Training

What is this service?

Cybersecurity is a shared responsibility and Vanderbilt University community members are the first line of defense. Training is an important aspect of making sure that all are aware of cyber threats, the risks their actions introduce, and best practices for protecting themselves and the institution.

Vanderbilt offers 2 types of cybersecurity training, online and in-person.

  • Online training is provided through our training partner, KnowBe4. It includes videos, games, and click-thru slides on topics such as phishing, encryption, working remotely, and more. Curated course examples:
FoundationalEnhanced - Sensitive data
Enhanced - IT Admin
The basics:
• social engineering
• phishing
• passwords
• malware, and more
Advanced topics:
• insider threat
• data privacy
• spear phishing, etc. 
IT specific topics:
• help desk
• privileged access, etc.
For allFor sensitive data accessFor technical roles

More online topics and options are available upon request.

  • In-person training is an instructor-led session that can be tailored to cover topics of your choice.

When do I need the service?

All community members should have a baseline understanding of cyber risks and best practices. Target audiences include faculty, staff, and post docs.

How to request the service

Individuals with a required training assignment will be auto-enrolled and notified via email. To access assignments, login to KnowBe4.

Contact it.risk@vanderbilt.edu or submit a ticket to request in-person training or get troubleshooting help.

FAQs

  • Why does security training look different from previous years?

    Vanderbilt's cybersecurity training was recently migrated to a 3rd party partner, KnowBe4. All security trainings will be taken online via their portal.

  • Who is assigned?

    Most staff are assigned Foundational Training with the exception of a few sub-populations (e.g., union, guest services, VTS).

    Trainees are auto-enrolled in Foundational Training if it's been more than 12 months since their last completion. For example, a new hire that has never taken training. An individual that completed training in July 2022 will not be enrolled until July 2023. At that time they will receive an email notification about the assignment.

    All other VU community members are strongly encouraged.

  • Is training required?

    Training is required once assigned. An email notification is sent directly to the trainee when a required assignment is made.

    Foundational: required for most staff *, strongly encouraged for all others

    All required trainings must be complete within 30 days of assignment.

  • How frequent is training?

    Foundational Training is an annual requirement to protect Vanderbilt's reputation and to comply with regulations.

  • How can I view the completion status of my employees?

    If you are a manager, you should see 2 dashboards when logged into the training platform. Toggle from My Dashboard to Team Dashboard to view the status of any direct reports. If one of your direct reports is also a manager, the Select a Team section allows you to choose which team you want to view on the Team Dashboard.

    Team dashboard

  • Can I request an exemption?

    An individual may be precluded from required training if they have taken comparable awareness training elsewhere or have a valid security course certification (e.g., Security+, SANS GSEC, etc.).

    Proof of completion must be submitted to and granted by the Office of Cybersecurity. Requests may be submitted by ticket.

question icon

Not sure how to start?

Get in touch if you don’t know where to begin, you can’t find the guidance needed on the website, or if you just want to learn more. The Office of Cybersecurity has subject matter expertise and is here for Vanderbilt community to discuss security questions or concerns.

Get Security Help