implementing-anti-phishing-training-program

$npx mdskill add mukul975/Anthropic-Cybersecurity-Skills/implementing-anti-phishing-training-program

Design phishing defense programs using simulations and compliance metrics.

  • Build security culture through interactive training and simulated attacks.
  • Integrates KnowBe4, Proofpoint SAT, and open-source alternatives.
  • Decides content based on organizational structure and compliance needs.
  • Delivers dashboards tracking click rates and training completion.

SKILL.md

.github/skills/implementing-anti-phishing-training-programView on GitHub ↗
---
name: implementing-anti-phishing-training-program
description: Security awareness training is the human layer of phishing defense. An effective anti-phishing training program combines regular simulations, interactive learning modules, metric tracking, and positiv
domain: cybersecurity
subdomain: phishing-defense
tags: [phishing, email-security, social-engineering, dmarc, awareness, training, security-culture]
version: "1.0"
author: mahipal
license: Apache-2.0
---
# Implementing Anti-Phishing Training Program

## Overview
Security awareness training is the human layer of phishing defense. An effective anti-phishing training program combines regular simulations, interactive learning modules, metric tracking, and positive reinforcement to build a security-conscious culture. This skill covers designing, deploying, and measuring a comprehensive phishing awareness program using platforms like KnowBe4, Proofpoint Security Awareness, and open-source alternatives.


## When to Use

- When deploying or configuring implementing anti phishing training program capabilities in your environment
- When establishing security controls aligned to compliance requirements
- When building or improving security architecture for this domain
- When conducting security assessments that require this implementation

## Prerequisites
- Management buy-in and budget approval
- Security awareness training platform (KnowBe4, Proofpoint SAT, Cofense)
- Employee email list and organizational structure
- Baseline phishing susceptibility data (from initial simulation)
- Learning management system (LMS) integration capability

## Key Concepts

### Training Program Pillars
1. **Baseline Assessment**: Initial phishing simulation to measure current susceptibility
2. **Interactive Training**: Role-based modules covering phishing identification
3. **Regular Simulations**: Monthly/quarterly phishing tests with progressive difficulty
4. **Just-in-Time Learning**: Immediate training after a user fails a simulation
5. **Positive Reinforcement**: Recognition for reporting phishing correctly
6. **Metrics & Reporting**: Track improvement over time by department and role

### SANS Security Awareness Maturity Model
- **Level 1**: Non-existent - No program
- **Level 2**: Compliance-focused - Annual checkbox training
- **Level 3**: Promoting Awareness - Engaging, regular content
- **Level 4**: Long-term Sustainment - Continuous program with culture change
- **Level 5**: Metrics Framework - Risk-based measurement and optimization

## Workflow

### Step 1: Establish Baseline
- Run initial phishing simulation across all departments
- Measure click rate, submit rate, and report rate
- Identify high-risk departments and roles

### Step 2: Design Curriculum
- **General awareness**: Phishing identification basics for all employees
- **Role-specific**: Finance (BEC/wire fraud), IT (credential phishing), Executives (whaling)
- **Progressive difficulty**: Beginner, intermediate, advanced modules
- **Micro-learning**: Short (3-5 minute) frequent sessions vs. annual marathon

### Step 3: Deploy Training Platform
- Configure KnowBe4/Proofpoint SAT with organizational groups
- Set up automated enrollment workflows
- Integrate with LMS for completion tracking
- Configure reporting dashboards

### Step 4: Run Continuous Simulations
- Monthly simulations with varied scenarios
- Increase difficulty based on organizational performance
- Include diverse attack types: links, attachments, QR codes, BEC

### Step 5: Measure and Optimize
Use `scripts/process.py` to analyze training completion, simulation results, and program effectiveness over time.

## Tools & Resources
- **KnowBe4**: https://www.knowbe4.com/
- **Proofpoint Security Awareness**: https://www.proofpoint.com/us/products/security-awareness-training
- **Cofense PhishMe**: https://cofense.com/
- **SANS Security Awareness**: https://www.sans.org/security-awareness-training/
- **Terranova Security**: https://terranovasecurity.com/

## Validation
- 90%+ training completion rate across organization
- Measurable reduction in phishing click rate over 6 months
- Increase in user phishing report rate
- Department-level improvement tracking

More from mukul975/Anthropic-Cybersecurity-Skills

SkillDescription
acquiring-disk-image-with-dd-and-dcflddCreate forensically sound bit-for-bit disk images using dd and dcfldd while preserving evidence integrity through hash verification.
analyzing-active-directory-acl-abuseDetect dangerous ACL misconfigurations in Active Directory using ldap3 to identify GenericAll, WriteDACL, and WriteOwner abuse paths
analyzing-android-malware-with-apktoolPerform static analysis of Android APK malware samples using apktool for decompilation, jadx for Java source recovery, and androguard for permission analysis, manifest inspection, and suspicious API call detection.
analyzing-api-gateway-access-logs>
analyzing-apt-group-with-mitre-navigatorAnalyze advanced persistent threat (APT) group techniques using MITRE ATT&CK Navigator to create layered heatmaps of adversary TTPs for detection gap analysis and threat-informed defense.
analyzing-azure-activity-logs-for-threats>
analyzing-bootkit-and-rootkit-samples>
analyzing-browser-forensics-with-hindsightAnalyze Chromium-based browser artifacts using Hindsight to extract browsing history, downloads, cookies, cached content, autofill data, saved passwords, and browser extensions from Chrome, Edge, Brave, and Opera for forensic investigation.
analyzing-campaign-attribution-evidenceCampaign attribution analysis involves systematically evaluating evidence to determine which threat actor or group is responsible for a cyber operation. This skill covers collecting and weighting attr
analyzing-certificate-transparency-for-phishingMonitor Certificate Transparency logs using crt.sh and Certstream to detect phishing domains, lookalike certificates, and unauthorized certificate issuance targeting your organization.