CASE STUDY
From PowerPoint fatigue to award-winning security awareness
Learn how one security manager transformed a 60-year-old Saudi conglomerate's cybersecurity culture.

Almajdouie Group has built an empire spanning six decades across Saudi Arabia. Their diverse business portfolio includes automotive distribution for Hyundai and Peugeot, logistics operations with warehousing and terminals, and steel industries — employing over 2,000 people across multiple industries.
In 2025, this 60-year-old company earned recognition for something entirely different: building an award-winning security awareness program that achieves 93% employee engagement month after month.
The transformation began with Muhammad Jawwad Alam Siddiqi, Information Security Manager at Almajdouie, who partnered with Infosec IQ to reimagine how the company approaches security awareness. Together, they transformed a stale PowerPoint-centered training program into a dynamic, culturally adapted security awareness initiative that employees genuinely anticipate each month.
Jawwad accepting the 2025 CyberForge Cybersecurity Awareness and Training Program Award.
"What started as a necessity became a cultural transformation," says Jawwad. "We didn't just implement a training program. We created something our employees actually look forward to."
From PowerPoint fatigue to pandemic pivot
Almajdouie had been running security awareness programs since 2015, but their approach faced engagement challenges. Jawwad and his team relied on classroom-style sessions across Saudi Arabia's vast geography, traveling to different office locations with PowerPoint presentations that struggled to capture sustained attention.
"We used to go to different locations across the kingdom," explains Jawwad. "We had sessions at various offices, but we knew we needed to evolve our approach."
Then COVID-19 hit, and everything changed. Physical travel became restricted, prompting the team to pivot to Microsoft Teams for online presentations. While this expanded their reach, it didn't address the core engagement challenge.
"Although the reach was better, we realized we couldn't just keep changing PowerPoint presentations every month," says Jawwad. "Everyone gets bored with the same format. But with an online solution, employees don't know what new topic will come next — there's an element of surprise and anticipation."
The management team recognized an opportunity to make the training something employees would look forward to rather than simply expect. They wanted variety, engagement and content that employees would actually remember and apply — both at work and at home.
These training videos are now part of our organizational culture. Everyone knows they have to complete training every month, and they look forward to it.
Finding the perfect training partner
In 2022, Almajdouie launched a comprehensive Request for Proposal (RFP) process for a learning management solution. Jawwad and his team evaluated multiple vendors, conducting proof-of-concept tests with most of them, including several market leaders.
"We had many vendors coming to us, and we did a POC with most of them," he explains. "We evaluated Infosec IQ and your major competitors." But one feature distinguished Infosec IQ from the competition: its sophisticated grading and ranking system.
Jawwad used the Infosec IQ dashboards and grading system as the foundation of his engagement strategy.
"The grading system was your unique selling point — the way you grade employees, the way rankings are done for groups, departments and line managers," says Jawwad. "That's what made us choose you over another solution.”
The grading system wasn't just a nice-to-have feature for Jawwad — it was the foundation of his engagement strategy. He envisioned using it to create friendly competition across the organization while driving meaningful participation.
"I had a plan to use your grading system to enhance our training completion. We now conduct an annual competition based on these rankings."
Equally important was Infosec IQ's content versatility. With a diverse, multilingual workforce where 60-65% of users are native Arabic speakers, Jawwad needed flexible language options. "Our preference is for videos that have at least Arabic subtitles available," he says. "Only at the manager level are we comfortable with English-only content."
FREE EBOOK
Security awareness champions
Don't rely on theoretical strategies or generic best practices to build a successful security awareness program. Follow the real success stories from organizations just like yours that have transformed culture and delivered significant results.

Building a program across diverse employee groups
Almajdouie's implementation strategy acknowledges the reality of its diverse workforce. With over 2,000 employees ranging from executives to warehouse staff to automotive technicians, a one-size-fits-all approach simply wouldn't work.
Dual-track training approach
For employees with computer access, Jawwad runs monthly campaigns requiring at least five minutes of training, with managers receiving additional specialized content targeting 10 minutes per month. "All managers take extra training for specialized subjects,” explains Jawwad, adding that they like the role-based series in Infosec IQ.
But what about employees without computer access? Jawwad developed an innovative hybrid solution. "We have many employees in operations — technicians, warehouse storekeepers, retail staff in our vehicle showrooms who don't have system access," he says. "For them, we download videos from the portal and upload them into another LMS for in-person classroom sessions."
These offline employees receive quarterly training sessions lasting 30–40 minutes, covering the same curriculum that online employees complete over the same period. This inclusive approach ensures comprehensive coverage across all employee groups.
Strategic content curation
Jawwad's content strategy balances engagement with cultural relevance. He mixes formats strategically: games prove particularly popular, and he's especially fond of the Hacker Headlines training series.
“This series is excellent,” says Jawwad. Hacker Headlines ties security awareness topics to real-world events — and teaches employees how to recognize and defend against popular cyber threats.
Infosec IQ content, like this deepfakes episode from the Hacker Headlines series, is translated into more than 30 languages, including Arabic.
Cultural sensitivity remains a priority throughout content selection. "We review everything because we must consider cultural differences,” he explains. “Not all videos suit our environment.” He uses videos from different series in the Infosec IQ library to create a “thoughtful mix.”
Role-based targeting adds another layer of precision. "Managers are more likely to travel, so they may receive a video on travel security, while password training applies to everyone."
Achieving results through gamification and recognition
The numbers speak for themselves. Almajdouie consistently maintains over 93% training completion rates month after month. They use the Infosec IQ grade dashboard for internal competitions that transform cybersecurity training from obligation into anticipation.
Creating champions at every level
"Every year, the best employee, best line manager, best department, best company and best group win prizes," Jawwad explains. "We send out announcements, and the group president meets them personally."
The recognition program goes far beyond simple certificates. Winners receive trophies, their photos are published across social media accounts and internal news portals, and their achievements are displayed on digital marketing screens throughout the company premises. This multi-channel celebration ensures maximum visibility and reinforces a powerful message: cybersecurity excellence matters at Almajdouie.
The ripple effect of healthy competition
The competitive element creates a powerful cascading effect throughout the organization. Line managers actively monitor their team's performance because their own rankings depend on it. "If a manager wants to move toward number one, he knows there are employees in his team who aren't performing, so he will encourage them,” says Jawwad.
The transformation extends far beyond completion metrics. Monthly phishing campaigns keep employees engaged with varying schedules and customized templates. Jawwad's team enhances Infosec IQ's templates with local touches, adding Arabic content and cultural relevance. "We customize according to our environment — some of our official emails are both English and Arabic."
Perhaps most telling is how the culture has shifted: their CSO not only anticipates monthly training but shares the videos with his family. "He says these videos aren't just for himself, but for his family also."
The grading and ranking system of Infosec IQ is really helping us. Without it, achieving more than 90% training completion every month would not have been possible.
The three pillars of cybersecurity training success
When asked about the key factors driving Almajdouie's remarkable transformation, Jawwad identifies three strategic pillars that any organization can implement:

1. Content that connects
"The Infosec IQ content is short, crisp and easy to comprehend," Jawwad emphasizes. "The language isn't difficult for non-native English speakers. If you have a 10-minute video, no one will watch it every month. But five minutes is manageable, and if you can convey your message in that time, people wait for the next installment."
The takeaway: Quality beats quantity every time. Employees crave digestible, relevant content that respects their time while delivering real value.

2. Competition that motivates
The internal ranking system creates accountability at every organizational level. "The managing director of one of our brands — his grade is impacted by who reports to him, so it trickles down," Jawwad explains. When incentives combine with public recognition and leadership engagement, the result is organization-wide momentum.
The takeaway: Make cybersecurity performance visible and rewarding. When leaders' success depends on their team's security awareness, everyone wins.

3. Culture that sustains
Success transcends any single platform — it's about embedding cybersecurity into organizational DNA. "These training videos are now part of our organizational culture. Everyone knows they have to complete training every month, and they look forward to it," Jawwad notes.
The takeaway: Transform compliance from checkbox to culture. When security awareness becomes "how we do things here," sustainable change follows.
Transformation in action
The evidence of this cultural shift appears everywhere. Employees now proactively report suspicious WhatsApp messages from their personal devices, seeking guidance on potential threats. "People are more aware, more cautious,” says Jawwad. “Our objective is being achieved.”
Perhaps most telling: employees actively seek out their training. "There's a buzz now — people look forward to it."
Build awareness. Transform your culture.
See for yourself how Infosec IQ will empower your employees to outsmart cybercrime at work and at home. With over 2,000 awareness resources and phishing simulations, it’s easy to keep your employees secure and engaged in training, regardless of their location, preferred language or learning style.


Customer
Almajdouie Group
Industry
Logistics, automotive, manufacturing, food, steel, real estate and training
Products
- Infosec IQ
Customer Needs
- Engaging training
- Multilingual content
- Grading system
- Online and offline training