🎓Awareness training
Cybersecurity awareness program: simulated phishing campaigns, e-learning modules, in-person training for devs and non-tech. Measurable, progressive, no blame.
The context
In 2026, Verizon DBIR reports 82% of breaches involve a human factor: phishing, social engineering, compromised credentials, or configuration error. Yet many companies treat security as a purely technical problem. Firewalls, MFA, antivirus. Without training the people who use them.
The problem: traditionally taught security is boring, paternalistic, and ineffective. 45-minute annual video watched at fast-forward, quiz failed for fun, return to routine 24h later. The phishing click rate never drops below 15% with these approaches — when it should be < 3%.
Our approach: continuous and measurable program. Monthly simulated phishing campaigns with realistic and evolving scenarios. Short e-learning modules (3-5 min), gamified, targeted by profile (dev, marketing, HR, executives). In-person training for critical topics (secure dev, incident management). No blame — people who click receive a constructive debrief, not a blame. Measured result: click rate divided by 5 in 6 months.
82%
Breaches involving humans
Verizon DBIR 2025 — phishing, social engineering, credentials
5×
Phishing click reduction
Click rate divided by 5 after 6 months of active program
3-5 min
E-learning module
Short format adapted to schedules, gamified
0
Blame
Constructive approach — debrief, not blame, for phishing clicks
What we offer
From simulated phishing for the masses to secure dev training for techs, we cover all profiles.
Monthly targeted campaigns.
Simulated phishing emails sent monthly with evolving scenarios (urgent invoice, fake Microsoft 365, compromised Dropbox link, executive deepfake). Click rate measurement, risk profile identification. Constructive debrief for those who click.
20 short gamified modules.
Library of e-learning modules 3-5 min each: phishing, passwords, MFA, mobile security, social engineering, GDPR, remote work, physical security. SSO access, progress tracking, individual certificates.
For developers.
OWASP Top 10 training with concrete examples in the team's language. SQL/NoSQL injection, XSS, CSRF, deserialization, IDOR, SSRF. Practical workshop with CTF exercises. Awareness of vulnerable dependencies (CVE).
Beyond email phishing.
Awareness of phone attacks (vishing), SMS (smishing), chat (Slack/Teams), even in person (tailgating). Recent concrete cases. Simulation workshop with played scenarios. Manager and IT training.
Privileged attack targets.
Executive-dedicated program: whaling, CEO fraud, voice/video deepfakes, risky travel. Individual or small group format. Confidential. Focus on risks specific to executive role.
For non-tech handling PII.
GDPR training for HR, sales, support, marketing: what's allowed with data, how to respond to a user request, how to handle a prospecting email. Practical cases, not theory.
Our approach
We start by measuring current level, deploy progressively, measure progress continuously.
First simulated phishing campaign without preparation to measure current click rate. Population mapping (devs, marketing, HR, executives). Priority topic identification based on industry and business risks.
E-learning platform setup (KnowBe4, SoSafe, Hoxhunt, or custom solution). Module upload. Profile-based learning path creation. Internal communication to announce the program. HR and IT team onboarding.
Monthly simulated phishing campaigns with evolving scenarios. In-person training for critical topics (secure dev, executives). Monthly e-learning module push. Personalised debriefs for risk profiles.
Quarterly review: metrics analysis (phishing clicks, e-learning completion, quiz scores), identification of progressing and stagnating profiles, scenario and training adjustments. Executive committee reporting.
Platforms & tools
Combination of premium platforms and open-source tools based on budget.
Premium Awareness platforms
KnowBe4 · SoSafe · Hoxhunt · Proofpoint · Cofense
KnowBe4 US leader (huge content catalogue). SoSafe European GDPR-friendly. Hoxhunt very effective engagement-wise. Proofpoint for already-equipped enterprises.
Open-source simulated phishing
Gophish · King Phisher · SET · Phishery
Gophish mature open-source standard. King Phisher more complete. SET (Social Engineering Toolkit) for advanced scenarios. Phishery for HTTP basic auth attacks.
E-learning content
Articulate Rise · Genially · Powtoon · Loom
Articulate Rise for serious professional modules. Genially for interactive and gamified side. Powtoon for short videos. Loom for quick personal videos.
Secure dev training
Secure Code Warrior · HackEDU · TryHackMe · OWASP Top 10
Secure Code Warrior very effective for devs (internal CTF). HackEDU for guided paths. TryHackMe for offensive practice. OWASP free for reference content.
Quiz & gamification
Quizizz · Kahoot · Mentimeter · Typeform
Kahoot for group sessions (game effect). Quizizz for self-assessment. Mentimeter for interactive questions in training. Typeform for final assessments.
Measure & reporting
Custom dashboards · Looker · Notion · Tableau
Centralised security metrics dashboards (phishing clicks, completion, scores). Looker for serious BI. Notion for simple executive presentations. Tableau if already in place.
Measurable guarantees
5×
Phishing click decrease
Click rate divided by 5 over 6 months of active program. If not reached, we extend without billing.
100%
Accessible modules
All e-learning modules available in each collaborator's language. FR/EN mandatory.
0
Blame
Constructive approach. Phishing clicks lead to pedagogical debrief, not HR blame.
< 5 min
Single module
Short format adapted to busy schedule. No 45-min unbearable video.
定价
我们不提供抽象套餐,而是根据你的情况量身定制:范围、复杂性、截止日期、约束条件。用 3 句话告诉我们你想做什么——我们会在 48 个工作小时内回复一份正式报价。
48 个工作小时内回复 请求报价 →你的邮件已准备好 🚀
我们打开了你的邮件客户端并预填了所有信息。点击发送,团队将在 24 个工作小时内回复。
