2 minutes reading
About Preetham Nayak
Preetham Nayak is an Information Security executive with broad experience leading global cybersecurity programs across finance, semiconductors, and manufacturing. He builds and scales distributed teams while delivering enterprise security across operations, architecture, risk, and compliance. A trusted advisor to executives and boards, he aligns cybersecurity strategy with business goals and regulatory needs, bringing deep expertise in protecting semiconductor and manufacturing environments from advanced threats through a people-first leadership approach.
Bridging the Gap Between Compliance and Learning
The central theme of Preetham Nayak’s address is the disconnect between traditional, mandatory security training and the real-world psychology of social engineering. For many organizations, security awareness has devolved into a mere “compliance checkbox” intended to satisfy audit requirements rather than to foster genuine resilience. The most important takeaway from his address is that for training to be effective, it must transition from an abstract policy exercise into a personal factor for the employee. Security professionals must navigate a thin line: they need to simulate realistic threats to prepare users, but they must do so in a way that avoids creating organizational panic or chaos.
Key Lines from the Speaker:
- “We are looking at training from a compliance checkbox perspective, right? That’s the main goal which most of the companies try to do”.
- “At the end of the day, a training has to be centered around human emotions”.
- “Leaders do understand the importance of training… but for them, training is something which can be an inhibitor”.
Content: Centering Security on Human Behavior
Preetham argues that the current “one-size-fits-all” approach to training is fundamentally flawed because it fails to accommodate the varying levels of understanding and different job roles within a company. He advocates for training that is catered to an individual’s level; for example, if an employee is already proficient at detecting deep fakes, they should not be bombarded with basic modules on that topic but instead should be trained in areas where they lack improvement.
Furthermore, Preetham addresses the “leadership hurdle”. While executives recognize that training is important, they often view it as a distraction from revenue-generating work. To overcome this, Preetham suggests that security must be balanced with business goals so it does not feel like an “additional job responsibility”. He also highlights the potential of gamification to embed security into organizational culture, provided the leadership backs the initiative to allow for healthy competition among teams. Ultimately, the goal is to shift from “training for the sake of training” to “actual learning” by making the experience personally relevant to every user.
