This article was published by Trineo before our teams became one.
Using Slack, Trineo built an internal Knowledge Bot to promote the widespread adoption of our security-conscious culture with gamified continuous training.
At Trineo, security awareness and continuous training is core to our nature. Widespread, persistent knowledge and sharing of best practices mitigates risks for both our company and our customers.
Beyond the legal requirements to provide security training to our staff, there are ethical and reputational considerations for any business to consider when trusted to provide a high standard of care for millions of data points.
It can be tricky to ensure that everyone maintains knowledge of security practices as they change over time and as businesses scale and grow. Annual training has many drawbacks: Can you remember all the details from your last training? What about if it was part of many onboarding modules? Did you actually understand the protocols? Is annual training enough of a refresher to reduce as much risk as possible?
So we thought, what if, rather than one training session per year, we verified your knowledge through a single multi-choice question on Slack delivered every few weeks? Something that was educational but also engaging and more importantly fun.
The pursuit of these questions led to our prized Knowledge Bot.
Trineo was seeking to create a continuous learning tool to uphold our commitment to a security-conscious culture.
As our teams grow and security protocols evolve, how do these processes scale? How do we encourage adoption and understanding? How do we verify that understanding? Most importantly, how do we preserve our culture while we do it?
In order to become “security-conscious”…
- We must embrace a security culture
- We must build a shared awareness of the risks and opportunities
- We must build the capabilities to meet those risks: the knowledge and the processes
- Finally, we must put those capabilities into action: that is practice
Ask Trineos to answer at least one security question per month to meet our goal of continuously verifying security knowledge. With our Knowledge Bot, we aim to:
- Train and maintain knowledge of essential practices and processes
- Provide insights into the skill level and understanding across different subjects
- Improve our onboarding experience
- Reduce routine training costs
The Knowledge Bot is a Slack application that occasionally sends you a quiz question. Because it’s in Slack, it’s simple to respond to the question with the click of a button, and then carry on about your day.
The Knowledge Bot was built using Bolt and TypeScript, and runs in our single workspace using Socket Mode.
How it works
When you first start engaging with Knowledge Bot, you get a question every day or two. As your skill increases, there are longer gaps between questions. At the highest skill level, you’re only getting one question every two weeks to maintain your knowledge.
To provide encouragement, you get feedback on correct and incorrect answers. Each question comes with a link you can read to learn more if you’re not sure. The current streak and total questions answered are displayed in the app.
Knowledge Bot is polite. It will only send you questions in your desired work days and hours (9 to 5, Monday to Friday by default). It won’t send you a message out of hours, for example at 3 a.m. on a Saturday. You can always snooze questions if you’re going on leave or want a break.
Behind the scenes, an admin interface provides insights such as:
- How long since each person answered a question
- The distribution of skill levels throughout the company
- Leaderboards (most questions answered in the last 30 days) and streaks
- What percentage each question is answered correctly
When rolling out a new initiative, you can add new questions to educate staff members. You can even add whole new topics that target specific Trineos based on their role or group. The level of understanding can be measured as a key performance indicator or serve as the target for key results.
Launched in February of this year, we’re pretty proud of our trusted Knowledge Bot. We’re excited to see our people embracing our commitment to a security-conscious culture through continuous learning - and having a little fun as well!
A survey of the beta test of 30 users showed overwhelmingly positive results:
- 86% say it has made them more security-conscious
- 100% say they like the questions and think they’re the ones we should be asking
- 93% say it’s important to continuously verify our knowledge rather than annually
- 93% say it fits Trineo’s culture and values
- 100% say it would be useful and suitable for new hires
We’re now rolling the Knowledge Bot out company-wide, with about 50% of Trineo enrolled as of this posting. As adoption grows we’ll be able to measure a significant cost reduction in manual training as well as a higher level of retention and engagement.
From here we intend to extend the use of Knowledge Bot beyond security protocols. Up next is to incorporate modules for our new hire onboarding opening it up to multiple practices to contribute content in the future.