Training And Trainability

You're pretty well trained. You graduated from the right 'elite' university, you got progressively more impressive cybersecurity certificates and certifications, and you work hard at keeping up with the latest cybersecurity trends.

Not good enough.

In organizational analysis, when initiatives or campaigns roll out we see three levels of reaction. There is resistance, which sounds like "We've seen this before [eyeroll], just get through it and they'll move on to the next bright shiny object." As a leader you cannot get caught in active resistance because at that moment your leadership career is done. One of the burdens of leadership is that you don't get to resist anymore. It's another reason they pay you the big bucks. You can do your own calculus on the cost of that versus your soul's value.

Then there is compliance, which can be summarized in four words: mandatory annual cybersecurity training. Just remember, while you can comply as a leader & just get by, your people will do no more than you model as a leader. Choose wisely.

And then there is commitment. In the realm of cybersecurity initiatives or campaigns or plain old organizational reality...or life...this is demonstrated in trainability. Everyone has a degree and certifications. Everyone complies -- don't they? -- with mandatory annual cybersecurity training (at whatever cadence). 

Trainability separates out the leaders and the higher-level individual contributors from the people who aren't going anywhere. Trainability refers to two levels of your existence with different implications.

At a foundational level, people with higher levels of intelligence are better able to learn job-related information compared to people with lower levels of intelligence. People who are smarter are "trainable" in the sense that that intelligence correlates to the capacity to acquire job-related information. 

Much as we discuss how dogs are "food-motivated" when it comes to learning things, the importance of trainability in your life is your motivation to acquire training and apply what you learned. 

We've enjoyed reading a new 2025 meta-analysis by Wijga, Beausaert, & Kyndt entitled What drives workplace learning: a systematic review of key antecedents. Wijga et al reviewed 73 studies of the drivers and facilitators of how and why people engage in professional development. Some key findings included:

• people with more education sought out more professional development
• early-career and near-retirement personnel were less likely to seek more professional development
• women were more likely to engage in learning from colleagues and seek feedback from supervisors

Then there were personal characteristics. Here is a lengthy quotation from Wijga et al (p. 99, text modified to remove citations):

Learning orientation stands out, encompassing factors such as learning goal orientation, self-directed learning orientation, promotion and prevention focus and mastery and performance approaches. These orientations determine how individuals approach learning tasks, whether with a focus on mastery, self-improvement or performance. For instance, individuals with a strong learning goal orientation and self-directed learning orientation were consistently found to engage more in workplace learning activities, particularly those that involve self-regulated learning and seeking feedback. In addition, intrinsic motivation, motivation to learn and more specific career motivation were found to be positively associated with engagement in workplace learning. For example, employees motivated by intrinsic factors or career aspirations were more likely to seek feedback, share knowledge and stay updated with the latest developments in their field.

We have previously referred to this as "rage to master" but call it what you will, you will learn if you feel a need to do so. You say, So what? We say, If you're already pretty smart -- and in cybersecurity we think you're pretty smart -- you will win if you have a need to learn and then the capacity to apply what you learn. And, if you don't do both, you will lose.

We note here that employers are wasting money if they do not engage their employees in mastering cybersecurity. Employees who want to master their craft will choose to work for organizations that enable mastery. If you as an employer hire people who don't want to learn, i.e. are not trainable, then you will have a cyberworkforce of mediocre technologists.

Trainable people want to learn, they have the capacity to learn, and they learn how to apply what they learn.

How about you?

Ask us how you can get the right trainability mindset and training you need to deliver the value your organization needs.