Is the Effectiveness of Cybersecurity Courses questionable

Is the Effectiveness of Cybersecurity Courses Questionable?

New European regulations and the reality of a massive proliferation of cyber-attacks are forcing companies to include employee cybersecurity training as an indispensable requirement. But many do it like filling out a checklist without understanding the crucial role of each employee in the security of their company. The human factor is always the most vulnerable gateway to any system.

In addition, from a theoretical point of view, these courses can be ineffective. Cybersecurity training relies on prepackaged courses that provide generic information and only cover the basics. While these courses may introduce trainees to fundamental concepts, they need to address the complex and constantly evolving nature of cyber threats. Cybercriminals are constantly developing new tactics and techniques to breach security systems, so it is crucial that training programs keep pace.

Moreover, much more than imparting technical knowledge, the key to this training is to build resilience and sensitivity. For this, it is necessary to provide personalized, constant and updated training. Personalized why? Because security has a lot to do with how we are: do I tend to be confident? Am I more of a fast person who tends to read diagonally because I am stressed? Does fatigue encourage my impulsivity? We all come to the office with a life on our shoulders: we have broken up with our partner, we have a baby at home, and we sleep little; I am going through a stressful time with a project…etc. These circumstances can significantly change an employee’s vulnerability map, and we need training to be flexible enough to be effective.

Good. However, let’s be realistic. The big challenge for companies in terms of continuous training is the commitment of their employees. Training is often relegated as a non-priority due to the volume of work and the urgency to achieve objectives. In this sense, the corporate commitment of the management team is key and… training should be fun. Yes, fun. In fact, many companies are currently working on the gamification of training. It has been scientifically proven that human beings learn much better by playing… and nobody said that this was not the case from elementary school onwards.

With all this, at I am Sally, we create personalized training services for companies. Sally’s Academy is a reality that, thanks to our partner Kymatio – Activaci√≥n de firewalls humanos, allows us to offer:


Our artificial intelligence relies on neuroscience to identify vulnerabilities and provide recommendations best suited to each person.

Sally’s Academy places them in different situations, prioritizing the most vulnerable ones. In this way, they are prepared for the moment when they face social engineering attacks. At the same time, Sally’s Academy keeps every employee informed about the potential security breaches on their accounts. Sally monitors the employees’ digital exposure.


We keep measuring results to have a real view and understanding of the awareness and knowledge situation.

Based on this, we keep adjusting the training programs so budgets can be used in the most efficient way.


One management platform to check and control the different employees’ and departments’ security metrics and status.

The results for our clients are undebatable:

  • An 80% reduction in critical attacks
  • A 90% reduction in collective attacks
  • 100% reduction in personal attacks


Is this not what you need? Take a look at more specific services related to the Human Factor. We are here to provide you peace of mind.