What Is A Good Security Awareness Training Solution For a Small Company

egrizzlyegrizzly B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+Member Posts: 500 ■■■■■□□□□□
The new startup I work for has less than 100 employees guys. We've been hunting for a convenient security awareness training solution.  Can you all recommend one that is easy and affordable? 

Again, it's a company with less than 100 employees.  Thanks in advance for the participation, comments, and tips guys.
B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+

Comments

  • SteveLavoieSteveLavoie Member Posts: 1,064 ■■■■■■■■■□
    edited April 2020
    I am working with a small partner in Quebec, Canada, their training is web based and available in french and english (among other language). Price is affordable  https://www.kereon.com/security-awareness-program/?lang=en

    Their training solution is well liked among my customer (most are under 100 employees)

  • Neil86Neil86 Member Member Posts: 180 ■■■■□□□□□□
    edited April 2020
    I'm not very experienced in this, but at my previous employer we used KnowBe4. We received good feedback from staff that they enjoyed the training videos and the phishing campaigns we implemented. It was my first experience playing a role in security awareness training and I enjoyed it a lot. I found it very easy to use too. Can't comment on affordability, though. I do remember we were able to offer English and Spanish versions.

    https://www.knowbe4.com/
  • stryder144stryder144 Senior Member Member Posts: 1,684 ■■■■■■■■□□
    The startup I was working for, at less than 50 employees, was looking for training like this.  We found KnowBe4 to be the most affordable along with having an extensive catalog.
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,426 Mod
    I used wombat security in the past...good enough, gets the job done
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube Channel!

  • egrizzlyegrizzly B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+ Member Posts: 500 ■■■■■□□□□□
    Oh, wow. These are all good suggestions. I consider my search done.  Thanks a mil guys.
    B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSOM GSEC EnCE C|EH Cloud+ CySA+ CASP+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,671 Admin
    Just make sure the written security policies of your business are in alignment with the information presented in whatever training material you provide to your employees.
  • stryder144stryder144 Senior Member Member Posts: 1,684 ■■■■■■■■□□
    JDMurray said:
    Just make sure the written security policies of your business are in alignment with the information presented in whatever training material you provide to your employees.

    That is a great point, one I failed to consider when recommending KnowBe4.  Nothing worse than either the training not aligning or there being some unenforceable provision in the security policy.
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK Member Posts: 518 ■■■■■■■■□□
    What are you looking for when it comes to security awareness training? Tracking completion or some other form of assessment? Polished video content? If you're tracking completion, what is the driver? Regulation, policies? If someone refuses to take it, do they get fired or any punishment at all?

    I mean, with 100 persons, you could require they attend a 30-60-minute training talk that you lead. Track attendance in Excel. Done. This keeps things entirely tailored to your needs, policies, and requirements. You could even publish your own PPT/PDF, and there are sites that let you do testing, much like ad hoc surveys with SurveyMonkey. (I wish I could remember what I've used in the past, but alas...)


    I guess my point is, don't make this too crazy and don't spend money if you don't need to. A startup with 100 emps...I'd love to spend that money somewhere else.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • Infosec_SamInfosec_Sam Security+, CCENT, ITIL Foundation, A+ Madison, WIAdmin Posts: 527 Admin
    Hey there, @egrizzly! If you're still looking for an awareness solution, I'd encourage you to also check out Infosec IQ! We have a huge library of content, both on the awareness education side and the phishing simulation side. We actually just released a new campaign kit the other day in our Resource Center, which we're really proud of - you should check it out! And feel free to reach out if you have any questions!
    Community Manager at Infosec!
    Who we are | What we do
Sign In or Register to comment.