One fundamental problem is that most are created and run by security professionals, people who were not hired or trained to be educators. These training sessions often consist of long lectures and boring slides--with no thought or research put into what material should be taught and how to teach it. As a result, organizations are not getting their desired results and there's no overall progress.

To solve this puzzle, it's important to step back and understand how people most effectively learn subject matter of any type.

[Also read | ]

The science of learning dates back to the early 1950s, and its techniques have been proven over time and adopted as accepted learning principles. Applied to information security training, these techniques can provide immediate, tangible, long-term results in educating employees and improving your company's overall security posture.

1. Serve small bites