Training? Do you mean culture shift? A spotlight on ARAG IT
What happens when cybersecurity training becomes structured, measurable, and aligned to real roles? ARAG IT shows how a fragmented approach can evolve into a program that drives both skills and culture.
A beautiful thing happens when training is customized, inclusive, and measurable. Nice-to-haves become game-changers, and things teams do become the culture of how they work and improve.
Ad-hoc is not a strategy
When we speak to teams about the concept of SOC maturity, we often hear about great efforts that haven't yet matured into programs. Without a program, scale and continuity become difficult, and training remains fragmented. And without that proper structure and guidance, engagement remains lackluster.
ARAG IT knew this firsthand. Before making a change, their security education ran on seminars when a topic surfaced and workshops when teams asked for them. Helpful in the moment — but impossible to scale across a 270-specialist organization spanning development, infrastructure, networking, and project delivery. Managers had no visibility into where skill gaps existed. Learning was discontinuous. And practical labs were too risky to run on-premises, where exercises could interfere with internal defenses.
Good intentions, no program.
📄 Want the full breakdown?
Download the 2-page case study to see how ARAG IT structured their program, rolled it out across teams, and measured skill development.
Purpose makes the program
Training needs to be relevant. It needs to cover what's important, make progression tangible, and meet learners where they are — often busy, time-poor, and unable to afford disengagement. That means no friction at the point of entry: hands-on practice that runs in a browser, in isolated labs, without requiring setup, access to production systems, or a window of uninterrupted time that busy practitioners rarely have.
ARAG IT built their program with that in mind. Rather than a one-size-fits-all course, they aligned learning paths to specific roles: foundational learning paths for interns and apprentices, SOC Level 1 labs and log-analysis scenarios for their SOC team, and pathways spanning foundations through to DevSecOps and Incident Response for technical teams. Paths were developed in collaboration with team leads and team experts, tested before they were ever made compulsory.
And because their workforce operates in both English and German, entry-level content was localized. German-language quizzes improved comprehension, broadened participation and built confidence for early-career staff who might otherwise have disengaged.
When training is aligned to roles, and reflects how those roles actually work. That's when the feedback becomes meaningful and when people show up.
Understanding performance through the lens of the business
Milestones become meaningful when they map to something real, and appropriate for auditing when they're evidenced, not assumed.
TryHackMe's analytics dashboards gave ARAG IT's managers visibility they didn't have before: completion tracked against defined milestones, progress quantified by pathway, skill baselines established and documented. For a team navigating EU NIS-2 directive expectations, those auditable records weren't a nice-to-have. They were the point.
"It helps us quantify the knowledge level on defined subjects. We assign a path; once it's completed, we know what the learner knows."
Aleksandra Dubovik, ARAG IT
But the most significant result wasn't a dashboard metric, but what happened around the training. Teams completing challenges together remotely. Colleagues meeting in dedicated on-site study rooms. Plans forming for "study-lunches,” informal sessions where people explore new content and talk through solutions over a meal.
The program didn't just upskill a team. It made cybersecurity part of how ARAG IT works.
That's a culture shift.
🎯 Build a structured cybersecurity training program
See how security teams use TryHackMe to create role-based learning paths, measure skill development, and run hands-on exercises without operational risk.