Cyber Awareness training

The University of Waterloo’s Information Systems & Technology’s Information Security Services (IST/ISS) provides a cybersecurity awareness training program to strengthen the University’s security posture. This training ensures that all individuals accessing University information systems are equipped with the necessary knowledge to recognize and mitigate security threats.

Who needs to complete the training?

All employees (Staff & Faculty) of the University of Waterloo community who access university information systems and data. This includes graduate students, visiting scholars, research fellows, co-op students, and any other casual or temporary employee or contractor who has access to information in the custody of the University of Waterloo.

Note: All individuals listed will be called "participants" on this webpage.

Training frequency

  • Initial Training: Completed during onboarding.
  • Annual Refresher Training: Required for continued compliance.
  • Targeted Training: May be assigned after security incidents or system updates.

Course offerings

Course: Cyber Awareness Essentials

Developed by: SANS Institute

Length: 30 minutes

Audience: Everyone

Topic: Introduction to Cyber Security

Description: This introductory course delves into the topic of cyberattacks that exploit human vulnerabilities to bypass technological defenses and gain access to sensitive data and information. However, with the right knowledge and awareness, individuals can identify and report signs of potential attack. Through this course, learners will be encouraged to develop a strong cyber shield and improve their cyber-detection skills, both while working on campus, at home or in their everyday lives.

Course: Cyber Awareness for Knowledge Workers

Developed by: SANS Institute

Length: 20 minutes

Audience: Knowledge Workers

Topic:  Privacy and Data Security

Description: This course, specifically designed for knowledge workers, offers a comprehensive overview of the importance of safe data-handling practices and privacy principles throughout the data lifecycle. Learners will gain a deeper understanding of the critical role security controls such as encryption play in protecting sensitive information from advance targeted attacks. By completing this course, knowledge workers will be better equipped to navigate the complex landscape of data security and privacy.

Course: Safeguarding your research

Developed by:  Government of Canada

Length: 45 minutes

Audience: Researchers

Topic:  Introduction to Research Security

Description: This introductory research security course emphasizes on the need to balance research openness with necessary protection, considering the potential uses of the research and the lengths to which others may go to acquire it. The course provides a deeper understanding of why research security matters and empowers learners to recognize potential risks and develop effective mitigation tools and strategies in collaboration with institutional or expert support. This course provides a valuable foundation for anyone involved in research and emphasizes the importance of a proactive and strategic approach to research security.

Course: Cyber Security for Researchers

Developed by: Innovation, Science and Economic Development (ISED) Canada and SANS Institute

Length: 45 minutes

Audience: Researchers

Topic:  Introduction to Research Cyber Security & International Travel  

Description: This introductory research cyber security course offers a comprehensive overview of the current cyber threat landscape, providing valuable insights and practical advice on how to maintain good cyber hygiene practices while working or traveling internationally. By completing this course, participants will be equipped with the knowledge and tools necessary to recognize and implement the systems and practices required to ensure the safe handling, storage, and transmission of sensitive research data. Learners will gain a deeper understanding of the importance of cyber security in the research field and how to best protect themselves and their valuable data.

Additional training & Accessibility

You may also be interested in:

All training is designed to meet accessibility standards, including transcripts for all videos and alternative formats for quizzes (available upon request).

How to access the course offerings

Training is delivered online through Waterloo’s Learning Management System LEARN, which requires participants to log in using their WatIAM credentials.

To register

  1. Visit LEARN to self-register for these courses.
  2. Select the self-registration option.
  3. Scroll to select the desired course and follow the registration. 

Tracking and reporting

  • Training completion is recorded in LEARN and integrated with Workday for tracking.
  • Leadership can monitor compliance through Workday reports.

Training help

Training FAQs

How do new participants find out about this mandatory training requirement?

It is the hiring managers' responsibility to ensure their new employees are aware of the mandatory cybersecurity training courses. Participants are required to complete the assigned cyber awareness training courses annually. They will receive a notification via LEARN when training needs to be refreshed

How do I register for a LEARN course?

How often do I need to complete cyber awareness training?

You are required to complete the core cyber awareness training courses annually. You will receive a notification via LEARN when your training needs to be refreshed.

What is the consequence if employees do not complete the courses on an annual basis?

Like any mandatory training, completion of necessary courses is a job requirement, and enforcement is up to supervisors/managers. 

Do students (Grad/Undergrad) need to take these modules as well?

Only students (Grad/Undergrad) who are employed and/or in a co-op placement with Waterloo should complete the training. Graduate students actively involved in teaching should complete the two cyber awareness courses and those involved with research should also complete the two research training courses.

How do I view my grades and awards in LEARN?

Viewing grades: While logged into LEARN and in the desired course, click “Grades” in the top menu. 

Viewing awards: While logged into LEARN and in the desired course, click “Resources” in the top menu, and select “Awards” from the drop-down menu.  

How do I view my training record in Workday?

  1. Login to Workday using your WatIAM credentials. 

  1. Click on the Profile icon in the top right corner. 

  1. Click on the ‘View Profile’ button. 

  1. Click on “Career” in the blue menu on the left, you may need to click ‘More” to see the “Career” option. 

How do I prove that I completed the training?

Participants will earn a LEARN Award upon completion of the training. They will also receive an email confirmation, and completion will be recorded in Workday if they have a Workday record. A screenshot is not required to prove completion, but participants may take one if they wish to keep a personal record.

Leadership FAQs

Which cyber awareness courses should my staff take?

Cyber Awareness training

  • Cyber Awareness Essentials : All Employees: staff, faculty, contract, full-time, part-time, etc.
  • Cyber Awareness for Knowledge Workers: All Employees, staff, faculty, contract, full-time, part-time, etc. that work with UWaterloo information. Examples of employees that could be exempt are custodial services, food services, grounds services, etc.

Research Security training

  • Cyber Security for Researchers: All Employees, staff, faculty, contract, full-time, part-time, etc. that work with UWaterloo research data or support researchers
  • Safeguarding your Research: All Employees, staff, faculty, contract, full-time, part-time, etc. that work with UWaterloo research data or support researchers.

What is my obligation to ensure my staff are completing training?

Managers are responsible for ensuring that all new employees complete the required cyber awareness training upon hire. Managers should also verify that all their direct reports have completed their annual training. Managers will receive a reminder each year in October to facilitate this review

How will I know when staff have completed their training?

Completion of all four cybersecurity courses is automatically tracked and recorded for employee compliance in Workday. Management can view confirmation within 48hrs of the employee’s completion.

How do I view an individual staff's training record in Workday?

  1. Login to Workday using your WatIAM credentials. 

  1. You will see a list of your reports. 

  1. Click “Team Highlights” 

  1. Click the employee’s name. 

  1. Click on “Career” to see your staff’s training record.  

How do I access my team's training report in Workday?

Your access to reports and the ability to view other’s training records will depend on the reporting structure defined in Workday. Managers and timekeepers can view the report in Workday by typing My Team's Learning Transcript in the main search bar. Alternatively, new report has been created in Workday called UW Mandatory Training. This report will allow Managers to see their direct reports as well as their report's subordinates. 

Accessing reports

There are three ways to access reports available to managers and timekeepers:
  1. From the Workday homepage, select View All Apps to click the Manager Reports application.
  2. Search Manager reports in the main Workday search bar and select from the list of search results.
  3. Type the report name UW Mandatory Training in the main Workday search bar. 
To run the report, the Manager will need to select the organization they would like to see and then check whether they want subordinates included. You can use your own name, the sub org manager's name or the organization name to find the organization you would like to view.  
Organization field
Organization field with manager name

Important notes

  • Reports cannot be delegated. Most reports can be downloaded to Excel so you can share them if appropriate.
  • If someone other than a Manager is tracking the training completion it would be the Manager's responsibility to share the reports with the employee being tasked with the job. 
  • If these reports do not fulfill your reporting requirements, please send an email to DL-ist-securityawareness@uwaterloo.ca with as much detail as possible and we can explore different options to attempt to fulfill the business need.  

Additional resources

Cyber Awareness training

Research Security training

The Information Security Services Team in IST is available to assist researchers with developing cybersecurity plans. To start the process, PIs should complete IST’s Information Risk Assessment Intake Form for Research Initiatives. Questions may be directed to ist-researchsecurity@uwaterloo.ca.

Report a cyber event

To report a suspected cyber event, contact the SOC (Security Operations Center) as soon as possible after discovery by sending an email to soc@uwaterloo.ca or by calling +1-519-888-4567 ext. 41125.