From PowerPoint fatigue to award-winning security awareness

In 2025, this 60-year-old company earned recognition for something entirely different: building an award-winning security awareness program that achieves 93% employee engagement month after month. 

The transformation began with Muhammad Jawwad Alam Siddiqi, Information Security Manager at Almajdouie, who partnered with Infosec IQ to reimagine how the company approaches security awareness. Together, they transformed a stale PowerPoint-centered training program into a dynamic, culturally adapted security awareness initiative that employees genuinely anticipate each month. 

Jawwad accepting the 2025 CyberForge Cybersecurity Awareness and Training Program Award. 

"What started as a necessity became a cultural transformation," says Jawwad. "We didn't just implement a training program. We created something our employees actually look forward to." 

From PowerPoint fatigue to pandemic pivot

Almajdouie had been running security awareness programs since 2015, but their approach faced engagement challenges. Jawwad and his team relied on classroom-style sessions across Saudi Arabia's vast geography, traveling to different office locations with PowerPoint presentations that struggled to capture sustained attention. 

"We used to go to different locations across the kingdom," explains Jawwad. "We had sessions at various offices, but we knew we needed to evolve our approach." 

Then COVID-19 hit, and everything changed. Physical travel became restricted, prompting the team to pivot to Microsoft Teams for online presentations. While this expanded their reach, it didn't address the core engagement challenge. 

"Although the reach was better, we realized we couldn't just keep changing PowerPoint presentations every month," says Jawwad. "Everyone gets bored with the same format. But with an online solution, employees don't know what new topic will come next — there's an element of surprise and anticipation." 

The management team recognized an opportunity to make the training something employees would look forward to rather than simply expect. They wanted variety, engagement and content that employees would actually remember and apply — both at work and at home. 

Finding the perfect training partner 

In 2022, Almajdouie launched a comprehensive Request for Proposal (RFP) process for a learning management solution. Jawwad and his team evaluated multiple vendors, conducting proof-of-concept tests with most of them, including several market leaders. 

"We had many vendors coming to us, and we did a POC with most of them," he explains. "We evaluated Infosec IQ and your major competitors." But one feature distinguished Infosec IQ from the competition: its sophisticated grading and ranking system. 

Jawwad used the Infosec IQ dashboards and grading system as the foundation of his engagement strategy.

"The grading system was your unique selling point — the way you grade employees, the way rankings are done for groups, departments and line managers," says Jawwad. "That's what made us choose you over another solution.” 

The grading system wasn't just a nice-to-have feature for Jawwad — it was the foundation of his engagement strategy. He envisioned using it to create friendly competition across the organization while driving meaningful participation. 

"I had a plan to use your grading system to enhance our training completion. We now conduct an annual competition based on these rankings." 

Equally important was Infosec IQ's content versatility. With a diverse, multilingual workforce where 60-65% of users are native Arabic speakers, Jawwad needed flexible language options. "Our preference is for videos that have at least Arabic subtitles available," he says. "Only at the manager level are we comfortable with English-only content." 

Building a program across diverse employee groups 

Almajdouie's implementation strategy acknowledges the reality of its diverse workforce. With over 2,000 employees ranging from executives to warehouse staff to automotive technicians, a one-size-fits-all approach simply wouldn't work. 

Dual-track training approach 

For employees with computer access, Jawwad runs monthly campaigns requiring at least five minutes of training, with managers receiving additional specialized content targeting 10 minutes per month. "All managers take extra training for specialized subjects,” explains Jawwad, adding that they like the role-based series in Infosec IQ. 

But what about employees without computer access? Jawwad developed an innovative hybrid solution. "We have many employees in operations — technicians, warehouse storekeepers, retail staff in our vehicle showrooms who don't have system access," he says. "For them, we download videos from the portal and upload them into another LMS for in-person classroom sessions." 

These offline employees receive quarterly training sessions lasting 30–40 minutes, covering the same curriculum that online employees complete over the same period. This inclusive approach ensures comprehensive coverage across all employee groups. 

Strategic content curation  

Jawwad's content strategy balances engagement with cultural relevance. He mixes formats strategically: games prove particularly popular, and he's especially fond of the Hacker Headlines training series. 

“This series is excellent,” says Jawwad. Hacker Headlines ties security awareness topics to real-world events — and teaches employees how to recognize and defend against popular cyber threats. 

Infosec IQ content, like this deepfakes episode from the Hacker Headlines series, is translated into more than 30 languages, including Arabic.

Cultural sensitivity remains a priority throughout content selection. "We review everything because we must consider cultural differences,” he explains. “Not all videos suit our environment.” He uses videos from different series in the Infosec IQ library to create a “thoughtful mix.” 

Role-based targeting adds another layer of precision. "Managers are more likely to travel, so they may receive a video on travel security, while password training applies to everyone." 

Achieving results through gamification and recognition 

The numbers speak for themselves. Almajdouie consistently maintains over 93% training completion rates month after month. They use the Infosec IQ grade dashboard for internal competitions that transform cybersecurity training from obligation into anticipation. 

Creating champions at every level  

"Every year, the best employee, best line manager, best department, best company and best group win prizes," Jawwad explains. "We send out announcements, and the group president meets them personally." 

The recognition program goes far beyond simple certificates. Winners receive trophies, their photos are published across social media accounts and internal news portals, and their achievements are displayed on digital marketing screens throughout the company premises. This multi-channel celebration ensures maximum visibility and reinforces a powerful message: cybersecurity excellence matters at Almajdouie. 

The ripple effect of healthy competition  

The competitive element creates a powerful cascading effect throughout the organization. Line managers actively monitor their team's performance because their own rankings depend on it. "If a manager wants to move toward number one, he knows there are employees in his team who aren't performing, so he will encourage them,” says Jawwad. 

The transformation extends far beyond completion metrics. Monthly phishing campaigns keep employees engaged with varying schedules and customized templates. Jawwad's team enhances Infosec IQ's templates with local touches, adding Arabic content and cultural relevance. "We customize according to our environment — some of our official emails are both English and Arabic." 

Perhaps most telling is how the culture has shifted: their CSO not only anticipates monthly training but shares the videos with his family. "He says these videos aren't just for himself, but for his family also." 

The three pillars of cybersecurity training success 

When asked about the key factors driving Almajdouie's remarkable transformation, Jawwad identifies three strategic pillars that any organization can implement: 

Transformation in action 

The evidence of this cultural shift appears everywhere. Employees now proactively report suspicious WhatsApp messages from their personal devices, seeking guidance on potential threats. "People are more aware, more cautious,” says Jawwad. “Our objective is being achieved.” 

Perhaps most telling: employees actively seek out their training. "There's a buzz now — people look forward to it."