In a recent panel discussion titled “Make Security Training Feel Like Practice and Not a Burden,” industry experts explored how organizations can move beyond compliance checkboxes to create meaningful, behavior-driven learning experiences. Moderated by Dip Jung Thapa, co-founder and COO of Threatcop, the panel featured Preetham Nayak, Ashok Kakani, and Aruneesh Salhotra.
Dip Jung Thapa opened the session by noting that security training is often viewed as a “module to click through” or a “reminder to forget,” whereas attackers exploit real-world emotions like fear, urgency, and greed.
Preetham Nayak highlighted that most organizations approach training from a compliance checkbox perspective. He explained that a significant gap exists between training infrastructure and the ability to safely simulate real-world attacks without creating panic. To bridge this gap, Pritham argued that training must be centered around human emotions and become a “personal factor” for the employee.
Furthermore, he addressed the role of leadership, noting that while leaders understand the importance of training, they often view it as an inhibitor to revenue-generating work. Successful programs must balance training with business goals so employees do not feel it is an additional job responsibility.
Ashok Kakani, CISO at Compunel, emphasized the need to move away from 30-minute or one-hour programs. Instead, he advocated for:
Ashok also suggested that training platforms should integrate with HR data sources to deliver role-based content. To increase engagement, he recommended allowing individuals to choose their training persona and providing incentives—such as “coupon codes” hidden in videos—to encourage employees to pay attention from start to finish.
The panelists agreed that “putting everyone at one single level” is ineffective. Pritham noted that training should be catered to an individual’s level of understanding; for example, if an employee is already skilled at detecting deep fakes, the system should focus on areas where they are lacking.
Aruneesh Salhotra, CEO and CISO of SNM Consulting, discussed the limitations of traditional gamification. He pointed out that leaderboard charts often fail to incentivize employees because security is not their primary job responsibility. To truly tap into the human psyche, he suggested linking security participation back to performance reviews or extra credit.
Aruneesh shared results from a social experiment involving AI-generated imagery, where 92% of non-technical staff and 42% of security professionals failed to detect the manipulation. He warned that deep fakes are becoming a “hardest of the problem” for organizations, as many current tools produce high numbers of false positives.
Ashok concluded that organizations cannot rely on training and awareness alone to solve security problems. He advocated for a layered defense strategy, including:
The panel concluded that by making training contextual, brief, and incentivized, organizations can transform security from a mandatory chore into a valued, intuitive skill. As Dip Jung Thapa summarized, the goal is a culture where secure choices feel “intuitive, not intrusive”.
Email remains the oldest digital workplace tool, yet it continues to be the most abused. With the emergence of...
It is not only ransomware attacks that are a headache for organizations; ransomware compliance equally puts them in legal...
About Dr. Sergio E. Sánchez Dr. Sergio E. Sánchez is a healthcare technology executive — CIO, CISO, and CTO...