From coffee to continuing education in security

Digital security is no longer just a technical issue. Its success hinges on the behaviour of individuals within organisations. In the CAS Cyber Risk Awareness programme at ZHAW, experts Katja Dörlemann and Cornelia Puhze from Switch share their knowledge and experience of the 'human factor' in information security, thereby strengthening security culture in practice.

Text: Roland Eugster, published on 06. January 2026

Illustration of an open laptop — Technical measures and security guidelines alone do not provide effective protection against cyber attacks. This is why raising employee awareness is so important. Illustration: ZHAW

Key takeaways

The CAS Cyber Risk Awareness programme combines psychology, communication and computer science to provide a practical continuing education.
Switch experts Katja Dörlemann and Cornelia Puhze contribute their experience in the field of human-centred security as lecturers on this CAS programme.
The focus is on the «human factor» in order to encourage employees to play an active role in shaping information security.
Participants develop awareness measures that can be applied directly to their own organisations.
The second round starts on 20 February 2026, with applications closing on 20 January 2026.

People at the centre

The idea for the CAS Cyber Risk Awareness programme was born over a cup of coffee. In 2023, Katja Dörlemann and Cornelia Puhze from Switch discussed the increasing significance of the «human factor» in IT security with Nico Ebert from ZHAW. They quickly realised that there was a need for continuing education that focused on people. Technical measures and security guidelines alone are not enough to provide effective protection against cyber attacks.

Together with other experts from academia and industry, they designed a new continuing education programme from scratch. The result was the first CAS Cyber Risk Awareness programme, which started in March 2025 – and was very well received by participants.

Practical learning with impact

The CAS focuses on practical change, not dry theory. Participants work on specific projects from their own organisations. For example, in a secondary school, participants implemented an awareness project that encouraged teachers to lock their screens when leaving the room. Following the training sessions and the distribution of stickers and other small reminders, there was a lasting change in behaviour – a tangible result that improves cyber security in everyday life.

I think the CAS Cyber Risk Awareness programme is very successful, both in terms of content and thanks to the motivating lecturers. I will be happy to recommend this training course to others.
Simone Zemp
Co-principal and information security officer at the Hausen am Albis secondary school

Switch's expertise in the classroom

Katja Dörlemann and Cornelia Puhze draw on their extensive experience of security awareness at Switch in their teaching. Katja teaches the «Awareness Tools for Organisations» module, showing how targeted awareness campaigns are designed, implemented, and evaluated. Cornelia Puhze teaches how to systematically strengthen security culture and develop communication strategies for different target groups.

Together, they ensure that the CAS Cyber Risk Awareness programme not only imparts knowledge, but also empowers employees to embrace security as part of the corporate culture.

Working together for greater cyber resilience

Whether in schools, SMEs or universities, cyber risks affect us all. CAS Cyber Risk Awareness demonstrates how to generate enthusiasm for digital security and engage employees in the defence process.

The second course starts on 20 February 2026 at the ZHAW School of Management and Law in Winterthur. Registration closes on 20 January 2026.