Have you ever personally conducted workshops/activities for security awareness training with your own board members? What was most effective? What would you do differently today?

We provide board briefings as well. Right now we have an incoming board with many new members - this is coinciding with our FY 2026 budget finalization. It's a great opportunity to talk about the value of our Cyber Security program, align this with our internal service rates, and most importantly talk about the ever increasing risk we're facing as an organization. We will also fold in changes at the Federal level which are making it more important for us to be able to act independently, and not assume we'll have the same support at a Federal or State level as before.

I try to build security awareness into presentations of the state of the security program overall, so they don't know it is awareness & training. 

Hello,

Yes, I did use a gamification approach to the board members with a workshop that was presented last year and this year at Symposium. Gamification change completly the spectrum of the board member.

Yes, but most of the time up to now, they were rather static presentations. The next actions will be more dynamic presentations with live demonstrations on tools, different cybersecurity scenarios, and activities. I also plan to use new tools that allow for dynamic presentations with live questions.

Drafted some general information for the Board, which was presented up by the exec. In my experience the written form doesn't always land. We did recently attend an event where a CEO talked through his personal experience in terms of living through a ransomware attack...and we're working on getting this person in front of our execs/board. My theory is that lived experience would have a greater impact than some stats on paper.

In terms of standard security awareness training, I find it necessary to include some role-based aspects...including admins, execs, board...some providers have specialised training available which helps.