Careful what you say!

As a trainer, it is important to be aware of what you are saying and writing. It seems to me like everything a trainer says, is accepted almost without any questioning from the participants.

A while back, I gave a training on computer security (which is what I tend to do). The participants where normal people, with only a basic level of computer knowledge. At this particular training, I wanted to use an assistant trainer so he could learn how to teach this stuff.

My assistant did very well indeed, explaining about virus, spam and bot-nets. He even managed to get the basic message through to this crowd - that security is about your own behaviors. And he also handled questions very well. Until one point, when a participant asked:

When I do trainings, I usually never answer that question directly. There are many reasons, one being that when an authority (like a trainer) starts to reply directly to such questions, many in the crowd will actually download and use that particular tool. Another reason is that the need is highly personalized - someone might need a full security solution, while others only need a small footprint AV-client. For me, being a professional security adviser, it is not a good idea to stand on the stage and say you should use one tool in particular. And - another reason is making errors - wich is perfectly human, but still embarrasing...Read on!

Anyway, my Assistant did not have this experience yet, so he answered:

And for sure, the followup question came:

And my assistant wrote and URL on the white-board. And please note the spelling:

If you happen to know Kaspersky, and know the correct spelling, you would most likely ask about the correct spelling. But since these participants did not know, they typed the URL, and hit enter. When you do that today (august 2008), you reach a search page only. But back in April 2008, you entered a false download page tricking you to download a security tool that would install a bot-net (in other words - it made you believe you where secure, while your computer in fact where hijacked by hackers).

At this particular training, I decided that the risk was small, and allowed the participants to experiment (we where using a lab setup with high level of security). The result was confusion at the start, before they (to my amusement) decided that the software was good, and their level of knowledge was at fault. Thus, they continued try.

After a while, I interrupted and told them the correct spelling of Kaspersky Antivirus , and told them to compare the two websites.

They where amused. My assitant a bit embarrased - not for the spelling error - but for insisting he had it right!

The point is that when you are doing a training, writing an article, or in any other way representing yourself, your company or an organization, make sure that you are right. And make sure BEFORE you enter the stage!

training, security, error