Awareness is knowledge of a situation or fact. Whereas, competence is the ability to implement the knowledge to a high degree of effectiveness. By expanding the focus from Security Awareness to include Cybersecurity competence, organizations can build a Cybersecurity competent workforce. This gives the business greater confidence to pursue their goals.
Doing an activity, analysing and evaluating the outcomes (consequences). In short, acquiring experience. To build a knowledge base, one must acquire experiences.
Learning by doing helps the learner compare and contrast various experiences. For instance, in a Cybersecurity learning experience, the learner can experience the risk of making the wrong decision. Consequently, this type of training approach makes the learner;
1. actively involved in a Cybersecurity risk situation
2. use and sharpen their analytical skills to mitigate the risk
3. take decisions based on the analysis
3. reflect on the outcome of the decision
Simulation-based Cybersecurity training re-creates risks in a safe and controlled virtual environment. This helps learners to experience risks without any real risks. The learner can make wrong decisions and experience the consequence without endangering the business.
To summarize, good decisions come from experience. But, experience comes from making the wrong decisions. Hence, go ahead and make those wrong decisions without any risks.
Learning by doing differentiates with the academic type of learning by immersion, analysis and experience. These experiences, positively trigger responses in the learner when confronted with a similar risk in the real world. In effect, by using Cybersecurity training that uses the “learning by doing” approach, the business builds a workforce equipped with valuable Cybersecurity Skills.