When running a security training, knowing your audience well is just as important as technical expertise and teaching experience. The first step of preparing for any security training is to gain a baseline understanding of your audience: What are their concerns? How do they understand technology and security? What language(s) do they speak? What background do they come from? What kinds of devices or software do they use? What kinds of resources do they have access to?
First, it’s important to reflect on your relationship to the audience. Are they your friends, neighbors, or colleagues? Do you come from the same community as your audience? If so, you may already have a good understanding of where they are coming from and how a security training can best serve them.
On the other hand, if your audience is a group that you do not consider yourself a part of, think about if or how you were invited to come in and provide security training. Did a mutual connection contact you? Were you invited by a representative of an organization? What precisely did they ask you to do when they invited you? Make sure your plans for a training reflect what you were invited to do, and ask questions if you are unsure. Generally, we recommend training communities that are not your own only with some kind of invitation.
Second, look for people who can help you understand your audience. If you come from the same community as your audience, you may already have reliable access to people who know the community even better than you do, or who are familiar with a different part or aspect of it.
If you are preparing to train a community that is not your own, first make sure there isn’t already someone from that community who is better suited than you to provide the training. Then, talk to the person or organization who invited you for more information. In particular, ask if they can suggest a guide or co-facilitator from the community. It is best if you can work with a community member, or someone who knows the group very well, to plan and facilitate your training.
If you can contact your learners before your training, a survey may be useful to learn more about the specific devices, operating systems, and apps they use, as well as to get an idea of their concerns and questions.
That said, be prepared to be flexible and open when the actual training begins. Learners may be comfortable saying things in person that they did not want to write down or share before the training, or you may learn new things when you get the whole group in a room. You’ll be the best trainer you can be if you are ready to adjust as needed as you continue learning about your audience throughout the training.
Of course, sometimes security training audiences are diverse, come from many disparate communities, and don’t sign up individually beforehand. This may especially be the case if you are running an “open-to-everyone” training at, for example, a public library. In this case, you can try to find common denominators among your learners.
An ice-breaker at the beginning of the training can help you learn more about your audience. Start with questions like, “Why are you interested in this training today?” and ask for volunteers to briefly share. Or, ask people to raise their hands to get an idea of devices and software programs in the audience, e.g. “Raise your hand if you use an Android,” or “Raise your hand if you’ve never heard of end-to-end encryption before.”
In all of these cases, learning about your audience can also be an opportunity to build trust before the training even begins. Thorough efforts to understand your audience can demonstrate your investment in their concerns and set the tone for a productive training.