Roles and Responsibilities of a Digital Security Trainer

Credits CC Last Updated 2016-03

As trainers of digital security, we have certain obligations not only to our participants but to ourselves - this resource summarizes some of the most essential among these duties.

Have feedback on this content? Does something need updating?

Leave a note anywhere on this page - look for the Hypothes.is toolbar in the upper right-hand corner.

Have content you'd like to share with other trainers?

Email us at levelup@riseup.net (GPG public key here) or read our guide on Contributing to LevelUp.

 

As digital security trainers, we are looked upon to provide solutions and strategies for our participants’ digital safety concerns, and to furthermore consider the impact that both these concerns and their solutions might have on participants’ physical security.

These are real challenges and issues - whatever solutions and strategies we ‘prescribe’ or ‘recommend’ can either place them at further risk or save them from it.

Therefore, it is our responsibility as digital security trainers to:

1. Ensure that our participants have the best possible understanding of their risks.

This extends to both online risks and how those risks may affect their physical safety, so that trainees may be able to decide on solutions and strategies to address them that work best for their context(s). The most effective solution and strategy is one that recognizes that there is no such thing as permanent and perfect security - this requires both trainers and participants to develop strategies together, based on specific contexts and realities, that are responsive to changing risk environments.

2. Recognize when it is appropriate and when it is inappropriate to use scare tactics.

Accept that while sometimes scare tactics (see “The Fear-Mongerer” under Be a Better Trainer) can be an effective way to convince our participants to take security seriously, it is equally if not more important to provide strategies and solutions that address these fears. Good digital security trainers balance scare tactics with realistic solutions and strategies. Scaring participants to the point of disempowerment and inaction is irresponsible and unethical.

3. Build capacity on critical thinking and awareness, not just on tools and applications.

Technology is only a part of what protects the online security of trainees - trainers must also build their capacity to practice secure communication behaviors and habits that will ensure more long-term solutions to the risks they face. This assumes that we, as security trainers, have an understanding of our participants’ contexts and their specific risks. This awareness is necessary in order to provide advice on the best possible combination of tools, behaviors and habits that they can apply after the training event.

4. Recognise that security contexts will always change and mutate.

This goes not only for ourselves as trainers - we must also develop the recognition among our participants as well that online and physical security strategies and solutions should always adapt to change. As trainers, we will have to build their capacity to assess risks systematically, consistently and periodically, and also provide ways for them to respond to the results of their risk assessments.

This includes testing new tools, apps and services; reading up on the current internet policy discourse; and keeping updated on privacy and security options that are available on popular services. In order to provide the best support possible to our trainees, we must be able to speak to the most current and relevant realities that impact the tools and practices we train upon.

6. Be available to participants for further mentoring, to the extent possible.

Our work does not stop when the training ends - in fact, training is frequently only the first step in supporting long-term adoption of secure technologies and behaviors. Instead, we need to find secure ways to continue communicating with participants and provide post-training support in order to ensure their responsiveness to their changing security contexts and risks.