Infosec innovation recap: 2021 in review

2021 was a big year for Infosec’s two flagship products: Infosec IQ and Infosec Skills. Using feedback and insights from clients like you as our north star, we released 100s of new cyber education resources and tools to help teams continue to outsmart cybercrime in 2022.

In Infosec IQ we released:

• 1,624 new awareness and training resources:
  • Three new awareness training series
  • 44 new Infosec IQ awareness modules
  • 360 new phishing simulation templates
  • 53 new assessments
  • 1,211 newly translated modules
• The industry’s first and only Choose Your Own Adventure® Security Awareness Games
• New business intelligence (BI) dashboard and reporting capabilities
• A new way to assess and track cybersecurity culture

The Infosec Skills platform expanded to include:

• 406 new technical training resources:
  • 360 new courses
  • 44 new learning paths
  • 46 new labs
• New, hyperrealistic cyber ranges and labs mapped to MITRE ATT&CK®
• 10 Infosec Skills Roles to guide recommendations and maximize training relevancy
• Enhanced learner notifications and SSO and API capabilities

Read on to learn more about all the new resources and tools available to Infosec IQ and Infosec Skills customers in 2022 and beyond.

Jump ahead

• Infosec IQ: 2021 recap
  • Explore new awareness and training resources
  • Gamify your program with Choose Your Own Adventure®
  • Level up your reporting game with new BI tools
  • Assess and track your cybersecurity culture
• Infosec Skills: 2021 recap
  • Take a tour of new technical training resources
  • Test your skills in the new cyber ranges
  • Guide teams with Infosec Skills Roles
  • Maximize program efficiency with notifications and integrations
  • Celebrating the new year (and our successes) together

Infosec IQ: 2021 recap

From new, award-winning Choose Your Own Adventure® Security Awareness Games to best-in-class BI dashboards and reports, we’ve worked hard to bring you even more value in 2022. Here are our top highlights.

Explore new awareness and training resources

The effectiveness of your security awareness and training program shouldn’t be limited to the size or diversity of your training library. That’s why we continue to publish new awareness and training resources every month. We kicked off 2022 with an additional 1,624 training resources inside Infosec IQ, including three new training series and 44 new modules:

• Choose Your Own Adventure® Security Awareness Games: We partnered with the team behind the Choose Your Own Adventure® brand to bring the excitement and intrigue of the popular gamebook series to your security awareness and training program. We released five new games in 2021 and have several more planned for this year.
• Just the Facts: Featuring real-world cybersecurity experts like Keatron Evans, Just the Facts gives your employees the knowledge and perspective that comes from fighting cybercriminals on a daily basis. This series features pre-built program plans, over 20 modules and dozens of assessments and posters to teach the fundamentals of cybersecurity to every member of your organization.
• Core Concepts: This animated series provides learners with straightforward, easy-to-follow guidance on key cybersecurity and compliance topics. Twelve modules cover important topics like incident response, HIPAA, FERPA and more.

 

To help you move learners from theory from practice, we also added over 360 new phishing simulations in 2021. With new cyberthreats emerging everyday, it’s never been more important to teach employees how to detect and report attacks from their inbox.

In addition to adding 53 new assessments and 1,211 translated modules to help you measure lesson retention and effectively reach distributed teams, we’re also doubling down on our commitment to assessment and translation quality. Delivering engaging, enjoyable and accessible learning experiences is our priority. You can count on even more quality translations and learner assessments in the months to come.

Gamify your program with Choose Your Own Adventure®

Infosec’s new Choose Your Own Adventure® Security Awareness Games bring much more than just new content to the Infosec IQ library. This new approach to gamified learning puts learners in charge of their own security awareness training program with interactive storylines that encourage critical thinking and decision making.

The Choose Your Own Adventure® Security Awareness Games go beyond learner leaderboards and badges and allow your employees to learn by doing as they navigate through dozens of unique decisions and outcomes.

 

If you’re looking to increase engagement, boost retention and accelerate behavior change, the Choose Your Own Adventure® Security Awareness Games series can help. We released five new games this past year with several additions planned in the coming months.

Level up your reporting game with new BI tools

In 2021, we made it easier than ever to track impact from your security awareness and training program with new BI dashboard and reporting capabilities. We built Infosec IQ’s dashboards to help you:

• Surface positive security behaviors and top performers
• Identify behavioral risks requiring attention
• Trend and correlate security behaviors over time
• Compare performance with industry peers

You can surface your most impactful data with pre-built dashboards or build your own to analyze data you care about the most. All dashboards are fully customizable and automated, so you can quickly share results with stakeholders and prove program success.

Assess and track your cybersecurity culture

Your organization’s cybersecurity culture is often a reflection of the effectiveness of your security team, awareness program and policies. It is also a top predictor of employee behaviors. Until recently, however, quantifying cybersecurity culture was notoriously difficult.

We developed the Infosec IQ Cybersecurity Culture Survey to make it easy to measure your security culture by analyzing employee attitudes and perceptions towards cybersecurity and your security training efforts. It measures employee attitudes and perceptions across five domains:

1. Confidence: How employees classify their own ability to put their cybersecurity knowledge to practical use.
2. Responsibility: How employees perceive their role in the cybersecurity of your organization.
3. Engagement: How willingly employees participate in your organization’s security awareness and training program and apply available resources and support to improve security behaviors.
4. Trust: How employees perceive the security posture and processes at their organization.
5. Outcomes: How employees perceive the consequences of a security incident at your organization.

This helps you identify cultural strengths and weaknesses, gives you actionable recommendations for improvement and automatically tracks changes over time.

Infosec Skills: 2021 recap

2021 was an exciting year for Infosec Skills. From launching a new, hyperrealistc cyber range environment to enhanced assignment tracking, we’ve focused our time and energy towards evolving the admin and learner experience inside Infosec Skills to bring you even more value in 2022. Here are our top highlights.

Take a tour of new technical training resources

You need a technical training platform that can transform beginners to advanced security practitioners — and then keep those advanced professionals on the cutting edge of technology change and emerging threats. That’s why we continue to publish new cybersecurity training resources every month. We kicked off 2022 with 44 new learning paths inside Infosec Skills, including 360 courses and 46 hands-on labs. Out of these new training materials, some of the most popular include:

• Securing Cloud-Based Applications learning path: This learning path covers a variety of topics — like cloud attack vectors and remediations, security by design and the use of third-party tools — to teach Security Engineers how to effectively secure and protect cloud-based applications.
• Security+ cyber range: This cyber range reinforces the knowledge needed to pass the CompTIA Security+ exam through five hands-on labs. By putting these concepts into practice, you and your team will have a foundation of cybersecurity knowledge that can be leveraged to progress into more advanced security certifications or career roles.
• NIST 800-171 learning path: This learning path will teach you and your team how to comply with the requirements of NIST 800-171 through seven unique courses. Upon completion, you’ll be ready to implement the required controls and build your Body of Evidence (BOE).
• Advanced Adversary Tactics cyber range: This cyber range is part of our Advanced Adversary Tactics learning path and includes eight hands-on labs to prepare your team for common techniques from the MITRE ATT&CK® Matrix for Enterprise. Launch any of these cloud-hosted labs in one click to put theory into practice inside the environments you and your team encounter on the job.
• IAPP CIPP/US certification path: This certification learning path prepares Security Managers to earn a leading privacy certification by building important knowledge about privacy and law. Through seven unique courses and a practice exam aligned to the CIPP/US body of knowledge, you’ll learn everything you need to know about the U.S. privacy environment.
• PenTest+ cyber range: Our CompTIA PenTest+ certification learning path includes 15 courses to teach Penetration Testers how to effectively plan, conduct and report the results of a penetration test. We’ve launched five brand new, hands-on labs aligned to each CompTIA PenTest+ exam objective to help you accelerate skill development and increase knowledge retention.

Test your skills in the new cyber ranges

To help your team learn to outmaneuver adversaries targeting your organization — within the operating environments they encounter on the job — we completely revamped our Infosec Skills cyber range. The newly designed lab experience comes equipped with clear learning objectives and real-time feedback based on learner inputs. These cloud-hosted labs launch in one click, so your team can spend less time configuring environments and more time learning.

From command line basics to advanced adversarial techniques, Infosec Skills cyber ranges teach cyber teams how to:

1. Practice countering MITRE ATT&CK® Matrix tactics and techniques
2. Run red and blue team exercises
3. Write secure code by example
4. Pass dozens of technical certifications by gaining hands-on domain knowledge
5. Attack and defend cloud-based applications
6. And much more

Guide teams with Infosec Skills Roles

Your employee development program is only effective if the knowledge and skills covered during training is relevant to each unique role. In 2021, we launched Infosec Skills Roles to help learners and team admins quickly find relevant training materials, create long-term training goals and close existing skills gaps.

Our cybersecurity subject matter experts studied the knowledge, skills and technology needed by organizations — big or small — when it comes to reducing business risk. We then mapped these against common cybersecurity positions and industry standards to create our 10 Infosec Skills Roles. Each Role is currently composed of Core and Elective Training:

• Core Training covers foundational knowledge and skills required by that specific role based on their day-to-day objectives. Some learners may already have a strong foundation — that’s where Elective content comes in.
• Elective Training allows security professionals to specialize in specific knowledge areas, like the tools and technology they use on the job. These training materials can also help prepare your staff for an upcoming promotion within your organization.

Maximize program efficiency with notifications and integrations

The easier it is to access assigned training, the more likely it will be completed — and on time! We added new assignment notifications and enhanced our integration capabilities to help teams maximize their program efficiency.

1. Assignment notifications: Team leaders now have the ability to automatically notify employees via email when new training content is assigned. This active communication will help keep teams informed and engaged with their assignments — all while minimizing the amount of time required by team leaders to manage training communications.
2. API and SSO capabilities: Infosec Skills now integrates with major employee development platforms and reporting tools to eliminate friction in the learning process and streamline training management and reporting. The Infosec Skills API allows you to showcase all Infosec Skills content alongside your existing library of professional development resources. When single sign on (SSO) is enabled, learners can skip the account creation step and automatically access Infosec Skills content from any third-party platform. Leveraging the Infosec Skills API and SSO enables you to optimize for learner experience, engagement and ROI at every step of the Infosec Skills experience.

Celebrating the new year (and our successes) together

Together we’re on a shared mission to empower every employee at your organization with role-guided, relevant and actionable cyber education. We’re proud to share that in 2021, millions of Infosec IQ and Infosec Skills learners worked hard to increase their cybersecurity awareness and skills. These same learners:

• Watched over 29 million minutes of cyber educational content
• Answered nearly 16 million assessment questions, and
• Earned nearly 2 million certificates of completion.

It’s great learning experiences like these that also helped us bring home 79 industry awards and increase our third-party review totals on sites like G2 and Gartner Peer Insights to 1,825 reviews.

While 2021 was a tough year for many of us, you and your team’s continued dedication to making our world a more cyber-secure place is our inspiration. We look forward to another productive year and are excited to bring you even more value in 2022.

Happy New Year from all of us at Infosec!