An LMS is a learning management system. It is general purpose and can be used for any training topic. It handles content storage, use management, assignment of training, delivery and consumption of training, and reporting on training performance and completion

Security awareness is a form of training focused on security related topics. Oftentimes, security awareness as a category includes phishing simulations or phishing campaigns.

🤨 Bring Security Awareness into Your LMS

Both an LMS and security awareness are training platforms. Security awareness is a specific type of training. If an LMS is general purpose, why not just include security training in an LMS?

Some companies do this. They often bring their own security training content into an LMS. This does work if the goal is to simply deliver and track security training. But, this approach misses the fundamental difference between security awareness and the trainings typically done with an LMS.

👣 Security awareness is bigger than an LMS

One aspect of security awareness is traditional, lesson based trainings. This aspect of security awareness works well when integrated with an LMS. But, there are other features of a mature security awareness program and platform that do not fit into a traditional LMS. See below 👇:

1. Phishing Simulator.
2. Real-time threat alerts.
3. Policy Acknowledgements.
4. Security Surveys.
5. Risk Data (into a risk or security specific tool)

🤝 Run Security Awareness in Parallel with your LMS

The model we’ve seen most successfully implemented by the market is to run security awareness and an LMS in parallel. While more tools is never the goal, the differences between security awareness and a general purpose LMS are large enough to justify running alongside each other.

In practicality, there are usually different teams managing the LMS and the security awareness program and platform. This also makes running them in parallel easier to avoid any conflict and ensure the best of breed solutions are implemented across all of training.

🖇️ Integration Points between LMS and Security Awareness

Running security awareness in parallel with your LMS does not mean running security awareness and an LMS in silos. When we work with companies that have an existing LMS, which is most of our customers, we often integrate with the LMS. This can be users, groups, managers (for reporting and notifications), and results.

Most modern LMS platforms have APIs. And Haekka has an API. When this is the case, integration is easy and sometimes self service for our customers. If there’s no API for the desired integration, custom integrations are easy since the data moving back and forth between the systems is not complex.

🌟 Prioritization and Perception

One consideration for security awareness vs LMS, independent of the reasons given above 👆, is the perception of security, in particular the perception of the priority of security. We’ve seenLMSs fall significantly short of the goals that security awareness leaders and teams have for them. This is because LMSs do not have the features requires to operate a fully mature security awareness program. In these cases, security awareness feels like it’s bolted on, and users sense this too.

Run security awareness in parallel with your LMS, ensure they are integrated, and you can provide the best experience for managers and users.

‍