03 — Human Layer

Security Training

Workshop setting with screens showing security concepts, participants engaging with technical content

The problem with most security training

Annual compliance-tick training rarely changes behaviour. Staff click the same phishing links next year. Click rates go down after a simulation, then recover within six months. The content doesn't connect to what people actually do in their jobs.

We build programmes around your organisation's actual threat profile and the specific behaviours that create risk in your environment. That's different from licensing a generic e-learning platform and calling it done.

Phishing simulations

We design and run phishing simulations that reflect real attack patterns — current pretexts, credential harvesting pages that match your actual SaaS tools, multi-step campaigns. We don't just measure click rates. We track what staff do after clicking, and whether awareness-based interventions change that.

  • Campaign design using current threat intelligence
  • Pretexts relevant to your sector and tools
  • Post-click behaviour tracking and analysis
  • Immediate educational feedback to staff who clicked
  • Comparative reporting across departments and roles

Incident response tabletops

A tabletop exercise walks your team through a realistic scenario — ransomware, data breach, supply chain compromise — and tests whether your response procedures actually work under pressure. Most companies discover their incident response plan has never been read by the people who would need to follow it.

  • Scenario design based on your sector's real incident history
  • Executive and technical track options
  • Gap identification in your current IR procedures
  • Post-exercise debrief and written recommendations
  • Remote or on-site delivery

Technical workshops

For development teams, sysadmins, and IT staff who need more than awareness — practical, hands-on sessions on secure coding, OWASP vulnerabilities, Active Directory hardening, or social engineering recognition. Content is adapted to your tech stack and skill level, not taken from a standard catalogue.

  • Secure development practices (OWASP Top 10, injection, auth flaws)
  • Social engineering and pretexting recognition
  • Password management and MFA in practice
  • Cloud misconfiguration basics for non-security staff

NIS2 Article 20 compliance

NIS2 Article 20 requires that management bodies receive training on cybersecurity risk management and that organisations make training available to staff. Our programmes are designed with this requirement in mind and include documentation you can use in your compliance reporting.

Scope and limitations

We run training programmes — we don't operate a learning management system on your behalf or provide ongoing e-learning subscriptions. Sessions are delivered live (remote or on-site) and recorded where you have the infrastructure for it. If you need a full LMS deployment, that's a different conversation.

Pair with

Penetration Testing

A social engineering component in a pentest provides realistic data to shape your training programme content.

View service →

Pair with

Compliance & Audit

Training covers the NIS2 Article 20 human-layer requirement that your compliance audit will check.

View service →