Cybersecurity is a shared responsibility and Vanderbilt University community members are the first line of defense. Training is an important aspect of making sure that all are aware of cyber threats, the risks their actions introduce, and best practices for protecting themselves and the institution.

Vanderbilt offers 2 types of cybersecurity training, online and in-person.

  • Online training is provided through our training partner, KnowBe4. It includes videos, games, and click-thru slides on topics such as phishing, encryption, working remotely, and more. Curated course examples:
FoundationalEnhanced - Sensitive data
Enhanced - IT Admin
The basics:
• social engineering
• phishing
• passwords
• malware, and more
Advanced topics:
• insider threat
• data privacy
• spear phishing, etc. 
IT specific topics:
• help desk
• privileged access, etc.
For allFor sensitive data accessFor technical roles

More online topics and options are available upon request.

  • In-person training is an instructor-led session that can be tailored to cover topics of your choice.


  • Who is assigned?

    Foundational Training is assigned to staff with the exception of a few sub-populations (e.g., union, guest services, VTS). All others are highly encouraged to take this training.

    Enhanced Training is assigned to specific individuals that have access to sensitive data. For example, researchers participating on a DUA project.

    IT Admin Training could be assigned to those with a technical role such as a system administrator.

    When an assignment is made, all trainees are notified upon by email.

  • When is it assigned?

    Foundational training is assigned to new employees ~ 2 weeks after their start date. Existing employees are assigned annual refresher training every 12 months.

    Other courses are assigned when specific criteria are triggered, such as a new researcher is added to a DUA project.

    Once enrolled, trainees will receive an email notification from our training platform, KnowBe4. It will contain details for logging in and the due date.

  • Is completion required?

    Assigned cybersecurity awareness training is required to comply with federal regulations and our VU Security Training Standard.

    It is the trainee's responsibility to complete training within 30 days. The Office of Cybersecurity is authorized to impose overdue sanctions until training is complete (e.g., notifying a trainee’s supervisor, mandatory password reset(s), withholding access, etc.).  

  • How can I view the completion status of my employees?

    If you are a manager, you should see 2 dashboards when logged into the training platform. Toggle from My Dashboard to Team Dashboard to view the status of any direct reports. If one of your direct reports is also a manager, the Select a Team section allows you to choose which team you want to view on the Team Dashboard.

    Team dashboard

  • Can I request an exemption?

    An individual may be precluded from required training if they have taken comparable awareness training elsewhere or have a valid security course certification (e.g., Security+, SANS GSEC, etc.).

    Proof of completion must be submitted to and granted by the Office of Cybersecurity. Requests may be submitted by ticket.

  • Who do I contact if I have questions or have issues?

    Contact or submit a ticket get troubleshooting help.

question icon

Not sure how to start?

Get in touch if you don’t know where to begin, you can’t find the guidance needed on the website, or if you just want to learn more. The Office of Cybersecurity has subject matter expertise and is here for Vanderbilt community to discuss security questions or concerns.

Get Security Help