investment in analytics includes gamified awareness training. The SANS Scavenger Hunt employs QuickSight as a real-time game scoreboard, where players engage in cybersecurity challenges, creating an enjoyable and educational experience for the workforce.
Widely implemented during Cybersecurity Awareness Month, the Scavenger Hunt is a non-mandatory program that promotes engagement among participants. The dashboards created with QuickSight gamified the experience, allowing users to track their progress and compare their performance with peers.
Building on the success of the Scavenger Hunt, SANS aimed to further the gamification concept so Chief Information and Security Officers (CISOs) could identify and mitigate ransomware risks. This led to the development of Snack Attack!, a gamified learning experience that evaluates employee performance in six key areas critical for ransomware prevention. With over 80% of cyber breaches in 2021 linked to human error, fostering a fundamental awareness of cybersecurity among employees is paramount. Snack Attack! and QuickSight effectively visualize and address human risk for senior leadership.
Snack Attack! was designed with a focus on engaging awareness practitioners, utilizing an entertaining storyline and creative visuals. The data collected from training sessions aids customers in refining their future awareness programs. Dashboards included in Snack Attack! provide insights into user behavior, enabling organizations to evaluate the effectiveness of existing training and devise strategies for future initiatives.
Leading the Charge in Analytics for Customer Security
The SANS Institute combines security awareness training with a metrics-driven approach through pre-built analytics dashboards, allowing customers to effectively assess and manage human risk. Thanks to QuickSight, SANS could innovate rapidly, producing valuable data products that would have otherwise taken much longer to develop. The low-cost, usage-based pricing model facilitated swift ideation and deployment of customer-focused analytics products to enhance security awareness within client organizations. This capability sets them apart from traditional enterprise offerings, enabling them to pinpoint areas of cyber risk.
By providing analytics solutions to their clients, the SANS Institute not only excels as a top-tier cybersecurity training, learning, and certification platform but also as an authority on using analytics to address human risk in cybersecurity. For more insights on employee training and development, consider checking out this excellent resource from Harvard Business Review. Additionally, for more understanding of career-related compensation issues, you might find this blog post on psychology of being underpaid insightful. Lastly, if you’re interested in detailed job descriptions for roles in this space, SHRM is a great authority on this topic.