Lesson 1: Zero Trust — “Never trust, always verify.”

Lesson 2: Social Engineering — “Attacks that trick people, not computers.”

Lesson 3: Human Risk Scoring — Understanding how risky behaviors affect security

Lesson 4: Phishing & Business Email Compromise (BEC) — “Email attacks that pretend to be trustworthy.”

Lesson 5: PCI DSS v4.0 — Protecting payment card information

Lesson 6: NIST Cybersecurity Framework (CSF) — A roadmap for managing cyber risk

Lesson 7: COBIT — Aligning security practices with business goals

Lesson 8: Awareness Culture Building — Creating a security-first mindset

Lesson 9: Behavioral Metrics — Measuring what people actually do

How to Identify Phishing Emails – Tips & Tricks

PHISHING — Scenario 1: “Payroll Update Request” (Credential Harvesting)

PHISHING — Scenario 2: “Invoice from a Vendor You Don’t Know” (Attachment Malware)

PHISHING — Scenario 3: “CEO Asking for Gift Cards” (BEC Social Engineering)

PHISHING — Scenario 4: Payroll Suspension Notice (Credential Harvesting)

PHISHING — Scenario 5: Fake Microsoft 365 Security Alert (Account Takeover Attempt)

PHISHING — Scenario 6: Spoofed CEO “Quick Approval Needed” Email (BEC Impersonation)

PHISHING — Scenario 7: File-Sharing Notification (Drive/Dropbox) Asking for Login

PHISHING — Scenario 8: Shipping Notification from “FedEx/UPS” with Tracking Link

PHISHING — Scenario 9: “Your Password Expires Today” (IT Impersonation)

PHISHING — Scenario 10: HR Survey Request (Sensitive Data Harvest)

PHISHING — Scenario 11: Fake “Security Awareness Test” Email (Training Spoof)

PHISHING — Scenario 12: “Shared Augmented-Reality Workspace Invite” (Cutting-Edge Collaboration Tool Phish)

How to identify Vishing Calls – Tips & Tricks

VISHING — Scenario 1: “IT Support Asking for MFA Code”

VISHING — Scenario 2: “Fake Bank Security Call”

VISHING — Scenario 3: “CEO Calling From a Personal Phone” Executive Impersonation

VISHING — Scenario 4: “Utility Shutoff Scam” Operational Disruption Threat

VISHING — Scenario 5: “External Auditor Verification” Data Exfiltration Attempt

VISHING — Scenario 6: “Package Delivery Verification Call” Multi-Stage Identity Attack

VISHING — Scenario 7: “IT Asset Recovery Call” Equipment & Identity Fraud

VISHING — Scenario 8: “Health Benefits Update Finalization Call” HR Impersonation for PII Theft

INSIDER-THREAT — Scenario 1: “Employee Downloading Files Before Leaving Job”

INSIDER-THREAT — Scenario 2: “Privileged Administrator Accessing HR Files Without a Ticket”

INSIDER-THREAT — Scenario 3: “Employee Sharing Internal Documents with Personal Email”

INSIDER-THREAT — Scenario 4: “Contractor Accessing Systems After Their Engagement Ends”

INSIDER-THREAT — Scenario 5: “Employee Bypassing Security Controls Using Shadow IT”

INSIDER-THREAT — Scenario 6: “Insider Manipulating Logs to Hide Unauthorized Activity”

INSIDER-THREAT — Scenario 7: “Employee Printing Confidential Reports and Leaving Them Unattended”

INSIDER-THREAT — Scenario 8: “Employee Falling for Spear-Phishing and Entering Credentials”

How to Identify Text Message Phishing (Smishing) – Tips & Tricks

SMISHING — Scenario 1: “Bank Fraud Alert – Confirm or Your Account Will Be Frozen”

SMISHING — Scenario 2: “Your Friend Sent You Photos – Click to View”

SMISHING — Scenario 3: “Workplace Survey – Mandatory for All Staff”

SMISHING — Scenario 4: “Your Organization Requires Security Verification – Log In Here”

SMISHING — Scenario 5: “Your Tax Refund Is Available – Click to Claim”

SMISHING — Scenario 6: “Your Apple/Google ID Will Be Locked – Verify Now”

SMISHING — Scenario 7: “Package Delivery Attempt Failed – Pay $1.99 to Reschedule”

SMISHING — Scenario 8: “You Have Received $5,000 — Log in to Claim Deposit”

GOVERNANCE / RISK — Scenario 1: “Incorrectly Stored Credit Card Data” (Compliance Failure)

GOVERNANCE / RISK — Scenario 2: “Unapproved Vendor Handling Sensitive Data”

GOVERNANCE / RISK — Scenario 3: “Project Launch Without a Risk Assessment”

GOVERNANCE / RISK — Scenario 4: “Weak Access Controls for High-Privilege Accounts”

GOVERNANCE / RISK — Scenario 5: “No Monitoring or Metrics for Security Awareness Program”

GOVERNANCE / RISK — Scenario 6: “Failure to Document an Incident Response Process”

Be The Firewall — Spotting Threats in Seconds

VISHING — Assessment 1 “Boss” on WhatsApp

VISHING — Assessment 2 “IT Support” Urgent Call

VISHING — Assessment 3 ACME “$399 Refund” Scam

PHISHING — Assessment 1 “ACTION REQUIRED: Account Verification Failure”

PHISHING — Assessment 2 “IMPORTANT: Updated Work-from-Home Policy”

SMISHING — Assessment 1 “YourBank Alert”

SMISHING — Assessment 2 “$5,000 Customer Appreciation Reward”

INSIDER-THREAT — Assessment 1 “Disgruntled Employee”

INSIDER-THREAT — Assessment 2 “Data Misuse”

ZERO-TRUST in Action — Analyzing Access Decisions Through Real-World Scenario

PCI DSS v4.x — Understanding Through Human Behavior, Technical Controls, and Business Impact

NIST + PCI + COBIT — Governance Risk Case Study

Be the Firewall — Advanced IT Security Awareness Scenarios

IT Security Awareness Foundational to Intermediate Scenario Timed Quiz — Set 1

IT Security Awareness Foundational to Intermediate Scenario Timed Quiz — Set 2

IT Security Awareness Advanced & High-Risk Scenario Timed Quiz — Set 1

IT Security Awareness Advanced & High-Risk Scenario Timed Quiz — Set 2