2022: A year of cybersecurity education with Infosec
January 24, 2023
2022 was another exciting year here at Infosec as we expanded and improved our cybersecurity training resources to educate every learner at your organization — from the general workforce to IT, security and engineering. Two fun facts: We launched over 600 new PhishSim templates and 81 hands-on labs. Curious to learn more about what we’ve been up to? Check out the table of contents below to explore your areas of interest:
In 2022, we expanded our simulated phishing and training libraries by:
Completing our Just the Facts series
Completing our Need to Know series
Releasing 26 new modules
Newsletter downloads = On average, 100 per month!
Adding over 600 new PhishSim templates to Infosec IQ
We trained over 3.4 million learners who sharpened their cybersecurity skills by:
Watching over 640K hours of security awareness training content
Increasing the number of potentially malicious emails reported by 200% using PhishNotify
Successfully identifying and reporting over 1 million simulated phishing emails using PhishNotify
Educating employees on cybersecurity events
Our teams prepared timely training content to familiarize employees on the cybersecurity events and common trends that happened throughout 2022:
Russian Cybersecurity Threats: At the beginning of 2022, we produced this training video to help educate employees on the potential Russian cyberwarfare and what they can expect to see (and not see) with our cybersecurity expert, Keatron Evans – Principal Cybersecurity Advisor at Infosec.
Cybersecurity Awareness Month: In October, we helped customers take their training to the next level with our FREE Cybersecurity Awareness Month toolkit that included everything organizations need to stay off the hacker’s leaderboard
Hacked for the Holidays: To help employees outsmart cybercrime during the holiday season (and beyond), we created our Hacked for the Holidays toolkit that included a communication plan, holiday-themed posters, a training module and matching assessment to test employee knowledge and share best practices for staying cyber-safe.
Providing actionable data to positively change employee behaviors
Infosec IQ’s reporting tool automatically surfaces your most impactful data through visualizations. So you can spend less time gathering, analyzing and interpreting data and more time addressing your greatest vulnerabilities. This year we added four new system dashboards that:
Enhance your organization’s visibility into human risk and behaviors
Help you surface the right metrics to the right audience
Enhanced visibility into human risk and behaviors
Infosec IQ makes it easy to estimate the cyber risk of every employee by tracking each interaction with our training and phishing simulations. Employees are assigned a learner grade based on their security risk derived from 22 behaviors and customizable grading criteria. Positive security behaviors, such as reporting suspicious emails and completing training courses, improve the learner’s grade. In contrast, risky behavior such as clicking or responding to simulated phishing emails decreases their grade.
We’ve surfaced these learner grades to help you assess risk management in cybersecurity into two new dashboards:
Risk dashboard: This allows you to view the breakdown of how many learners fall within each letter grade, as well as see what department is most vulnerable. You can also track your progress quarter over quarter in specific events and behaviors that impact a learner’s grade (positively or negatively).
Risk Report: This gives you a more granular picture of each learner’s performance and overall grade. It also organizes learners into different risk levels based on how many risky events they have taken on our simulated phishing templates.
With these two dashboards, you can personalize the learner’s training experience based on the risk assessment and/or see if action needs to be taken at the organizational level.
Surface the right metrics to the right audience
Having access to the entire platform can be overwhelming. Different teams within your organization, such as an individual in HR, may be interested in different reports than your CISO. Regardless of who’s consuming the data, Infosec IQ has the right reports and dashboards for you to easily share with the right audience.
Here are common use cases we’ve seen implemented (outside of what’s already available):
Showing that your organization offers, and learners actively participate in, a security awareness program — typically due to a state-wide/industry requirement, compliance audit, etc.
Training completion data is sent consistently to the department head and/or Human Resources to track employee performance.
Enhancing the Infosec IQ platform and training experience
Showing exactly what will be sent to what learners and when through section and campaign summaries
Taking the guesswork out of campaign planning by surfacing the settings and configurations that matter most
Providing direct links to content for confirmation that the correct training content is selected
For our Google customers, we released an add-on version of PhishNotify that is directly integrated with Gmail for easier deployment and reporting. This add-on will enable employees to report suspicious messages from any browser or their mobile device
Assess your organization’s phishing susceptibility
What will your employees do when a phishing email hits their inbox? Find out with our free Phishing Risk Test.
Launch the Infosec IQ Phishing Risk Test to send a simulated phishing email to your employees and record the number of recipients who open the email or click the link. This gives you an estimate of your organization’s phishing risk to share with stakeholders and help inform employee training.
Is your team ready to secure and defend against common adversarial tactics and techniques? Last year, we significantly expanded our library of hands-on MITRE ATT&CK training to help your team practice inside real-world environments without any risk. Each tactic includes a series of cloud-hosted labs focused on specific techniques:
Upskilling cybersecurity beginners — plus 11 other cyber roles
Infosec’s 2021 IT and Security Talent Pipeline Study found that hiring managers experiencing recruiting success were 44% more likely to consider candidates with no previous experience. Last year, we expanded our Infosec Skills Roles to include Cybersecurity Beginners — providing a training pathway for quickly upskilling employees and certifying they have a baseline of knowledge for success in the field of cybersecurity.
Check out our Cybersecurity Talent Development Playbook to learn about all 12 Infosec Skills Roles, like SOC Analyst and Cloud Security Engineer, and unlock free sample training plans.
Developers act as your organization’s first line of defense against security threats. Creating a secure development lifecycle helps minimize vulnerabilities from being released into the wild — saving time, money and brand reputation. In 2022, we expanded our self-paced library of training for Secure Coders to include:
OWASP Top Ten: This learning path includes demos, graphics and 20 hands-on labs to teach the details of each risk.
PCI DSS for Developers: This learning path provides engineers with the knowledge and skills needed to design for and maintain continuous compliance.
Secure Coding in Angular: Level up your development team’s security best practices with this learning path covering Angular’s most commonly encountered security risks and how to mitigate vulnerabilities.
Expanding self-paced certification prep and maintenance
Not every team or employee has the ability to attend days of back-to-back live, intensive training — making it challenging to effectively prepare for a new certification or earn continuing professional education credits (CPEs). This is one reason why we created the Infosec Skills on-demand training platform. Here you will find 190+ certification and skill-based learning pathways that can be completed in time blocks that fit any schedule. We have expanded this self-paced library to now include:
(ISC)² System Security Certified Practitioner (SSCP): This 10-hour learning path covers the seven domains of the SSCP certification, ranging from securing information systems and data to overall security operations.
IAPP CIPT: This learning path explores the intersection of technology, data security and policy. This certification is highly recommended for security managers, privacy managers and anyone else within an organization responsible for privacy and compliance.
Fundamentals of Zero Trust: Is your organization beginning or advancing their zero trust program? Security engineers will play a critical role in the how digital systems are designed and secured. Our new Fundamentals of Zero Trust Learning Path will help your team not only understand the core concepts of zero trust in cybersecurity, but how to migrate to a zero trust architecture.
NERC CIP:Help your team understand the security regulations of the Bulk Electric System (BES) and prepare to work with auditors with this self-paced learning path. Your team will be guided through fourteen unique courses covering the creation of NERC and each CIP controlling family.
Threat Intelligence: This self-paced learning path provides an introduction to threat intelligence with theoretical, practical and hands-on fundamentals — giving your team a path towards professional intelligence analysis.
Advanced Python Scripting for Cybersecurity: Take your team’s skills to the next level by training them on advanced applications of Python. Your team will learn how to automate multi-stage attack chains and defensive operations using Python through a series of six courses and five labs.
Accelerating certification readiness
We’ve expanded our catalog of live certification boot camps to help you and your team accelerate certification readiness. In addition to days of live training — online or in person — every Infosec Boot Camp includes Exam Insurance, Exam payment, extended access to live session video recordings and a free 90-day subscription to the Infosec Skills on-demand training platform.
Certified CMMC 2.0 Professional: Start your CMMC journey by becoming a Certified CMMC Professional (CCP)! This five-day boot camp provides a comprehensive overview of the new Cybersecurity Maturity Model Certification requirements and prepares you to earn your Certified CMMC Professional (CCP), which is the first step to becoming a CMMC-AB Certified Assessor.
CompTIA Cloud+: Adopting a vendor-neutral approach, this course will provide you and your team with an understanding of essential cloud concepts. Students will leave with the knowledge required to pass the Cloud+ exam, the only cloud-focused certification approved for DoD 8570.01-M.
CompTIA Data+: With data playing an ever-increasing role in today’s business and technology landscape, the demand for skilled data professionals is higher than ever. Upon completion of this course, you and your team will have the knowledge needed to pass the CompTIA Data+ exam as well as valuable data skills for nearly any industry or role.
What is Infosec IQ? Infosec IQ security awareness and training platform empowers employees with the knowledge and skills to reduce their overall cyber risk. With 2,000+ of the highest quality and interactive training resources in different styles, formats, themes and languages, organizations are better equipped to prepare their employees to detect, report and defeat cybercrime. Every aspect of the platform can be tailored to match your organization’s culture, employees’ learning preferences, and executives’ business needs.
What is Infosec Skills? Infosec Skills provides technical teams access to the widest and deepest library of on-demand cybersecurity training to help upskill and reskill in the security domains that matter most. Training is mapped to popular cyber roles, such as SOC Analyst and Cloud Security Engineer, as well as industry standards like the NICE Workforce Framework for Cybersecurity, MITRE ATT&CK® Matrix and DoD 8570.01-m. With 1,400+ unique courses and hundreds of hands-on labs, teams can assign pre-built learning plans or customize their own to fit unique business objectives.
What are Infosec Boot camps? Infosec Boot Camps offers a variety of live, instructor-led certification training for IT and cybersecurity professionals however they learn best and certify their technical skills — guaranteed. Classroom-style training from industry experts, live online or in person, gives students the opportunity to ask questions to maximize exam readiness. Additionally, students have access to on-demand resources in the Infosec Skills platform to increase knowledge and skill development before, during and after their boot camp.
Developers act as your organization’s first line of defense against security threats. Creating a secure development lifecycle helps minimize vulnerabilities from being released into the wild — saving time, money and brand reputation. In 2022, we expanded our self-paced library of training for Secure Coders to include: