Why Your Tech Training Fails: It's Not Your Staff, It's the Conversation
The Andraluma Compass - by Marco LAM
The Familiar Disappointment
You look at the calendar and see the reminder: 'Follow up on Q2 Tech Training Initiative'. You sigh. The training day itself seemed fine. The trainer was energetic, the presentation was slick, and the feedback forms were... polite. But you know in your gut that a month later, nothing has really changed. The same questions are being asked, the same risky workarounds are being used, and the expensive new software remains underutilised by your most experienced staff.
The investment didn't stick. The common assumption is that the staff were resistant to change or the content was dry. From my experience, the real problem lies much deeper.
The Real Culprit: A Gap in Expectations
As a CISSP ( Certified Information Systems Security Professional ) holder who has trained staff at major banks, government departments, and multinational corporations, I've seen a clear pattern. The success or failure of a training program is determined long before the first slide is shown. It almost always comes down to a fundamental miscommunication between the organisation and the trainer about what, precisely, success looks like. Without this deep alignment on goals and expectations, the training is just a box-ticking exercise, doomed from the start.
Beyond Demographics: Training for Roles and Risks
Effective training must go deeper than just acknowledging age. We must consider the education, job title, and daily realities of our staff, because their roles set them apart.
Your accounting team, as the primary target for sophisticated financial phishing scams, needs a different and far deeper level of cybersecurity training than your enrollment team, whose critical focus must be on data protection and privacy protocols. A generic, one-size-fits-all approach treats them as the same, respecting neither and protecting no one.
The "Red Light" Problem: When Knowledge Isn't Action
Furthermore, the goal of training isn't just to impart knowledge; it's to change behaviour. And we must be realistic about human nature. Everyone knows that crossing the street on a red light is illegal and dangerous. The key point that determines their action is often the context: how easy is it, and how long do they have to wait for the green light?
Similarly, in cybersecurity, everyone 'knows' they shouldn't click a suspicious link. But if they are busy, stressed, and the 'correct' security process is slow and difficult, they will take the convenient shortcut. Great training doesn't just teach the rule; it makes the safe behaviour the easiest and most convenient path.
The Solution: Building Habits, Not Just Holding Events
This leads to the final truth, which echoes the wisdom in books like "Atomic Habits." Real, lasting change doesn't come from a single, dramatic event. It comes from small, easy, consistent actions.
The belief that a single, one-size-fits-all training day can change the habits of an entire organisation is, with all due respect, an immature perspective on how humans actually work.
True, effective professional development isn't a one-time event; it's a strategic process. It begins with a deep, aligned conversation about goals. It is tailored to the specific roles and risks of your team. And it is designed to build safe, productive habits, not just present information. That is the only kind of training that truly sticks.
For Further Reading:
1. The "Atomic Habits" Connection: James Clear's Official Site
Link:
https://jamesclear.com/atomic-habitsWhy it's valuable: The explicitly reference the wisdom of "Atomic Habits." Linking directly to the author James Clear's page about his book is the perfect way to provide a credible source and allow readers to explore the concept of building small, consistent habits further.
2. The Strategic Imperative: Aligning Training with Business Goals
Link:
https://hbr.org/2019/10/making-learning-a-part-of-everyday-work(Harvard Business Review)Why it's valuable: The core argument is that training fails due to a miscommunication of goals. This Harvard Business Review article supports that by arguing that learning must be integrated into the daily workflow and aligned with business strategy, not treated as a separate, one-off event.
3. The Human Factor in Cybersecurity: A CISA Resource
Link:
https://www.cisa.gov/sites/default/files/publications/Cybersecurity-Best-Practices-for-Industrial-Control-Systems-09-2022-508.pdf(See "Promote a Culture of Cybersecurity," Page 9)Why it's valuable: "red light problem" perfectly illustrates the human element of cybersecurity. This guide from the US Cybersecurity & Infrastructure Security Agency (CISA) has a dedicated section on creating a "culture" of cybersecurity, reinforcing your point that it's about changing daily behaviour, not just knowing rules. This provides governmental and security-expert backing to your claims.
