Role-specific training

Generic security training doesn’t work because different roles face different risks and work different ways. Adapt content to actual threats people encounter in their jobs.

Executives and leadership

Unique risks: Targeted spearphishing, business email compromise, public visibility, travel, high-value access, board materials

Training focus:

  • Whaling attacks (CEO fraud)

  • Travel security

  • Public information exposure

  • Delegate verification procedures

  • Board material handling

Format: Executive briefings (30 min), one-on-one coaching, secure travel kits

Developers and engineers

Unique risks: Code security, dependency management, credentials in code, API security, insider threats

Training focus:

  • Secure coding practices

  • Secret management

  • Supply chain security

  • Code review for security

  • Incident response for security bugs

Format: Lunch-and-learns, code review exercises, CTF competitions, integration with DevSecOps

Finance and accounting

Unique risks: Business email compromise, invoice fraud, wire transfer fraud, tax scams, payroll targeting

Training focus:

  • Payment verification procedures

  • Invoice scrutiny

  • Wire transfer confirmations

  • Authority verification

  • Social engineering targeting finance

Format: Roleplay of common frauds, verification procedure practice, incident case studies

Human resources

Unique risks: Resume malware, candidate data theft, employee impersonation, benefits scams

Training focus:

  • Resume screening

  • Candidate verification

  • PII protection

  • Employment verification fraud

  • Benefits enrollment scams

Format: Examples of malicious resumes, data handling workshops, verification procedure practice

Customer support

Unique risks: Social engineering for customer data, account takeover attempts, support tool access abuse

Training focus:

  • Caller verification

  • Data disclosure policies

  • Account recovery security

  • Recognising social engineering

  • Escalation procedures

Format: Call scenarios, verification practice, incident response drills

Marketing and communications

Unique risks: Brand impersonation, social media compromises, campaign hijacking, public-facing systems

Training focus:

  • Social media security

  • Domain and brand protection

  • Public communications verification

  • Crisis communications

  • Third-party risks (agencies, vendors)

Format: Social media hijack scenarios, brand impersonation examples, verification procedures