top of page

Undercover Manager Activities

Chapter 6: Training and Developing Employees

Click on the acitivity link below to jump to the content

6.1 Learning from Mistakes

6.2 Employee Cybersecurity Training

Undercover Manager 

Activity 6.1 

Learning from Mistakes

Chapter 6 (Training and Developing Employees) introduces the idea of a “learning climate” – a climate that encourages employees to embrace learning wherever it happens (in the context of a formal training program or informally on the job). In a learning climate, employees are not afraid to take risks and learn from their mistakes.

Start this activity by recalling (in as much detail as possible) a specific example of a mistake made in your organization. It might be your own mistake or a mistake made by a subordinate or coworker. How did the organization respond to the mistake (With a punishment? With a celebration?) and what impact did that response have on the employee (Did the employee become more risk-averse or more proactive?).

Few organizations have given much thought to learning climates, so it’s not surprising if the mistake generated disapproval, embarrassment or awkwardness. Only a handful of organizations actively cultivate a learning climate through physical features (e.g., “failure walls” that encourage employees to publicly acknowledge their mistakes) or rituals (e.g., celebrations of the shared learning that resulted from an individual’s mistake). But what can you do, in your managerial role, to develop a learning climate in your organization? For example, activities like after action reviews (Box 6.1) can normalize discussing mistakes in the open, reframe mistakes as opportunities, and identify the conditions (time pressures or conflicting priorities) that lead to mistakes. You might like to return to this activity when you read Chapter 11 (Developing an Inclusive Workplace), because the psychological safety that employees experience in a learning climate can also support an inclusion climate.


Embracing mistakes:

Laker, B. (2023, January 5). Embracing mistakes to build a learning culture. MIT Sloan Management Review.  

Timms, M. (2022, February 9). Blame culture is toxic. Here’s how to stop it. Harvard Business Review.  


Undercover Manager 

Activity 6.2 

Employee Cybersecurity Training

The material covered in Chapter 6 (Training and Developing Employees) can be applied to a whole range of training programs. This activity focuses specifically on employee cybersecurity training. Employers are becoming increasingly concerned that employees may fall victim to cybercrimes (e.g., phishing scams, spyware or ransomware installation) or leave the employer vulnerable to security breaches. In response, employers are offering cybersecurity training designed to help employees recognize and resist security risks. Unfortunately, surveys suggest that employees are more likely to “endure” their employer’s cybersecurity training rather than fully “engage” with it. Employers are experimenting with innovative ways to get employee attention (but not always getting the response they want!). The articles in this activity’s resource list contains some examples. 

In this activity, you will learn about your organization’s approach to cybersecurity training and your role in making that training effective. We recommend that you reach out to your IT team and talk to them about any cybersecurity training challenges they are experiencing (e.g., a lack of take-up, or insufficient learning). In our experience, IT teams are usually happy to accommodate these types of requests. The conversation is a useful review for the IT team, and you may be able to add local IT managers to your “kitchen cabinet” (see UM 1.1 Kitchen Cabinet).

You will see that the organizations in the resource articles are taking diverse approaches towards cybersecurity training. Try describing their training programs in terms of their different training content, instructional principles and methods (covered in detail in Chapter 6). You can also reflect on your own learning about cybersecurity – did participating in your organization’s training help you to identify changes you need to make to your own routines? How can you ensure that cybersecurity becomes a habit in your daily work? 

However, the real value of this activity results from identifying ways that you could make cybersecurity training more effective for the employees you manage. Managers play key roles in identifying employees that need the training, motivating employees to engage with the training, and encouraging transfer of training. Identify behaviors you could use to ensure that your employees learned – and applied – your organization’s training. The more specific you can be about those behaviors, the better!


Cybersecurity training initiatives:
Kwai, I. (2021, May 13). Train workers’ Covid bonus offer turns out to be a phishing test. The New York Times.
Renaud, K. (2020, December 7). Why companies should stop scaring employees about cybersecurity. The Wall Street Journal. 
Walsh, R. (2023, November 25). The power of storytelling in cybersecurity training. The Wall Street Journal. 


bottom of page