Microlearning

Microlearning is the design pattern of breaking training into short, single-objective units that a learner can consume in under three minutes. It contrasts with the traditional 30-to-90-minute compliance module: instead of one long event, the same content is delivered as a sequence of small ones, spread across days and weeks.

The format is not new — the term predates the SaaS era — but it became operationally relevant for security teams once two things were true: training had to compete with Slack and email for attention, and the forgetting curve made annual modules visibly ineffective. Microlearning is the unit size that makes spaced repetition viable for an adult workforce that will not log into an LMS voluntarily.

Defining properties:

• One objective per unit. A microlearning piece teaches one concept (e.g., “verify supplier IBAN changes by a callback to a known number”), not a chapter.
• Sub-3-minute completion. Long enough to convey a scenario; short enough to fit between two meetings.
• In-channel delivery. Slack, Teams, Outlook — wherever the employee already is. No LMS login.
• Active recall, not passive video. The unit ends in a question, a choice, or a one-tap commitment, so it generates a recall event the brain can encode.
• Measurable per item. Each unit produces a discrete behavioral signal — answered/skipped/got-it-right — that aggregates into a behavioral KPI.

Done well, microlearning is the answer to the central paradox of security awareness: you need frequent exposure to beat the forgetting curve, but frequent 30-minute modules would destroy the workforce’s productivity. Done badly, microlearning becomes “the same boring slides, in smaller chunks,” and the employee learns to swipe them away. The difference is whether each unit is built around a real scenario the employee recognizes from their week, and whether the system pairs it with a nudge at the actual moment of risk.