Awareness programs

People-centric security

We make not just an awareness program. We train practical security skills. Instill a security culture and foster secure thinking and behavior. We periodically measure our performance with social engineering penetration tests.

Features of our work in the field of ensuring security awareness and user behaviour management:

High-quality teaching
Trainers with experience in teaching IT and corporate security since 2000.
Captivating materials
We actively use multimedia and interactive tools, develop fascinating educational films, animations, etc.
Reduced maintenance effort
Automated management of notifications about the started event, as well as reminders and escalations, relieves you of the chore of getting people to learn.
Effective feedback and KPIs
Testing the effectiveness of the program using socio-technical penetration tests.

Awareness methods and components:

  1. Warning about security rules during interviews before hiring.
  2. Signing commitments (security policy, code of ethics, non-disclosure agreement, personal data, copyright, etc.).
  3. Security responsibilities in job descriptions and security briefings by line managers when introducing a new employee.
  4. Face-to-face and online training, as well as probation testing. Successful testing is a condition for passing the probationary period.
  5. Regular testing of personnel (every 1, 2 or 3 years).
  6. Training and workshops for selected user groups (managers, accountants, software developers, marketing and sales, PR, etc.).
  7. Training and workshops on selected relevant topics for anyone interested (PCI DSS, blockchain, secure software development, SDLC, penetration testing, Risk Management, BCM, Operations Security, Incident Management, etc.).
  8. Automatic tracking system for training and testing, with reminders, escalations, and calculation of statistics for departments.
  9. Information security blog.
  10. Sending by e-mail: follow-ups on incidents in the company and in the world, warnings about major vulnerabilities, security rules, disciplinary measures, etc.
  11. Groups in messengers. Duplicate mailing lists and small notifications.
  12. Handouts (booklets, brochures, etc.).
  13. Posters on walls, doors, dining rooms, toilets, etc.
  14. Electronic posters (banners) on corporate intranet websites. Replacement of website ads with the posters, using the anti-banner filter on the corporate proxy server.
  15. Security research community. Limited group discussing security issues online and offline.
  16. Training of project team members about the customers’ security specifics.
  17. Training for customers, suppliers, and partners.
  18. Polls. Receiving and analyzing user feedback.
  19. Games, contests, competitions.
  20. Taking into account the comments of the Incident Response Committee during regular performance appraisals and estimations of career growth.
  21. Proactive Security Awareness. Friendly, corporate-style warning tips that are generated in real-time before the users try to take a potentially dangerous action (opening a website, attachments, etc.).

Check out our additional services and business cases. Send the form below to request the awareness program. Get a free consultation.

Business cases of projects we completed

Information security incident response and investigation
Managed security and compliance (ISO 27001, etc.)
Security analysis of software source code
Security assessment: audits and penetration tests
Security Operations Center cases