🎓Awareness training
Cybersecurity awareness program: simulated phishing campaigns, e-learning modules, in-person training for devs and non-tech. Measurable, progressive, no blame.
The context
In 2026, Verizon DBIR reports 82% of breaches involve a human factor: phishing, social engineering, compromised credentials, or configuration error. Yet many companies treat security as a purely technical problem. Firewalls, MFA, antivirus. Without training the people who use them.
The problem: traditionally taught security is boring, paternalistic, and ineffective. 45-minute annual video watched at fast-forward, quiz failed for fun, return to routine 24h later. The phishing click rate never drops below 15% with these approaches — when it should be < 3%.
Our approach: continuous and measurable program. Monthly simulated phishing campaigns with realistic and evolving scenarios. Short e-learning modules (3-5 min), gamified, targeted by profile (dev, marketing, HR, executives). In-person training for critical topics (secure dev, incident management). No blame — people who click receive a constructive debrief, not a blame. Measured result: click rate divided by 5 in 6 months.
82%
Breaches involving humans
Verizon DBIR 2025 — phishing, social engineering, credentials
5×
Phishing click reduction
Click rate divided by 5 after 6 months of active program
3-5 min
E-learning module
Short format adapted to schedules, gamified
0
Blame
Constructive approach — debrief, not blame, for phishing clicks
What we offer
From simulated phishing for the masses to secure dev training for techs, we cover all profiles.
Monthly targeted campaigns.
Simulated phishing emails sent monthly with evolving scenarios (urgent invoice, fake Microsoft 365, compromised Dropbox link, executive deepfake). Click rate measurement, risk profile identification. Constructive debrief for those who click.
20 short gamified modules.
Library of e-learning modules 3-5 min each: phishing, passwords, MFA, mobile security, social engineering, GDPR, remote work, physical security. SSO access, progress tracking, individual certificates.
For developers.
OWASP Top 10 training with concrete examples in the team's language. SQL/NoSQL injection, XSS, CSRF, deserialization, IDOR, SSRF. Practical workshop with CTF exercises. Awareness of vulnerable dependencies (CVE).
Beyond email phishing.
Awareness of phone attacks (vishing), SMS (smishing), chat (Slack/Teams), even in person (tailgating). Recent concrete cases. Simulation workshop with played scenarios. Manager and IT training.
Privileged attack targets.
Executive-dedicated program: whaling, CEO fraud, voice/video deepfakes, risky travel. Individual or small group format. Confidential. Focus on risks specific to executive role.
For non-tech handling PII.
GDPR training for HR, sales, support, marketing: what's allowed with data, how to respond to a user request, how to handle a prospecting email. Practical cases, not theory.
Our approach
We start by measuring current level, deploy progressively, measure progress continuously.
First simulated phishing campaign without preparation to measure current click rate. Population mapping (devs, marketing, HR, executives). Priority topic identification based on industry and business risks.
E-learning platform setup (KnowBe4, SoSafe, Hoxhunt, or custom solution). Module upload. Profile-based learning path creation. Internal communication to announce the program. HR and IT team onboarding.
Monthly simulated phishing campaigns with evolving scenarios. In-person training for critical topics (secure dev, executives). Monthly e-learning module push. Personalised debriefs for risk profiles.
Quarterly review: metrics analysis (phishing clicks, e-learning completion, quiz scores), identification of progressing and stagnating profiles, scenario and training adjustments. Executive committee reporting.
Platforms & tools
Combination of premium platforms and open-source tools based on budget.
Premium Awareness platforms
KnowBe4 · SoSafe · Hoxhunt · Proofpoint · Cofense
KnowBe4 US leader (huge content catalogue). SoSafe European GDPR-friendly. Hoxhunt very effective engagement-wise. Proofpoint for already-equipped enterprises.
Open-source simulated phishing
Gophish · King Phisher · SET · Phishery
Gophish mature open-source standard. King Phisher more complete. SET (Social Engineering Toolkit) for advanced scenarios. Phishery for HTTP basic auth attacks.
E-learning content
Articulate Rise · Genially · Powtoon · Loom
Articulate Rise for serious professional modules. Genially for interactive and gamified side. Powtoon for short videos. Loom for quick personal videos.
Secure dev training
Secure Code Warrior · HackEDU · TryHackMe · OWASP Top 10
Secure Code Warrior very effective for devs (internal CTF). HackEDU for guided paths. TryHackMe for offensive practice. OWASP free for reference content.
Quiz & gamification
Quizizz · Kahoot · Mentimeter · Typeform
Kahoot for group sessions (game effect). Quizizz for self-assessment. Mentimeter for interactive questions in training. Typeform for final assessments.
Measure & reporting
Custom dashboards · Looker · Notion · Tableau
Centralised security metrics dashboards (phishing clicks, completion, scores). Looker for serious BI. Notion for simple executive presentations. Tableau if already in place.
Measurable guarantees
5×
Phishing click decrease
Click rate divided by 5 over 6 months of active program. If not reached, we extend without billing.
100%
Accessible modules
All e-learning modules available in each collaborator's language. FR/EN mandatory.
0
Blame
Constructive approach. Phishing clicks lead to pedagogical debrief, not HR blame.
< 5 min
Single module
Short format adapted to busy schedule. No 45-min unbearable video.
가격
추상적인 패키지 대신 귀하의 상황에 맞춰 범위, 복잡성, 마감일, 제약 조건을 고려합니다. 하고 싶은 일을 3문장으로 작성해 주시면 — 영업시간 기준 48시간 이내에 확정 견적으로 회신해 드립니다.
영업시간 기준 48시간 이내 답변 견적 요청 →이메일이 준비되었습니다 🚀
이메일 클라이언트를 열고 모든 정보를 미리 채웠습니다. 보내기를 클릭하면 팀이 24 영업시간 내에 답변드립니다.
