sign in sign up
<<
Home , Secure coding

Content Catalog 2021

1 Table Of Contents

TRAINING SERIES NANO-MODULES Cont. (~1min.) ● SIMON SAYS ● Secure Coding - Introduction ● TGIS ● Secure Coding - and ● TrueEye IRL ● Secure Coding - Injection ● BORN SECURE: TRAINING GROUNDS ● Secure Coding - Least Privilege ● The Squad ● Secure Coding - OWASP introduction ● BORN SECURE: WEBB OF LIES ● Secure Coding - Patching (coming soon) ● Secure Coding - Source Code Secrets

TRAINING MODULES ● Secure Coding - Static Analysis ● Secure Coding - Threat Modeling NANO-MODULES (~1min.) ● Whaling ● Secure Coding - Vulnerable ● Policy Dependencies ● Telework/Remote Work Security ● Don't Reuse Passwords MICRO-MODULES (~2-3min.) ● Don't Share Passwords ● ● Physical Security ● Password Managers ● Safety Online ● Phishing ● Travel Secure ● Spear-phishing ● Password Reuse ● Smishing ● ● Work From Home (WFH) ● Mobile Security ● Themed Phishing ● Secure Your Apps ● Internet of Things (IoT) ● Device Security ● Cloud Security Threats ● Internet Of Things ● Vendor Email Compromise (VEC) ● Insider Threat ● Synthetic Identity Theft ● Physical Security ● Suspicious Activity Reporting ● Tailgating/Piggybacking ● Advanced Financial Social ● Data Classification Engineering ● Data Privacy ● Point of Sale (PoS) Security ● PII ● PHI BIG IDEAS (~3-5min.) ● PCI ● Privacy ● HIPPA ● Passwords ● GDPR ● PII ● CCPA ● General Cybersecurity ● PIPEDA ● Phishing ● Vishing ● Data Classification ● Shadow IT ● Privileged Permissions ● MFA ● Vishing

ROLE-BASED TRAINING ● Sales ‘why’ ● HR ● Marketing ‘why’ ● Finance ● HR ‘why’ ● Priv. User ● Finance ‘why’ ● Support ● Exec. Assistant ‘why’ ● General ● Service Desk ‘why’ ● Customer Support ‘why’ SECURITY TRIVIA ● Vendor/Supply Chain ‘why’ ● 101 ● 102

2 Table Of Contents

PHISHING SKILLS INTEGRATED PUZZLES ● 101 ● COMPLETE ● 102 ● UNSCRAMBLE ● Mobile ● VISHING

THREAT INSIGHT ● HOTSPOT- HOME ● 101 ● CLASSIFY ● 102 ● FLAGS ● SCAN AM I SECURE ● CAMERA ● 101 ● PHISHING ● 102 ● RAW PHISH ● THE SOCIAL CULTURE ASSESSMENT ● SOCIAL CONNECTION ● PIKTRHUB EXECUTIVE TRAINING ● CRAFT A PHISH V2 ● Why Executives are Targeted ● CORKBOARD ● Phishing Skills- BEC ● EMOJI PASSPHRASE ● Understanding the Black Market ● DATING GAME ● Threat Insight for Executives ● Privacy for Executives ● VISHING V2 ● Travel Secure for Executives ● INCIDENT RESPONSE CYOA ● MALWARE UNSCRAMBLER RETENTION QUIZZES All Major Series

TEAM-BASED TRAINING ● (CYBERESCAPE ONLINE) CRITICAL MASS (GENERAL) ● BORN SECURE (ENTRANCE EXAM - GENERAL) ● BORN SECURE (ENTRANCE EXAM - STORES)

3 Training Series

Simon Says TGIS

General Audience | 20:40 General End User | 26:31

DESCRIPTION DESCRIPTION Join Atlas and MJ as they track the activities of Thank Goodness It's Secure is an episodic Simon, an accused murderer, and his identical sitcom set in a local coffee shop, The Ground clone counterpart. Become a part of the story as Truth, and follows the life of new barista, Allie a remote team agent as you solve puzzles, Button, as she learns to take control of her life. answer security questions and identify security The shop's lovable regulars, businessmen, missteps while you locate the bot and entrepreneurs, jobseekers, keep her preoccupied determine who the real killer is. with no shortage of trials as they grow together to lead more secure lifestyles. LEARNING OBJECTIVES Password Hygiene, Phishing Awareness, Social LEARNING OBJECTIVES Media Privacy, Default Credentials, Secure Data Multi-Factor Authentication, Remote Storage, Physical Security, Safety Online, Device Access/Authentication, Mobile Phishing, Incident Security Reporting, Biometric authentication, Safety Online, Smishing, Healthy Paranoia INTEGRATED TRAINING ● Retention Modules per Episode (4) INTEGRATED TRAINING ● Training Modules (4+) ● Retention Modules per Episode (4) ● Training Modules (4+) INTEGRATED PUZZLES ● The Social - Use social media for an investigation ● Scan- Determine the default credentials on IoT devices ● Craft a Phish - Determine the best phishing email ● Call to Pass - Use clues from a phone call to determine company credentials

4 Training Series

True Eye Phishing IRL

General End User | 18:02 General End User, Phishing Remediation Training | 9:08 DESCRIPTION True Eye is a Hollywood-style thriller that DESCRIPTION follows new-hire, Adrian Bridges, through his An engaging, training-driven storyline designed first day at a global AI-technology firm. Adrian’s to debunk myths about cyber criminals and policy orientation and security training quickly better inform end-users about what phishing spin into suspense and intrigue as his personal looks like in real life. AI device, Guide, starts asking him to do unethical and even dangerous things with LEARNING OBJECTIVES sensitive data. His adventure offers a glimpse Origination of Phishing Emails, Cyber Criminal into proper operational security, how technology Organizations, Phishing Email Analysis, Effectsof affects people and what we can do about it. Phishing Emails

LEARNING OBJECTIVES INTEGRATED TRAINING Password Hygiene, Secure Data Storage, ● Retention Modules per Episode (4) Phishing Awareness, Physical Security, Social ● Training Modules (4+) Media Privacy, Safety Online, Device Security, Default Credentials INTEGRATED PUZZLES ● Craft a Phish - Determine the best INTEGRATED TRAINING phishing email ●Retention Modules per Episode ● Spoil The Vish - Stop the vishing attempts INTEGRATED PUZZLES ● Flags - Detect the red flags in phishing ● Hotspot - Identify the security emails vulnerabilities ● Classify - Determine the security level of assets ● Vishing - Follow a vishing attack scenario ● Unscramble - Create the sentences that describe cybersecurity best practices

5 Training Series

Born Secure: The Squad Training Grounds General End User | 21:00

DESCRIPTION It’s the year 2027, and the Squad is on the verge of launching their biggest project to date: taking 7G to the moon! However, just before their big day, the Squad’s biggest rival, Copy Dat, announces they’re doing the same thing! How is this possible?! Did Orson overshare on social media? Did Caleb get phished!? It’s a race against the clock to reclaim the Squad’s beloved project from being defunded, replace the competitor’s project with a better one and restore glory to its rightful place. Squad up! This General End User | 24:00 one’s going to be fun.

DESCRIPTION LEARNING OBJECTIVES This training experience follows Jacob Webb, A comedic, threat-driven storyline designed to code-named xGhost, never considered a life as immerse viewers in security awareness without it a cyber-operative until he was hand-picked as a feeling like training. This live-action, 3-part series candidate for a government-funded, cyber will drive engagement and comprehension around training Program. The Program is designed to oversharing, social media and phishing (BEC) better defend critical assets and infrastructure by than anything else before it. operating in the shadows and infiltrating the cyber underground. As xGhost and the other INTEGRATED TRAINING candidates enter Phase 3 of their training, their ● Oversharing on Social Media anticipation of real-world operations grows. But ● Privacy settings and cleaning up digital the veil of secrecy leads xGhost into doing footprint someone else’s bidding. ● Spear-Phishing & Spear-Vishing ● Business Email Compromise (BEC) & Vendor LEARNING OBJECTIVES Email Compromise (VEC) Phishing, Password hygiene, physical security, ● Incident Response attack mapping, asset protection ● Policy & Compliance

INTEGRATED TRAINING Phishing Awareness, Physical Security Born Secure: Vulnerabilities, Attack Mapping, Protecting Assets Webb of Lies (coming soon)

INTEGRATED PUZZLES ● Craft a Phish - Experience designing phishing emails ● HotSpot V3 - Identify physical security vulnerabilities ● Corkboard - Understand high level attack strategies

6 Training Modules

Nano-modules (all ~1min.)

Whaling End Users | 58 sec. | 3 questions

LEARNING OBJECTIVES ● Who whaling targets ● What whaling looks like ● The difference between whaling and spear-phishing

Policy Don’t Share Passwords End Users | 58 sec. | 3 questions End Users | 57 sec. | 3 questions

LEARNING OBJECTIVES ● Understand the importance of policies LEARNING OBJECTIVES ● Understand how policies protect data ● Learn how sharing passwords is ● Understand how policies protect you unsecure ● Learn who you can share passwords with ● Learn how to protect your accounts

Telework/Remote Work Security Password Managers End Users | 1:14 | 3 questions End Users | 1:05 | 3 questions

LEARNING OBJECTIVES LEARNING OBJECTIVES ● Learn the risks of remote work ● Learn what password managers are ● Learn how VPNs protect you ● Understand how password managers ● Learn how to safely work remotely work ● Understand how they can protect you

Phishing Don’t Reuse Passwords End Users | 1:14 | 3 questions End Users | 1:04 | 3 questions

LEARNING OBJECTIVES LEARNING OBJECTIVES ● Understand the concept of phishing ● Learn the risk of reusing passwords ● Learn the most common type of phishing ● Learn how to avoid reusing passwords ● Learn how to identify phishing attacks ● Learn the use of password managers

7 Training Modules

Nano-modules (continued)

Spear-Phishing Secure Your Apps End Users | 1:02 | 3 questions End Users | 55 sec. | 3 questions

LEARNING OBJECTIVES LEARNING OBJECTIVES ● Understand the concept of ● Understand application dangers spear-phishing ● Learn about where to securely download ● Learn the difference between apps spear-phishing and simply phishing ● Learn how criminals use apps against ● Learn the tactics behind spear-phishing you

Device Security Smishing End Users | 1:00 | 3 questions End Users | 1:00 | 3 questions LEARNING OBJECTIVES LEARNING OBJECTIVES ● Understand the physical security threats ● Understand the concept of smishing to our devices ● Understand why smishing is a threat ● Learn the importance of securing your ● Learn how to spot smishing attacks devices ● Learning how to properly secure your devices

Malware Internet of Things (IoT) End Users | 58 sec. | 3 questions End Users | 1:03 | 3 questions

LEARNING OBJECTIVES LEARNING OBJECTIVES ● Learn the definition of malware ● Learn what makes up the IoT ● Understand how to help protect against ● Learn about the IoT devices default malware credentials and security threats ● Understand the importance of updates ● Understand how to better protect your IoT devices

Mobile Security

End Users | 1:00 | 3 questions Insider Threat End Users | 1:03 | 3 questions LEARNING OBJECTIVES ● Understand why your mobile devices LEARNING OBJECTIVES need security ● Understand the dangers of an insider ● Learn how to secure your mobile devices threat ● Learn the security settings that help ● Learn about the prevalence of insider secure your mobile devices threats ● Understand stand how you can also be an accidental insider threat

8 Training Modules

Nano-modules (continued)

Physical Security PII (new) End Users | 1:08 | 3 questions End Users | 1:41 | 3 questions

LEARNING OBJECTIVES LEARNING OBJECTIVES ● Learn how physical security is ● Understand the definition of personally intertwined with cyber security identifiable information (PII) ● Understand how to do your part or ● Learn how to safely share, collect and physical security protect PII ● Learn the importance of verifying before you trust PHI (new) End Users | 1:49 | 3 questions Tailgating/Piggybacking End Users | 54 sec. | 3 questions LEARNING OBJECTIVES ● Understand the definition of protected LEARNING OBJECTIVES health information (PHI) ● Explore the threat of tailgating ● Learn how to safely share, collect and ● Learn the motive behind a tailgating protect PHI attempt ● Reporting breaches in a timely manner ● Learn how to prevent tailgating

PCI (new) Data Classification End Users | 1:30 | 3 questions End Users | 58 sec. | 3 questions LEARNING OBJECTIVES LEARNING OBJECTIVES ● Understand the definition of payment ● Understand the importance of data card industry (PCI) information, terms classification and regulations ● Learn the general types of data ● Learn how to comply with PCI ● Learn how you can be more conscience ● Prepare to safely share, collect and of data classification protect PCI

Data Privacy (new) HIPAA (new) End Users | 1:35 | 3 questions End Users | 1:22 | 3 questions

LEARNING OBJECTIVES LEARNING OBJECTIVES ● Understand privacy settings and how to ● Understand the definition of the Health set them Insurance Portability and Accountability ● Learn how to identify suspicious apps Act and agreements before downloading or ● Prepare to safely share, collect and signing protect PHI

9 Training Modules

Nano-modules (continued)

GDPR (new) Shadow IT (new) End Users | 1:51 | 3 questions End Users | 1:24 | 3 questions

LEARNING OBJECTIVES LEARNING OBJECTIVES ● Understand the meaning and definition of the ● Understand the danger of downloading General Data Protection Regulation (GDPR) apps without approval ● Learn about ‘cookies’ and web trafficcovered ● Learn how to request downloads through by GDPR the proper channels to avoid breach and ● Learn about collecting data, the right to be others forms of loss forgotten and the consequences of non-compliance MFA (new) End Users | 1:15 | 3 questions CCPA (new) End Users | 1:12 | 3 questions LEARNING OBJECTIVES ● Understand the meaning and definition LEARNING OBJECTIVES behind multi-factor authentication (MFA) ● Understand the meaning and definition of the ● Discover types of MFA among the three California Consumer Privacy Act (CCPA) categories (i.e. something you know, ● Learn how to safely share, collect and something you are and something you protect data under CCPA regulation have)

PIPEDA (new) Encryption (new) End Users | 1:09 | 3 questions End Users | 1:13 | 3 questions

LEARNING OBJECTIVES LEARNING OBJECTIVES ● ● Understand the meaning and definition of the Understand encryption at a high-level Personal Information Protection and and how it works to hide private Electronic Documents Act (PIPEDA) - Canada information from prying eyes ● ● Learn how to safely share, collect and Learn about one, well-known algorithm protect data under PIPEDA known as the ‘Caesar cipher’

Sales ‘why’ (new) Vishing (new) End Users | 1:00 | 3 questions End Users | 1:33 | 3 questions

LEARNING OBJECTIVES LEARNING OBJECTIVES ● The ‘why’ security matters for sales ● Understand the method and motive behind personnel at all levels of the department, voice-phishing otherwise known as ‘vishing’ designed to make these employees feel ● Learn that it’s OK to hang up and call back a ‘seen’ and more likely to engage with number that is known and trusted awareness material

10 Training Modules

Nano-modules (continued)

Marketing ‘why’ (new) Service Desk ‘why’ (new) End Users | 1:00 | 3 questions End Users | 55 sec. | 3 questions

LEARNING OBJECTIVES LEARNING OBJECTIVES ● The ‘why’ security matters for marketing ● The ‘why’ security matters for service personnel at all levels of the department, desk personnel at all levels of the designed to make these employees feel department, designed to make these ‘seen’ and more likely to engage with employees feel ‘seen’ and more likely to awareness material engage with awareness material

HR ‘why’ (new) End Users | 1:00 | 3 questions Customer support ‘why’ (new) End Users | 1:00 | 3 questions LEARNING OBJECTIVES ● The ‘why’ security matters for HR LEARNING OBJECTIVES personnel at all levels of the department, ● The ‘why’ security matters for customer designed to make these employees feel support personnel at all levels of the ‘seen’ and more likely to engage with department, designed to make these awareness material employees feel ‘seen’ and more likely to engage with awareness material

Finance ‘why’ (new) End Users | 1:00 | 3 questions Vendor/Supply Chain ‘why’ (new) End Users | 1:03 | 3 questions LEARNING OBJECTIVES ● The ‘why’ security matters for finance LEARNING OBJECTIVES personnel at all levels of the department, ● The ‘why’ security matters for vendor and designed to make these employees feel supply chain personnel at all levels of the ‘seen’ and more likely to engage with department, designed to make these awareness material employees feel ‘seen’ and more likely to engage with awareness material

Exec. Assistant ‘why’ (new) End Users | 1:00 | 3 questions Secure Coding - Introduction (new) Developers and other Technical Employees | 0:59 LEARNING OBJECTIVES ● The ‘why’ security matters for executive LEARNING OBJECTIVES assistant (EA) personnel at all levels of ● Technical training, including secure coding the department, designed to make these training for their development teams. employees feel ‘seen’ and more likely to engage with awareness material

11 Training Modules

Nano-modules (continued) Secure Coding - Patching (new) Developers and other Technical Employees Secure Coding - Authentication and 1:42 | 3 questions Authorization (new) LEARNING OBJECTIVES Developers and other Technical Employees ● Technical training, including secure 1:34 | 3 questions coding training for their development

teams. LEARNING OBJECTIVES ● Technical training, including secure coding training for their development teams. Secure Coding - Source Code (new) Developers and other Technical Employees 1:41 | 3 questions

Secure Coding - Injection (new) LEARNING OBJECTIVES Developers and other Technical Employees ● Technical training, including secure coding 1:40 | 3 questions training for their development teams.

LEARNING OBJECTIVES ● Technical training, including secure

coding training for their development Secure Coding - Static Analysis teams. (new) Developers and other Technical Employees 1:08 | 3 questions

LEARNING OBJECTIVES Secure Coding - Least Priviledge ● Technical training, including secure (new) coding training for their development Developers and other Technical Employees teams. 1:16 | 3 questions

LEARNING OBJECTIVES Secure Coding - Threat Modeling ● Technical training, including secure coding (new) training for their development teams. Developers and other Technical Employees 1:18 | 3 questions

LEARNING OBJECTIVES Secure Coding - OWASP ● Technical training, including secure coding Introduction (new) training for their development teams. Developers and other Technical Employees 1:18 | 3 questions Secure Coding - Vulnerable LEARNING OBJECTIVES Dependencies (new) ● Technical training, including secure Developers and other Technical Employees coding training for their development 1:20 | 3 questions teams. LEARNING OBJECTIVES 12 ● Technical training, including secure coding training for their development teams. Training Modules

Micro-modules (Case-in-points) TRAINING STYLE Because people understand in story and metaphors, Case in Point modules use powerful analogies and narrative interview to educate and encourage users to grasp seemingly inaccessible concepts.

Mobile Security General End Users | 1:40 | Retention Module Travel Secure

General End Users | 1:42 | Retention Module DESCRIPTION

In this module, users will learn about mobile DESCRIPTION device security, how to discern between In this module, users will learn how to secure legitimate and illegitimate applications and and stow devices properly while traveling. lessons learned from true stories of compromise.

Physical Security Password Reuse General End Users | 1:37 | Retention Module General End Users | 1:32 | Retention Module

DESCRIPTION DESCRIPTION In this module, users will learn about the In this module, users will learn about best significant drawbacks of password reuse, the practices for guarding against inside and outside practice of credential stuffing and the necessity threats to the company and personal property to use a password manager. by keeping a clean desk, minimizing tailgating into secure facilities and securely trashing physical material.

Ransomware General End Users | 2:25 | Retention Module Safety Online General End Users | 1:34 | Retention Module DESCRIPTION In this module, users will learn about DESCRIPTION ransomware, backup plans and how to In this module, users will be exposed to basic proactively combat malicious software. domain awareness (HTTP/s and top-level domains) as well as tips for using social media securely and risks of the sharing economy.

13 Training Modules

Micro-modules Vendor Email Compromise (VEC) General End Users | Retention Module (Case-in-points) DESCRIPTION Work From Home (WFH) In this module, users will learn about BEC's General End Users | 2:29 | Retention Module cousin, vendor email compromise (VEC), and how to prevent it from impacting their lives, DESCRIPTION their organizations and the bottom line. In this module, users will learn how to work securely from home. Play to learn more about VPNs, safety online and remote meetings! Synthetic Identity Theft General End Users | 2:37 | Retention Module

Themed Phishing DESCRIPTION In this module, users will learn the value of General End Users | 2:30 | Retention Module personal data to a cybercriminal and the reality

that partial stolen identification can become full DESCRIPTION compromise. In this module, users will learn about themed emails that are designed to convince people to take action. Here's how to spot them! Reporting Suspicious Activity General End Users | 2:52 | Retention Module

Internet of Things (IoT) DESCRIPTION General End Users | 2:39 | Retention Module In this module, users will learn the importance of reporting suspicious activity and key DESCRIPTION indicators on when to do it. In this module, users will learn about internet-connected things, their default settings and how to secure them. Point of Sale (PoS) Security General End Users | 3:56 | Retention Module

DESCRIPTION Cloud Security Threats In this module, users will learn the importance General End Users | 2:36 | Retention Module of correctly securing PoS locations and the risk associated with failing to do so. DESCRIPTION

In this module, users will learn to define 'the cloud,' its vital role in storing and transporting Advanced Financial Social Engineering data securely and how to protect it. General End Users | 3:30 | Retention Module

DESCRIPTION In this module, users will experience how convincing advanced financial social engineering can be and tactics to avoid becoming a victim of it.

14 Training Modules

Big Ideas TRAINING STYLE An expert-driven conversation, where a single security concept is explained in a progressive manner at three levels of difficulty. It begins with a foundational level to explain a concept accessible to all people. It follows with an intermediate discussion accessible to most people, building upon the foundation laid in the first discussion. It concludes with an advanced discussion between an expert and an active professional to flesh out the concept for more advanced and ambitious learners. PII General End Users | 3:57 | 10 Retention Module Questions Privacy General End Users | Retention Module Included LEARNING OBJECTIVES In this module, users will learn about personally LEARNING OBJECTIVES identifiable information (PII), data protection and Privacy: In this module, users will learn the why it's important to prevent breach. benefits and drawbacks of technology, including the reality that it is far too easy to overshare online (e.g. geolocation). General Cybersecurity General End Users | 3:46 | 10 Retention Passwords Module Questions General End Users | 4:03 | 10 Retention Module Questions LEARNING OBJECTIVES In this module, users will learn about basic cybersecurity practices, common violations in LEARNING OBJECTIVES the workplace and how to secure their digital In this module, users will learn about secure lives. password storage, password management across multiple devices and the risks of auto-filling credentials in web browsers. Phishing General End Users | 3:58 | 10 Retention Module Questions

LEARNING OBJECTIVES In this module, users will learn about phishing, different types of phishing and how to prevent against it.

15 Training Modules

Big Ideas (Continued)

Data Classification General End Users | 3:59 | 10 Retention Module Questions

LEARNING OBJECTIVES In this module, users will learn about basic distinctions between public and private data, nuances in classification and that data is everyone's responsibility.

Privileged Permissions General End Users | 4:04 | 10 Retention Module Questions

LEARNING OBJECTIVES In this module, users will learn about what it means to have privileged access, the difference between 'want to know' and 'need to know' and how privileged users are larger targets for cyber attack.

Vishing General End Users | 3:30 | 10 Retention Module Questions

LEARNING OBJECTIVES In this module, users will learn about voice phishing (vishing), a healthy sense of paranoia for combatting scams and red flags to look out for.

16 Training Modules

Role-Based Training Security Trivia (Day in the Life) (101, 102)

HR, Finance, Customer Support, Privileged User, General End User | LS content catalog contains General End User | 1:50 | Retention Module over 300 questions that can be leveraged in the Included Security Trivia training module

TRAINING STYLE DESCRIPTION An antagonist character highlights how poor Multiple choice security trivia centering on the security behavior and decisions within an office fundamentals! can open up that organization to an increased risk of a security incident.

LEARNING OBJECTIVES Security trivia designed to help specific roles (see below) understand a typical day-in-the-life in the context of cyber security and risk. Questions measure overall competence and confidence with security lingo related to the given role.

*Each audience type represents its own module

17 Training Modules

Phishing Skills Threat Insight (101, 102, Mobile) (101, 102)

General End User, Finance, HR, Customer General End User | Up to 10 Questions Per Support, Privileged User | Up to 20 Questions Module Per Module DESCRIPTION DESCRIPTION Survey to measure perceived risk perception of Audience is shown an email, where the cyber threats and perceived susceptibility to participant can hover different sections of the phishing scams. email to understand the context of email in order to determine if the email is a phishing LEARNING OBJECTIVES attack, or a legitimate email. This module is will give the security awareness program owner insight into the actual perception LEARNING OBJECTIVES around risk, threats and decisions of their end Phishing attack indicators, latest phishing users, allowing the owner to make more threats intelligent decisions in maturing their security awareness program

18 Training Modules

Am I Secure? Culture Assessment (101, 102) General End User | Up to 10 Questions

DESCRIPTION Survey to measure perceived cultural dynamics (e.g. process-, compliance-, autonomy- or trust-oriented). Loosely maps to security personality profiling.

General End User | Up to 10 Questions Per Module

DESCRIPTION Survey to measure end user risk at home, work and while traveling.

19 Training Modules

Executive Training

Why Executives Are Targeted Executives | 2:15 | 6 Questions

DESCRIPTION Security trivia designed to help executives understand their elevated access and influence in safeguarding company resources.

Phishing Skills - BEC Am I Secure For Executives Executives | 11 Questions Executives | 12 Questions

DESCRIPTION DESCRIPTION An exercise designed to help executives Survey to measure executive risk in office, at distinguish between Business Email home and while traveling. Compromises (BEC) phishing emails and routine email communications given context clues and the importance of reporting suspicious emails to security/helpdesk. Privacy For Executives Executives | 3:54 | 9 Questions

Understanding the Black Market DESCRIPTION Executives | 3:11 | 8 Questions Security trivia designed to help executives understand privacy implications to their DESCRIPTION personal and professional lives. Security trivia designed to help executives understand the dangers of the underground (black) marketplace and its role in the business of . Travel Secure For Executives

Executives | 5:32 | 9 Questions

Threat Insights For Executives DESCRIPTION Executives | 10 Questions Security trivia designed to help executives understand elevated risk while traveling.

DESCRIPTION

Survey to measure perceived risk perception of

cyber threats and perceived susceptibility of the organization to security breach.

20 Team-based Training (Virtual)

CyberEscape Online: Born Secure: Critical Mass Entrance Exam

General End Users | 45-60 min. General End Users OR Retail Store Employees | 45-60 min. DESCRIPTION Suspicious behavior at Gizmo Corp. leads one DESCRIPTION team of remote investigators on a Jacob Webb has been selected for a top-secret heart-pounding pursuit of a cybercriminal heist Program that trains new recruits on how to which could leak $millions...You are that team! become the world’s best cybersecurity operatives. However, first he must pass a test LEARNING OBJECTIVES known by the community as the “Entrance ● Combat Phishing, Spear-phishing, Voice Exam.” Phishing (Vishing) and SMS-Phishing (Smishing) by identifying red flags that LEARNING OBJECTIVES social engineers leave behind ● Identifying Suspicious Activity & Physical ● Secure a WFH Workspace (7 Deadly Sins Security of Work From Home) ● Social Engineering & Spear Vishing ● Learn Proper Data Classification ● Phishing & Business Email Compromise ● Change Default Credentials and Protect (BEC) IoT Devices ● Identifying Cyber threats ● Discover evidence of Insider Threats & ● Passwords & Passphrases Cyber Criminals ● Incident Response/Reporting/Escalation ● Learn 10 Fundamentals of Security ● Attack Mapping & Critical Thinking Awareness ● Communication & Ethics

INTEGRATED PUZZLES INTEGRATED PUZZLES ● Complete ● Hotspot ● Flags ● Vishing ● Classify ● Craft a Phish ● Unscramble ● Dating Game ● Hotspot ● Emoji Passphrase ● Callfire ● Re-Order ● Vishing ● Attack Mapping ● Feed ● Incident Response

21 Integrated Puzzles (Optional)

Complete (Critical Mass, Custom) Vishing (Critical Mass, Custom) General End Users | ~3 min. General End Users | ~3 min.

DESCRIPTION DESCRIPTION The idea is for users to find The idea is for a user to be faced and fill in the redacted with a choice (choose your own information on the arrest adventure) on how to respond to warrant to link a cyber a simulated, suspicious phone criminal with their crimes. call. Their responses will lead him or her down a decision path LEARNING OBJECTIVES resulting in either a pass By linking an insider threat (successfully deny the attack) or to their crimes the user fail (unsuccessfully deny the will see that insider threats attack). can appear just like you and me! You never LEARNING OBJECTIVES know what a person's intentions might be with By selecting the answer most compelling, the the company access. user will simulate their responses to voice phishing (vishing) attacks in real life. Unscramble (Critical Mass, Custom) Hotspot (Critical Mass, Entrance General End Users | ~3 min. Exam - General/Store, Training Grounds) General End Users | ~3 min.

DESCRIPTION DESCRIPTION The idea is for users to be presented with a The idea is to search and secure a physical scrambled word puzzle challenge, that must be environment by clicking on a violation to fix it unscrambled to reveal a hidden cybersecurity within the allotted time. message. LEARNING OBJECTIVES LEARNING OBJECTIVES By identifying security violations in a virtual Each cybersecurity message is tailor-made to setting, users will learn to recognize similar address specific violations the users experience violations in real life. They will learn to avoid the in real life, as well as progress them through ‘7 deadly sins of security awareness: the gameplay. misinterpreting email legitimacy, reacting impulsively to scams, over-trusting security controls, oversharing on social media, mishandling devices, neglecting suspicious 22 activity and surrendering to security fatigue. Integrated Puzzles (Optional)

Classify (Critical Mass) Scan (Simon Says) General End Users | ~2 min. General End Users | ~2 min.

DESCRIPTION The idea is to properly handle a range of different data and material while categorizing it appropriately. The user will either need to swipe left or swipe right to classify the information into buckets, DESCRIPTION “public” or “private.” The idea is to use a network device scan to LEARNING OBJECTIVES determine which devices are using default By categorizing the information (and learning credentials. The devices using default credentials from any miscategorizations), users will are perfect for cyber criminals to take over! intuitively learn the differences between “internal only,” “confidential,” “private,” “public.” LEARNING OBJECTIVES Understand the risk of failing to change the default credentials on IoT devices and how vulnerable it leaves you. Flags (Critical Mass) General End Users | ~3 min. Camera (Physical Escape Room) General End Users | ~2 min.

DESCRIPTION The idea is to examine emails and determine if they are real or phishing by clicking on the areas that the user thinks are suspicious. DESCRIPTION The idea is to determine the default credentials LEARNING OBJECTIVES to access a network control webpage and learn Learn to recognize phishing identifiers within what what information is considered Personally emails such as: urgency, malicious links, Identifiable Information (PII). malicious attachments, and spoofing. LEARNING OBJECTIVES Understand the risk of not changing default credentials, and better understand what information is considered PII. 23 Integrated Puzzles (Optional)

Phishing (Physical Escape Room) The Social (Simon Says) General End Users | ~3 min. General End Users | ~3 min.

DESCRIPTION The idea is for the user to be presented with two emails and decide which one they think is the more believable phishing email.

LEARNING OBJECTIVES In the process, you will intuitively learn how an DESCRIPTION attacker exploits your trust so you can develop a The idea is for users to find the location of the sharper sense of defending against them. target by searching for his location data posted public on social media.

LEARNING OBJECTIVES In addition to learning the mechanisms through Raw Phish which social media tracks people, users will also (Physical Escape Room) intuitively learn that their privacy is at risk and that steps to reclaim that privacy include removing General End Users | ~2 min. location data from sensitive posts online.

DESCRIPTION The idea is to select which email log is most likely to be malicious by examining the original messages logs.

LEARNING OBJECTIVES In this process, you will intuitively learn how a security operations team uses the headers in a suspicious email to investigate whether or not the email in question is phishing or spam.

24 Integrated Puzzles (Optional)

Social Connection Piktrhub (Physical Escape Room) (Physical Escape Room) General End Users | ~2 min. General End Users | ~2 min.

DESCRIPTION The idea is for players to navigate to a website that requires them to agree to the terms and DESCRIPTION conditions displayed. Players are given feedback The idea is for users to sabotage a person’s social based on if they scroll through the terms and networking account that has been used to spam conditions prior to accepting them. other accounts on the same networking platform. The goal is to go to a site, use the saved LEARNING OBJECTIVES credentials that have been “saved” by the Users will be reminded of the many accounts they browser, and delete all connections. The number have set up online and the common practice of of connections deleted will be used as a skipping through the fine print of an end-user passcode for a larger puzzle. license agreement (EULA). By skipping through the fine print, the users will learn that they are LEARNING OBJECTIVES ignoring infringements of their privacy. Users will learn that cybercriminals commonly create artificial social media profiles and “friend request” targets to gather more information during their reconnaissance phase. By denying such requests, users will protect sensitive personal and corporate information from unnecessary exposure (e.g. database languages, emails, etc.).

25 Integrated Puzzles (Optional)

Craft a Phish V2 Corkboard (Entrance Exam - General, Born Secure (Entrance Exam, Training Grounds) - Store, Training Grounds) General End Users | ~2 min. General End Users | ~2 min.

DESCRIPTION DESCRIPTION The idea is to connect the WHO, WHAT, HOW, and The idea is for users to place themselves inside WHY of attacks carried out by cyber criminals to the mind of a cybercriminal and learn to ‘craft a build a picture of the crimes committed. phishing email’ by using enticing words and

imagery. LEARNING OBJECTIVES

The users will better understand the high level LEARNING OBJECTIVES approach of WHO, WHAT, HOW, and WHY certain By crafting a phishing email from the perspective cyber crimes occur. This will help users to of an attacker, users will intuitively learn ways in increase their ability to prevent attacks from being which people are exploited by trickery and successful or even possible in the first place. persuasion via email. Phishing can be obvious but

it can also look and feel all-too-real. It’s easier to

spot a phishing email when you think like an attacker and not like a victim. Examples of Emoji Passphrase phishing indicators include: Misspelled web links; Unfamiliar file extensions; Prompts to allow (Entrance Exam) unusual programs to download. General End Users | ~1 min.

DESCRIPTION The idea is to solve the cybersecurity riddles and use the emojipedia to determine the creative passphrases.

LEARNING OBJECTIVES The users will intuitively learn the importance and strength of using creative passphrases to secure their accounts.

26 Integrated Puzzles (Optional)

Dating Game Incident Response (Entrance Exam - General, Entrance CYOA (Entrance Exam - General, Exam - Store, Training Grounds) General End Users | ~1 min. Entrance Exam - Store) General End Users | ~1 min. DESCRIPTION The idea is to determine which person has the best DESCRIPTION cyber hygiene by asking them questions and basing The idea is to take the position of your answer off of their responses. response manager and attempt to correctly respond to the many cyber LEARNING OBJECTIVES related problems that can occur at The users will intuitively learn how to improve their work as well as mitigate the attacks cyber hygiene by examining the questions and that weren’t able to be prevented. answers provided by the individuals being examined. It will also help users to better LEARNING OBJECTIVES understand the importance of cyber hygiene and The users will learn about different cyber related that their hygiene affects others as well. incidents and how quickly they can pile up. They will also learn how to identify,respond ,and mitigate these incidents.

Vishing V2 (Entrance Exam - General, Entrance Exam Malware Unscrambler - Store) (Webb of Lies) General End Users | ~1 min. General End Users | ~1 min.

DESCRIPTION The user will step into the mind of a cybercriminal to carry out a vishing call against Western Marketing to understand how criminals manipulate and lie to steal information from victims.

LEARNING OBJECTIVES The users will intuitively learn how to identify vishing attacks and defend themselves against DESCRIPTION them by better understanding the tactics used The idea is for users to be presented with a by cyber criminals. malware scrambled word puzzle challenge, that must be unscrambled to reveal a hidden malware definitions.

27