CreditsLast Updated 2016-03
As trainers of digital security, we have certain obligations not only to our participants but to ourselves - this resource summarizes some of the most essential among these duties.
These are real challenges and issues - whatever solutions and strategies we ‘prescribe’ or ‘recommend’ can either place them at further risk or save them from it.
This extends to both online risks and how those risks may affect their physical safety, so that trainees may be able to decide on solutions and strategies to address them that work best for their context(s). The most effective solution and strategy is one that recognizes that there is no such thing as permanent and perfect security - this requires both trainers and participants to develop strategies together, based on specific contexts and realities, that are responsive to changing risk environments.
Accept that while sometimes scare tactics (see “The Fear-Mongerer” under Be a Better Trainer) can be an effective way to convince our participants to take security seriously, it is equally if not more important to provide strategies and solutions that address these fears. Good digital security trainers balance scare tactics with realistic solutions and strategies. Scaring participants to the point of disempowerment and inaction is irresponsible and unethical.
Technology is only a part of what protects the online security of trainees - trainers must also build their capacity to practice secure communication behaviors and habits that will ensure more long-term solutions to the risks they face. This assumes that we, as security trainers, have an understanding of our participants’ contexts and their specific risks. This awareness is necessary in order to provide advice on the best possible combination of tools, behaviors and habits that they can apply after the training event.
This goes not only for ourselves as trainers - we must also develop the recognition among our participants as well that online and physical security strategies and solutions should always adapt to change. As trainers, we will have to build their capacity to assess risks systematically, consistently and periodically, and also provide ways for them to respond to the results of their risk assessments.
This includes testing new tools, apps and services; reading up on the current internet policy discourse; and keeping updated on privacy and security options that are available on popular services. In order to provide the best support possible to our trainees, we must be able to speak to the most current and relevant realities that impact the tools and practices we train upon.
Our work does not stop when the training ends - in fact, training is frequently only the first step in supporting long-term adoption of secure technologies and behaviors. Instead, we need to find secure ways to continue communicating with participants and provide post-training support in order to ensure their responsiveness to their changing security contexts and risks.