Improve Security Awareness through Coaching

Coaching for Security Awareness Performance Within Teams

Coaching principles are very often the backbone of the Leadership style of a high-performance culture to which any organisations aspire. There are many significant benefits to a coaching culture which seeks to bring employees along a journey with an organisation rather than a tell follow approach.

Coaching principles have effectively been applied in many organisations to deliver team performance, lean performance and health and safety performance. My question is how can we apply coaching principles to improve Security Awareness performance?

In Sir John Whitmore’s ‘Performance Curve’ focuses on how the prevailing culture of an organisation creates the conditions for high performance. The greatest influencers of that organisations culture are the Leaders within that organisation. The performance curve is used to evaluate the prevailing mindset within an organisation or team so that you can make decisions about making changes where needed. Through coaching Leaders and Manager can create a culture and engage and empower team members directly in security awareness and performance.

Companies like Linde AG have successfully applied this model and coaching principles to improve Health and Safety performance by over 73%. Large multinationals like Medtronic have placed coaching skills at the centre of Lean to improve performance.

The key to the successes in these companies lies in the approach to implementation and placing relationships and people at the centre of the process improvement. On the performance curve the focus is on true interdependence leading to high performance.

How to Introduce Coaching Principles

  1. What is the Goal?

What is the overall challenge the team or organisation wants to strive for. Identifying the overall challenge will help teams connect to shorter term targets and goals which in turn focuses efforts and allows the team to work efficiently in achieving it.


  1. What is the current reality?

Finding out the current reality is essential in IT Security and Coaching for Performance. In security terms this means understanding the current level of work and practises in this area. It is important to ensure nothing is hidden and everything is put on the table. This includes any bad practises or which have developed over time eg; password sharing. From a coaching perspective this is involving the team and getting their perspective on the current reality rather than working from assumptions or habits.

Using powerful questions based on Who, What, Where, How and When will help get to the route of the challenge and raise levels of awareness the starting point of improved performance.

Some inciteful questions might be?

What do we currently do when we discover a possible data breach?

How do we learn from mistakes?

What does good look like?

What are we doing well as a team?


  1. What are our options?

Only when you have truly examined the current state of your IT security and awareness culture can you start to move into options available for improve performance and actions arising from same.

When applying coaching principles to improved performance the key to success lies in how teams are moved from a comfort zone to a learning zone. Improving our security practises and awareness first requires an honest assessment of where we are currently at and then a focus on where we want to be and what are the options to get there. This will require a change in the way we do things and teams being supported and challenged to take steps into the unknown.

In making a change and teaching team members a new way of doing things there are 2 approaches to learning; instructing a staff member about how not to do things which encourages a dependant culture and coaching which fosters an interdependent culture. The team’s ability to perform does not depend only the individual talents and skills of team members but on the way those members work together and the degree to which they share objectives, a common purpose and responsibility.


  1. What will we do?

Once the reality of the current culture of security awareness is clear and options have been presented within teams a plan can be put in place. Accountability is in place and the big picture goal is clear so that if any challenges arise quick decisions can be made.

A non-judgemental approach to checking in on progress with teams is essential to generate high quality feedback and maximum learning.