This week was all about security training. From 2006 - 2008, I was a compliance auditor and HIPAA auditor. I provided HIPAA training to all new employees and annual training to established employees at a medical school and its partner medical practices. I thoroughly enjoyed that job because I was able to help open employee eyes to real security threats.

I remember sitting in the training as a new employee myself years before and now I was on the other side.

What did I learn?

I learned that security training is designed to make you aware and then make you apply. It does no good to train employees about security breaches if I do not share with them how they can make practical use of the information given.

A trainer is only as good as the information that he/she provides and is only as good as the information that is retained.

Employees or attendees should walk away saying "now I know what to do so X doesn't happen to me".

I wish more trainers would transfer knowledge and not just information...