Training

Contact Vanderbilt Cybersecurity

Cybersecurity is a shared responsibility and Vanderbilt University community members are the first line of defense. Training is an important aspect of making sure that all are aware of cyber threats, the risks their actions introduce, and best practices for protecting themselves and the institution.

Vanderbilt offers 2 types of cybersecurity training, online and in-person.

  • Online training is provided through our training partner, KnowBe4. It includes videos, games, and click-thru slides on topics such as phishing, encryption, working remotely, and more. Curated course examples:
FoundationalEnhanced - Sensitive data
Compliance
The basics:
• social engineering
• phishing
• passwords
• malware, and more		Advanced topics:
• insider threat
• data privacy
• spear phishing, etc. 		Specific topics:
• CUI
• GLBA, etc.
For allFor sensitive data accessFor regulatory compliance

More online topics and options are available upon request.

  • In-person training is an instructor-led session that can be tailored to cover topics of your choice.

FAQs

  • Who is assigned?

    Foundational Training is assigned to staff with the exception of a few sub-populations (e.g., union, guest services, VTS). All others are highly encouraged to take this training.

    Enhanced Training is assigned to specific individuals that have access to sensitive data. For example, researchers participating on a DUA project.

    Compliance Training is assigned to those with access to or responsibility for data that is governed by law or regulation.

    When an assignment is made, all trainees are notified by email.

  • When is it assigned?

    Foundational training is assigned to new employees ~ 2 weeks after their start date. Existing employees are assigned annual refresher training every 12 months.

    Other courses are assigned when specific criteria is triggered, such as a new researcher is added to a DUA project.

    Once enrolled, trainees receive an email notification that contains details for logging in and the due date.

  • Is completion required?

    Assigned cybersecurity awareness training is required to comply with federal regulations and our VU Security Training Standard.

    It is the trainee's responsibility to complete training within 30 days. The Office of Cybersecurity is authorized to impose overdue sanctions until training is complete (e.g., notifying a trainee’s supervisor, mandatory password reset(s), withholding access, etc.).  

  • How can I view the completion status of my direct report employees?

    If you are a manager, you should see 2 dashboards when logged into the training platform. Toggle from My Dashboard to Team Dashboard to view the status of any direct reports. If one of your direct reports is also a manager, the Select a Team section allows you to choose which team you want to view on the Team Dashboard. Training status can be found by navigating the various tabs: Training Overdue, Training Due Soon, and Completed Training.

    Note: Using the "view all" section can be misleading. It will show completion % of all training ever provided, even optional training.

    Team dashboard

  • I am a BUE Approver. How do I pull completion reports in the KnowBe4 console?

    Business Unit Entity (BUE) Approvers and other unit leaders have administrative access to the KnowBe4 console. They can view completion results for their unit in the "Reports" tab.

    Navigate between the admin console and your training dashboard:

    1. Click your name or email in the upper right corner
    2. Select "Return to Console" or "My Training"

    Pulling training reports:

    1. From the admin console:
      1. Click the "Reports" tab
      2. There are 2 report types available. They are different views of the same data.
        1. Training Activity (Grouped by User)
        2. Training Status by Campaign
    2. To narrow on 2025 Foundational Training:
      1. Training Campaign: "2025 Foundational" AND "2025 Security Policy"
      2. User Group: Your business unit
      3. "Manage Columns" to add or remove data fields (not available on all report types)
      4. Export as PDF or CSV
    1.  
  • Can I request an exemption?

    An individual may be precluded from required training if they have taken comparable awareness training elsewhere or have a valid security course certification (e.g., Security+, SANS GSEC, etc.).

    Proof of completion must be submitted to and granted by the Office of Cybersecurity. Requests may be submitted by ticket.

  • Who do I contact if I have questions or have issues?

    Contact it.risk@vanderbilt.edu or submit a ticket get troubleshooting help.

  • I keep getting overdue notifcations but I completed training.

    Contact it.risk@vanderbilt.edu or submit a ticket. This team can check your training history and profile status. If a system error has occurred, they can also assist with correction.

question icon

Not sure how to start?

Get in touch if you don’t know where to begin, you can’t find the guidance needed on the website, or if you just want to learn more. The Office of Cybersecurity has subject matter expertise and is here for Vanderbilt community to discuss security questions or concerns.

Get Security Help