Facilitation over instruction¶

In Montessori practice, the adult’s primary role is observation. They watch what the learner is doing, notice where engagement is deep and where it is shallow, and intervene only to ask a question, introduce a new material, or adjust the environment. They do not narrate the correct solution. They do not hover. They do not redirect every deviation from the expected path.

For security teams, this is a significant departure from most training contexts, where the expert presents and the learner receives. It requires a different set of skills and a different understanding of what the facilitator is for.

What facilitation looks like¶

The facilitator in a Montessori-inspired security context spends most of their time watching: what the team is engaging with, where they are getting stuck, what they are skipping over, and what questions they are not asking that they probably should be.

The intervention when someone is stuck is a question, not an answer. “What assumptions are you making about the trust boundary here?” produces different thinking than “the trust boundary is misconfigured in line four.” The former develops the learner’s ability to interrogate their own model. The latter delivers a fix that may or may not transfer to the next problem.

The intervention when someone is going in an interesting direction is encouragement and possibly a pointer to something that will extend the exploration. “You’re noticing something real there. Have you seen how this behaves when the API gateway is involved?” is a facilitation move. “That’s not what this exercise is about” is instruction, and it kills the kind of curiosity that builds real capability.

The facilitator is not passive¶

Observation is active work. The facilitator is building a model of each learner’s understanding, tracking where the gaps are, noticing patterns across the team, and adjusting the environment based on what they observe. This is where the connection to SEM is direct: the facilitator is continuously running a model-check, asking whether the exercises are producing the understanding they were designed to produce or whether they need to change.

The facilitator also manages the conditions for safety. For self-directed learning and genuine exploration to happen, it needs to be genuinely safe to fail, to go down a wrong path, to express uncertainty, and to ask a question that reveals a gap. If the learning environment has an evaluative quality, where the learner feels that their standing depends on appearing competent, they will perform competence rather than build it. The facilitator is responsible for the culture in the room, and that culture is set by how they respond when things do not go as expected.

When to intervene¶

Intervene when someone is blocked in a way that is not productive: stuck on a prerequisite that is not the point of the exercise, operating on a misunderstanding that will produce increasingly wrong results, or visibly at a point where they need a nudge rather than more time.

Intervene when the whole group is missing something significant: a technique they have not encountered, a frame that would make the current problem tractable, a connection to something they have seen before that they have not made.

Intervene when the environment itself is producing the blockage: the lab is not behaving as intended, the documentation is unclear, the exercise design has a flaw. Adjust the environment and continue.

Do not intervene to provide the answer, to demonstrate your own knowledge, or to ensure that the exercise proceeds in the expected way. These are instruction moves, not facilitation moves, and they convert a self-directed learning experience into a guided demonstration.

The facilitator’s own development¶

Facilitation in this sense is a skill that develops through practice and reflection. Most people who are good at security are not automatically good at this kind of facilitation, because the skills are different and the instincts point in opposite directions. The expert’s instinct is to share what they know. The facilitator’s instinct needs to be to create conditions where the learner can discover it.

This is worth naming directly rather than assuming it will happen by default.