Core concepts

Training Overview

Our training approach

We employ a comprehensive quarterly training approach to cover the vast majority of security awareness needs. This strategy ensures that all employees receive regular, up-to-date training throughout the year. Our content is reviewed and updated annually to reflect the latest security trends and best practices.

We augment the core courses with specialized courses based on industry and regulatory requirements. These courses include:

  • GDPR
  • HIPAA
  • PCI DSS

Core training courses

Our core training curriculum is built upon the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF). This ensures that our training aligns with industry-standard best practices and covers all critical areas of cybersecurity. The content covered in our core courses includes:

  1. Phishing and Safe Email Use
  2. Insider Threats
  3. Personally Identifiable Information Safety
  4. Password Safety
  5. Malware and Ransomware
  6. Social Engineering
  7. Sensitive Data Risks
  8. Physical Data Security

Specialized Courses

We offer role-specific courses for in-depth training on topics relevant to particular job functions or high-risk areas.

For a full list of available courses, see our course catalog.

Schedule

Training is typically distributed as one course per quarter. View specific schedules in the dashboard and training reports.

Reminders

Automated reminders are sent on the first and third Tuesday of each month to users with incomplete training. These reminder emails can be customized to match your organization's communication style.

Certificate of completion

Users can receive a certificate of completion when they successfully complete a course. The certificate is sent to their inbox and can be printed.

Usage Note

All training courses, schedules, and certificates of completion are conveniently available on the Learning Page. Visit the page to explore and manage your training journey with ease.

Admin controls

Curriculum management

The curriculum management feature provides administrators with powerful tools to customize training programs at multiple levels. This allows you to tailor security awareness training to meet specific organizational, departmental, or individual needs.

To access curriculum management:

  1. Select a client from the dropdown
  2. Click on Training from the client menu bar
  3. Select the Curriculum tab

The Curriculum page displays the default company curriculum and provides access to all curriculum management features:

Client-level curriculum changes

Administrators can change the entire curriculum for a client organization. This is useful when:

  • A client has specific industry requirements (e.g., HIPAA, PCI DSS)
  • You need to implement a custom training schedule
  • Different compliance standards apply to the organization

To change a client's curriculum:

  1. Navigate to Training > Curriculum
  2. Click Edit Default Curriculum
  3. Use the filter options to browse available curriculums by area (Healthcare, Financial, Government, etc.)
  4. Select the desired curriculum from the available options
  5. Set a start date for when the curriculum should take effect
  6. Review the course timeline on the right panel
  7. Click Update Curriculum to apply the changes

The new curriculum will apply to all users in the organization unless they have an individual or group override in place.

User and group curriculum overrides

For more granular control, you can override the client-level curriculum for specific users or groups. This is particularly useful for:

  • Executives or high-risk roles requiring specialized training
  • Departments with unique compliance requirements
  • Users who need accelerated or modified training paths

To set a curriculum override:

  1. Navigate to Training > Curriculum
  2. Click Add Override or select an existing override to modify
  3. Choose the assignment scope (Individual User or Group)
  4. Select the specific user or group from the dropdown
  5. Use the filter options to find the appropriate curriculum
  6. Set a start date for when the override should take effect
  7. Review the course timeline to ensure it meets the user's or group's needs
  8. Click Add Override Curriculum to apply

The override takes precedence over the client-level curriculum for the specified users or groups.

One-off course injection

Administrators can inject individual courses for an entire client, specific groups, or individual users. This feature allows you to:

  • Respond to emerging security threats with timely training
  • Provide remedial training based on phishing simulation results
  • Assign specialized courses without changing the entire curriculum

To inject a one-off course:

  1. Navigate to Training > Schedule
  2. Scroll down to the Standalone Course Assignments section
  3. Click Add Course to create a new standalone assignment
  4. Select the course you want to assign
  5. Choose the assignment scope (Entire Organization, Group, or Individual User)
  6. Set the start date and due date for the course
  7. The course will be added to the existing curriculum without modifying the underlying curriculum structure

Standalone courses appear alongside curriculum courses in users' training schedules and are particularly useful for timely responses to security incidents or targeted training needs.

Curriculum Hierarchy

The curriculum system follows a hierarchy: one-off course injections and user/group overrides take precedence over client-level curriculum settings. This ensures maximum flexibility while maintaining organizational control.

Marking a course complete

Administrators can manually mark a course as complete when a user inadvertently completes training under the wrong account, ensuring their training progress is properly reflected in their intended profile without requiring them to retake the course.

To mark a course complete in the dashboard:

  1. Select a client from the dropdown.
  2. Click on Training from the client menu bar.
  3. On the Training overview page, select Details.
  4. Select the radio button in the upper right hand corner to Set Course Completions.
  1. Scroll to the user in question and click the plus icon to add a course completion.
  2. Set a completion date in the menu

Customizing training invites

The system supports customization of two types of training invites:

  • Course due invites - Sent to users when they have a course due
  • Course overdue invites - Sent to users when they are overdue on a course

The system automatically sends the appropriate invite based on whether the user is overdue on their training.

To customize training invites:

  1. Navigate to Settings > Training Preferences
  2. The Training Preferences option is available at the tenant and partner level.
  3. Click the Edit button to begin customization
  1. Customize the following fields:
    • Subject line - The email subject users will see
    • Message text - The body of the email invitation
    • Sending name - The name that appears as the sender
    • Sending email - The email address messages are sent from

White Label Settings

By default, reminders use your white label settings for the sending name and email. To override these settings, uncheck the "Use white labeling settings from name and email" checkbox.

Using email templates

For the message text, it's recommended to:

  1. Click the Apply Template button
  2. Choose from one of the three available templates
  3. Customize the template content as needed for your organization

This ensures professional formatting while allowing you to tailor the message to your specific needs.

Sending completion certificates to users

Sometimes a user may forget to request a course certificate or cannot locate it in their inbox. Dashboard admins can send course completion certificates to users at any time from the dashboard.

  1. Select a client from the dropdown.
  2. Click on Training from the client menu bar.
  3. On the Training overview page, select Details.
  4. Scroll to the user and course in question, then click the icon to send the certificate to the user.
Previous
User risk credit score
Next
Phishing overview