June 2024

Our Cybersecurity Courses Get 91%+ Completion Rates – Here’s How We Write Them

Benjamin Netter CEO
Benjamin Netter
CEO

Ping! That’s the sound of IT enrolling you in some cybersecurity training. So, what do you expect when you click the link? Some slides on avoiding email spam? A video tutorial, if you’re lucky?

These days, people don’t expect much from cybersecurity training. But we didn’t get the memo.

At Riot, we’re on a mission to deliver immersive cybersecurity courses people can’t help but love. Here, we share our five-step process for writing courses that get 91%+ completion rates – and take you behind the scenes of our deepfake course.

Our first step? Always start with a great story.

#1: Start by telling a great story

What comes to mind when you think of Isaac Newton’s discovery of gravitational theory?

Yep. Apples.

How we write cybersecurity courses Isaac Newton

Whether the tale of Newton watching an apple fall from a tree is true or not, it tells us something important: Human beings learn through stories. We could just say ‘Newton formulated a theory of universal gravitation’, but the image of a falling apple sticks in our minds much more clearly.

Understanding how stories like this can help us learn is critical to every great training experience. It’s why we structure every one of our cybersecurity courses around a compelling story.

Take passwords, for example. Instead of just coaching people to set strong passwords, we explore the 2019 SolarWinds incident, where an intern was found to have used ‘solarwinds123’ as a password guarding entry to a critical server – and even made it public on GitHub.

Stories like this bring subjects alive. Here, we put the learner in the mind of the SolarWinds IT team, the CEO, and even the poor intern himself. This elevates our guidance and advice into something much more memorable and applicable, helping people to be more secure.

Learn more: Your Boring Cybersecurity Training is Only Helping Scammers – Here Are 4 Ways We Can Do Better

#2: Focus less on the classroom, more on the conversation

People learn by doing. Instead of flat one-way classroom-style learning, we respond much more positively when we’re asked to actively engage with the material, testing it from different angles and offering our own thoughts, opinions, and responses.

That’s why we make every one of our courses a real conversation. We give learners the chance to consider the stories and techniques presented to them, then suggest the right response to the actual cybersecurity threats and situations they could face every day.

For example, instead of simply warning learners about scammers using AI-powered deepfakes to generate someone’s voice or likeness and trick their colleagues into handing over sensitive data, we test their ability to distinguish between a real voice sample and a deepfake we generated.

How we write cybersecurity courses deepfake question

And because every great conversation is a two-way street, we craft courses with personality. We want people to feel like they’re engaging with a real person when they chat to Albert – someone interested, interesting, and maybe even annoying from time to time. Just like a real person.

#3: Make every moment of every course relentlessly relevant

We’ve all had to deal with boring or generic training at some point. You open up a PDF or a set of slides, start reading, and… ugh, it just goes on and on. Not only is it too long, but there’s no effort to match what you’re learning to the real challenges and problems you’re facing every day.

We think people deserve better cybersecurity training. That’s why we make every moment of every one of our courses relentlessly relevant to the learner experience, distilling a wide range of information down to punchy five-minute conversations full of practical tips and guidance.

This includes our courses tailored to match industry-specific learning topics, such as the application of data privacy frameworks like GDPR and HIPAA. And because the landscape is always changing, we regularly update these courses to feature the latest information.

We also customize our courses to incorporate specific learner details, making the training experience even more relevant. That’s why our CEO fraud scenarios reflects the name of the learner’s actual CEO, making it easier to visualize what these emails might look like in reality.

How we write cybersecurity courses CEO fraud

Our ‘Nudges’ feature also makes it easy to deliver quick refresher courses based on the latest cybersecurity news using generative AI. Just give Albert an article (for example, the MGM ransomware attack) and he’ll turn it into a new conversation offering tips on how your team can stay safe from attacks like these (first tip: Don’t read out login credentials over the phone!).

And speaking of working as a team…

#4: Turn cybersecurity into a team sport

When people think about cybersecurity, they think about tools and systems: Secure networks, data encryption, multi-factor authentication. And while that’s all important, a focus on technology doesn’t paint a full picture of how most cyberattacks actually happen in reality.

The truth is, people are every organization’s biggest cybersecurity vulnerability. Just consider that 74% of the 5,199 US data breaches in 2023 involved an element of human error. That’s why our courses turn cybersecurity into a team sport, developing a shared level of awareness.

How we write cybersecurity courses awareness overview

The greater your team’s common level of awareness and familiarity with today’s biggest cybersecurity threats, including spear phishing and CEO fraud, the greater chance you’ll have to stay safe together. But to build this familiarity, you need to deliver the right learning experiences.

That’s why we make it so easy to customize and deploy programs to suit different cohorts, giving you a clear overview of learner progress and highlighting where people need extra support. This helps you make cybersecurity an ongoing habit, rather than another annual compliance training.

And now that your team is learning all about cybersecurity, it’s time to put them to the test.

#5: Test learners with world-class cybersecurity simulations

Learning about best practices is one thing, but putting them to the test is something else. That’s why we follow up our cybersecurity courses with world-class phishing simulations to find out whether or not learners have actually increased their awareness.

These simulations are just as convincing as the real ones, featuring a range of templates and hooks to test your team in safety. From fake invoices or juicy sales leads through to competitions to design your company’s next logo, we give you plenty of ways to tempt people to click.

How we write cybersecurity courses phishing simulations

We make it easy to run these simulations all year long, tracking team responses and pinpointing people who might need extra support. Our ‘smart groups’ feature also lets you run simulations for specific learners and track their progress, letting you see improvements in real time.

If you’re ready to get started with a simulation of your own, you can do it for free right here. Now, let’s look at how we put these five steps in practice with our course on AI deepfakes.

Case study: How we built our course on AI-powered deepfakes

Like a lot of our cybersecurity courses, our course on AI-powered deepfakes started as a request from a client. We always encourage our customers to let us know whenever they’d like to see a topic added to our library, and we love crafting these new courses.

As it turned out, this was a timely request: We’d also noticed an increase in scammers using generative AI models to impersonate victims’ colleagues, family members, or even their bosses, and we wanted to give our learners the tools they need to stay safe from these threats.

Before we started writing anything, our course authors Ben (CEO) and Tom (Head of Content) read widely on the topic, gathering everything they could on the history of AI-powered deepfake technology, and understanding the sophisticated ways scammers had been using it.

Then, we needed to choose a story to kick off the course. And we had the perfect one: The Perkin family, who were scammed in early 2023 by a fraudster impersonating their son with a deepfake call purporting to be from jail, with a request for money ahead of a court appearance.

How we write cybersecurity courses deepfake question

From there, we crafted a conversation with Albert covering all the key markers of a deepfake phishing scam, including the biggest red flags to watch out for (urgent scenarios, requests for bitcoin), and tips to stay safe (calling the person via a side-channel, agreeing on a safe word ahead of time). And, of course, we ruthlessly edited it to keep it under the five-minute mark.

And to really bring our deepfake course to life, we even generated AI voice models for Barack Obama (and for our French learners, Johnny Hallyday) to help test the learner by showing just how convincing these deepfakes can be.

Once we were ready to move to production, Ben and Tom worked with our Engineering team to get the course flowing seamlessly in Teams, Slack, and our own web interface. We translated the course from English to French, Korean, Italian, German, Chinese, Japanese, Spanish, Dutch, and Portuguese, so learners around the world could enjoy this new conversation with Albert.

Hey presto: Another addition to our library of fun and memorable cybersecurity courses! Now, we’re helping our 500,000+ learners to be more aware of the dangers of AI-powered deepfakes – and hopefully stopping a few scammers in their tracks.

Speaking of stopping scammers, check out our free checklist on 12 cybersecurity metrics that really matter – and how you can move the needle.

12 essential cybersecurity metrics
12 Essential Cybersecurity Metrics

Your team deserves better cybersecurity courses

For years, people have tolerated generic cybersecurity courses that felt just like any other box-ticking compliance training. In fact, scammers have been counting on it – they know most cybersecurity training is a huge snooze, and they know we’ll never remember it.

Now, we’re changing all that. With Albert, you can find out what our clients and learners already know: That punchy, conversational cybersecurity courses can not only keep people safe online, but actually be memorable and (dare we say it?) fun at the same time.

And because cybersecurity is an ongoing commitment, our platform makes it easy to keep your whole team sharp with quick, news-driven reminders and threat simulations.

To experience our refreshing take on cybersecurity awareness training for yourself, get in touch with one of our experts today.