How Cybereason Designs Courses for Customer Software Training

Customer Spotlight: How Cybereason Designs Courses for Software Training

For a change, Cybereason had a good problem to solve. This leading cybersecurity software company is in the business of solving security problems by detecting and preventing virtual attacks. They offer endpoint detection and response (EDR), next-generation antivirus (NGAV), and active monitoring services.

Over the last 18 months their customer base has grown rapidly and they’ve had more security analysts than ever ready to use their software. To meet this growing customer demand, it was time for Cybereason to optimize their existing software training program and build it to scale.

To get things started, Cybereason partnered with Appsembler to host and manage their online training program using Open edX software to build courses, and Tahoe, Appsembler’s digital learning solution, to deliver Cybereason’s courses to their customers. 

Since Cybereason needed to roll out a dozen courses in 2017, their top priority was to ensure an efficient development process.

Cybersecurity training

Course Design for Cybersecurity Software Training – The Development Process

Their first step involved determining a course design that would capture learning design best practices and templatizing for all the courses. A consistent design would provide a unified learner experience as well as save time with course development.

“While taking an online course, we wanted the security analysts to be active learners at least 50% of the time by applying their knowledge and using the software,” said Mark Hoeber, Director of Training and Enablement at Cybereason.

Ultimately, Cybereason wanted the course design to achieve the following:

  • Provide succinct lessons so learners can focus on one specific topic at a time
  • Test their understanding before progressing to the next topic
  • Practice using the software, and ask questions along the way

Given these goals, Cybereason mapped out the content to generally follow this structure:

  • Main Topic (Section): Contains 3-6 Subsections or Lessons
    • Lesson (Subsection): Contains 1 lesson. Each lesson contains the following content (Units):
      • Video: These are short videos, around 3-4 minutes each. The video content varies depending on the lesson, and can showcase an instructor, PPT presentation, or show recorded actions from Cybereason’s software.
      • Check for UnderstandingThis is an ungraded assessment with 1 – 2 questions designed to verify that the learner understands the content.
      • Virtual Training Lab: This is the space where security analysts can get hands-on with the Cybereason software and practice what they have learned.
    • Graded Assignment (Subsection): Contains one graded assessment that covers the content within all the lessons of the main topic.
    • Discussion Forum (Subsection): Contains a forum soliciting learner feedback on the course.

In the below example from a Cybereason course, there are 5 lessons within the Account Administration Section a Discussion Forum and Knowledge Check. This design is consistent throughout the courses. The active learning component of the lesson is the software lab, where learners can practice the activity in a real-world environment. Currently, learners are redirected to the Cybereason software from the course, and the next development stage is to provide personal labs for each learner directly in the course. This active learning component has been popular with the learners, as the NPS score is over 40% in the first 6 months of this initial course rollout.

In addition, the inclusion of moderated discussion forums within the lessons provides a way for security analysts to ask questions about the software and has created a space for an online community among Cybereason’s customers.

“Since transitioning from in-person training to the rich online capabilities of Open edX, we’ve been able to deliver training to hundreds of users, and more than 90 customers and partners, saving a significant amount of time and in travel costs alone,”

Mark Hoeber – Cybereason

Cybersecurity Software Training – What’s Ahead

So what’s next for Cybereason’s software training courses? Mark expects the courses will become even shorter, following a microtraining approach, to provide content more efficiently to Cybereason’s users. There are even plans to expand the use of their Tahoe platform to provide internal training for the growing number of their Cybereason employees. And that is another good problem for Cybereason to solve.

To learn more about Cybereason’s software training program, how they built a scalable learning machine, and their results to date, click here to read the full case study.

Want to learn more about how you can grow your software training program? Get in touch!

About the Author

Ildi Morris is an independent learning consultant with expertise in the edX platform, e-learning program, and course development for both corporate and educational organizations. Prior to being an independent consultant, Ildi worked as Senior Manager, Training and Partner Enablement at edX; Director of Training at FIS; and as a Design Consultant for Convergys Learning Solutions. You can contact Ildi at or on LinkedIn.