Correct answers in our security belt programs

Back to Blog

Correct answers in our security belt programs

Background

I’ve been working on Security belt programs for 10+ years. I’ve had the privilege to help build the Cisco Security Ninja program. I’m also continuing to develop our security belt platform at Security Journey. I’ve created over 500 pieces of learning content. I’ve created material and the assessment questions that go with it. I have an opinion about how best to educate about security, specifically the handling of correct answers. My opinion drives the ways we approach security belt programs.

Assessments and correct answers

Throughout this time, the most often repeated piece of feedback we’ve received is in regards to the correct answers for assessment questions. I decided to think through and write down my response to why I approach assessments the way I do.

My philosophy is to present a well-written question and four possible answers with one correct answer. After the user submits, if it is incorrect, we provide feedback on why the choice was wrong. Intentionally, we do not offer the right answer.

Users often reach out to let us know that most training platforms provide them with the correct answer after each question. My inclination is that we’re not like most training platforms. Our focus is on educating individuals and changing organizational security culture. We want those that earn security belts to understand the concepts presented. We want them to internalize the knowledge and apply it. The application of this knowledge is when security improves. In some cases, they may need to re-review a portion of a lesson to understand the correct answer. We provide a written transcript for each lesson, to assist the user in reviewing.

We want our assessments to be semi-challenging. If we provide the correct answers immediately, we weaken the assessment process by making it too easy. We want passage of these assessments to mean something.

If a platform provides the correct answers, as a result, there is a percentage of the population that will click through assessments to harvest all the answers for a specific lesson’s assessment. Brute forcing through the assessment is not a learning strategy. Even worst, I’ve seen places where the correct answers are compiled into a cheat sheet and shared to enable easy passage of security belts.

Conclusion

In conclusion, our focus is on strong and actionable assessments, as we want to help you build a strong security culture.

Share on social media: 

More from the Blog

DevOps security culture: 12 fails your team can learn from

Will DevOps and DevSecOps still be relevant in 50 years? Today's DevOps technology will be long gone, but some cultural pieces may still be around. My best guess on the part of DevOps that will still exist: DevOps security culture.

Read Story

6 ways to develop a security culture from top to bottom

Of course, every organization has a security culture. If they say they don’t, they are either lying or afraid to admit they have a bad security culture. The good news is that any security culture can positively change how the organization approaches security. But culture change takes time, so don’t expect your members of your organization to overnight become pen-testing Ninjas that write secure code while they sleep. With the right process and attitude, you’ll get there.

Read Story

The carrot and the stick: Security rewards and recognition

How do you incentivize people to participate in your security program? Are you using a carrot or a stick? Security rewards and recognition are crucial for the success of your security belt program.A security belt program is a level-based, achievement-oriented security educational experience. By creating a program with multiple levels, you provide your learners with the opportunity to make their way through the “journey.”

Read Story

More from the Blog

6 ways to develop a security culture from top to bottom

Of course, every organization has a security culture. If they say they don’t, they are either lying or afraid to admit they have a bad security culture. The good news is that any security culture can positively change how the organization approaches security. But culture change takes time, so don’t expect your members of your organization to overnight become pen-testing Ninjas that write secure code while they sleep. With the right process and attitude, you’ll get there.

Read Story

Correct answers in our security belt programs

I've been working on Security belt programs for 10+ years. I've had the privilege to help build the Cisco Security Ninja program. I'm also continuing to develop our security belt platform at Security Journey. I've created over 500 pieces of learning content. I've created material and the assessment questions that go with it.

Read Story

The carrot and the stick: Security rewards and recognition

How do you incentivize people to participate in your security program? Are you using a carrot or a stick? Security rewards and recognition are crucial for the success of your security belt program.A security belt program is a level-based, achievement-oriented security educational experience. By creating a program with multiple levels, you provide your learners with the opportunity to make their way through the “journey.”

Read Story
Need more information about Security Journey? Get in touch

Ready to start your journey?

Free Demo