It can be tempting to start deploying security awareness training as soon as the resoures are available. But you only get one chance, and it makes sense to plan it out.

Phase 1 – Assess where you’re at, including exec inputs

Phase 2 – Plan the content roll-out for both risk and compliance

Phase 3 – Engage business unit management to plan their roll-outs

Phase 4 – Create messaging to set expectations

Phase 5 – Begin roll-out of course content and assessments

Then do periodic assessments of knowledge and how the process is working, so you can make adjustments.

It’s tempting to “just start doing something”, and there are some things you can do. But if you get too far down the road without planning it will be hard to make time for planning later and to make significant adjustments without it looking like an ad-hoc program.

Security awareness paradox

Photo by Ryan Putra on Unsplash

It’s been a “super-fantastic” experience to see people learning and talking about security threats.

For just $325 USD, you can run a 6 week, automated program for gamified phishing awareness training and challenges.  (Limited time offer. Normally valued at $999 USD)

Use Promo Code: 6WEEKS

    That won’t build credibility with executives.


    Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.