Developing a Security Mindset for TAC Engineers

View the course module below or launch it here.

Project Overview

Cisco Technical Assistance Center (TAC) engineers regularly troubleshoot complex network issues reported by enterprise customers. While many cases are legitimate configuration or performance problems, some may actually indicate early signs of a security breach. These indicators can be subtle and easily overlooked during normal troubleshooting.

This project focused on designing a short learning experience to help TAC engineers recognize potential security incidents during routine case handling. The course introduces the CIA security framework, common compromise indicators, and typical initial access vectors attackers use to infiltrate systems.

The design aligns closely with the existing TAC workflow, helping engineers understand where security awareness fits into their triage, analysis, and escalation process. Visual examples, concept explanations, and a real service request case study reinforce how these indicators may appear during actual support cases.

The final solution is a concise microlearning course that helps engineers develop a stronger security mindset when diagnosing customer issues and encourages earlier escalation to the appropriate security teams when suspicious patterns appear.

Audience

Cisco Technical Assistance Center (TAC) Engineers responsible for diagnosing and resolving complex network support cases for enterprise customers. These engineers already possess deep technical expertise, but may not always recognize subtle indicators that a reported issue could be tied to a security breach.

my role

Instructional Designer and Developer responsible for the end-to-end design and production of the learning experience. My responsibilities included:

Conducting stakeholder discussions to clarify the business need and desired behavior change
Defining learning objectives aligned to TAC escalation procedures
Structuring the course into a logical workflow that mirrors real case handling
Designing interactive elements to reinforce key security concepts
Developing the course in Articulate Rise
Creating knowledge checks to validate comprehension and decision-making ability

tools

Articulate Rise 360
Visual asset design and interaction configuration
Instructional design frameworks for microlearning and applied learning

deliverable

A self-paced microlearning course consisting of nine lessons that guide TAC engineers through:

The standard TAC troubleshooting workflow
The CIA security model (Confidentiality, Integrity, Availability)
Common indicators of compromise that may appear during support cases
Initial attack vectors used by threat actors
A real-world TAC case study demonstrating how security incidents can surface during troubleshooting
A knowledge check to reinforce escalation decisions and key concepts

The course was designed to be completed in approximately 10 minutes and integrates security awareness directly into the existing engineering workflow.

Explore the learning asset

This course demonstrates how instructional design can help technical experts develop stronger threat awareness within their existing workflows. By combining conceptual frameworks with realistic examples, the learning experience helps engineers detect potential security incidents earlier and escalate them appropriately.