We decided that in order to establish the users baseline knowledge of various cyber security topics, we would target them with a questionnaire. Based on the questionnaire results and there acivity on the platform over the last 12 months, they would be assigned a risk score.
The user would then be sent on a year long learning path, which was tailored to their seniority, department and role, with the amount of training delivered increasing with risk.
The users actions on the platform such as gaining a high score on a quiz or successfuly reporting a phishing simulation email for example, would feed back into the data model and update the users risk score.
We wireframed and tested the questionnaire with users to ensure that we had the correct balance of asking enough questions to accurately establish a baseline, yet short enough so that the user doesn't abandon.
Initial idea generation - how would the admin segment their users?
We conducted several rounds of user testing at the wireframe stage and iterated heavily so that we were sure that we had the balance right between automation and control. We also wanted to ensure that the reporting gave admins the information the required.
After user testing we decided that we would include the ability to drill through the dashboard reports to display stats on how individual users performed on the baseline questionaire and training topics.
Symphony - Dashboard
Responding to user feedback, we decided to allow admins to re-order the training topics on the learning pathway. We wanted to allow them to send relevnat training sooner if the threat had become more important to them. For example, if a company had recently had a physical security breach, they could decide to send the training on that area the following month.