pinkpixel-dev/implementing-anti-phishing-training-program
SKILLS/implementing-anti-phishing-training-program/SKILL.md
Security awareness training is the human layer of phishing defense. An effective anti-phishing training program combines regular simulations, interactive learning modules, metric tracking, and positiv
$ install --global
skillsauthnpx skillsauth add pinkpixel-dev/skills-collection-2 implementing-anti-phishing-training-programInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 16, 2026, 1:50 AM4.3s7 files scanned
SKILL.md
- name:
- implementing-anti-phishing-training-program
- description:
- Security awareness training is the human layer of phishing defense. An effective anti-phishing training program combines regular simulations, interactive learning modules, metric tracking, and positiv
- domain:
- cybersecurity
- subdomain:
- phishing-defense
- tags:
- [phishing, email-security, social-engineering, dmarc, awareness, training, security-culture]
- version:
- 1.0
- author:
- mahipal
- license:
- Apache-2.0
Implementing Anti-Phishing Training Program
Overview
Security awareness training is the human layer of phishing defense. An effective anti-phishing training program combines regular simulations, interactive learning modules, metric tracking, and positive reinforcement to build a security-conscious culture. This skill covers designing, deploying, and measuring a comprehensive phishing awareness program using platforms like KnowBe4, Proofpoint Security Awareness, and open-source alternatives.
When to Use
- When deploying or configuring implementing anti phishing training program capabilities in your environment
- When establishing security controls aligned to compliance requirements
- When building or improving security architecture for this domain
- When conducting security assessments that require this implementation
Prerequisites
- Management buy-in and budget approval
- Security awareness training platform (KnowBe4, Proofpoint SAT, Cofense)
- Employee email list and organizational structure
- Baseline phishing susceptibility data (from initial simulation)
- Learning management system (LMS) integration capability
Key Concepts
Training Program Pillars
- Baseline Assessment: Initial phishing simulation to measure current susceptibility
- Interactive Training: Role-based modules covering phishing identification
- Regular Simulations: Monthly/quarterly phishing tests with progressive difficulty
- Just-in-Time Learning: Immediate training after a user fails a simulation
- Positive Reinforcement: Recognition for reporting phishing correctly
- Metrics & Reporting: Track improvement over time by department and role
SANS Security Awareness Maturity Model
- Level 1: Non-existent - No program
- Level 2: Compliance-focused - Annual checkbox training
- Level 3: Promoting Awareness - Engaging, regular content
- Level 4: Long-term Sustainment - Continuous program with culture change
- Level 5: Metrics Framework - Risk-based measurement and optimization
Workflow
Step 1: Establish Baseline
- Run initial phishing simulation across all departments
- Measure click rate, submit rate, and report rate
- Identify high-risk departments and roles
Step 2: Design Curriculum
- General awareness: Phishing identification basics for all employees
- Role-specific: Finance (BEC/wire fraud), IT (credential phishing), Executives (whaling)
- Progressive difficulty: Beginner, intermediate, advanced modules
- Micro-learning: Short (3-5 minute) frequent sessions vs. annual marathon
Step 3: Deploy Training Platform
- Configure KnowBe4/Proofpoint SAT with organizational groups
- Set up automated enrollment workflows
- Integrate with LMS for completion tracking
- Configure reporting dashboards
Step 4: Run Continuous Simulations
- Monthly simulations with varied scenarios
- Increase difficulty based on organizational performance
- Include diverse attack types: links, attachments, QR codes, BEC
Step 5: Measure and Optimize
Use scripts/process.py to analyze training completion, simulation results, and program effectiveness over time.
Tools & Resources
- KnowBe4: https://www.knowbe4.com/
- Proofpoint Security Awareness: https://www.proofpoint.com/us/products/security-awareness-training
- Cofense PhishMe: https://cofense.com/
- SANS Security Awareness: https://www.sans.org/security-awareness-training/
- Terranova Security: https://terranovasecurity.com/
Validation
- 90%+ training completion rate across organization
- Measurable reduction in phishing click rate over 6 months
- Increase in user phishing report rate
- Department-level improvement tracking
Related Skills
pinkpixel-dev/implementing-rapid7-insightvm-for-scanning
development
VerifiedTrustedCommunity
Deploy and configure Rapid7 InsightVM Security Console and Scan Engines for authenticated and unauthenticated vulnerability scanning across enterprise environments.
1SKILL.mdUpdated May 29, 2026
pinkpixel-dev/implementing-ransomware-kill-switch-detection
testing
VerifiedTrustedCommunity
Detects and exploits ransomware kill switch mechanisms including mutex-based execution guards, domain-based kill switches, and registry-based termination checks. Implements proactive mutex vaccination and kill switch domain monitoring to prevent ransomware from executing. Activates for requests involving ransomware kill switch analysis, mutex vaccination, WannaCry-style domain kill switches, or malware execution guard detection.
1SKILL.mdUpdated May 29, 2026
pinkpixel-dev/implementing-ransomware-backup-strategy
testing
VerifiedTrustedCommunity
Designs and implements a ransomware-resilient backup strategy following the 3-2-1-1-0 methodology (3 copies, 2 media types, 1 offsite, 1 immutable/air-gapped, 0 errors on restore verification). Configures backup schedules aligned to RPO/RTO requirements, implements backup credential isolation to prevent ransomware from compromising backup infrastructure, and establishes automated restore testing. Activates for requests involving ransomware backup planning, backup resilience, air-gapped backup design, or backup recovery point objective configuration.
1SKILL.mdUpdated May 29, 2026
pinkpixel-dev/implementing-purdue-model-network-segmentation
testing
VerifiedTrustedCommunity
Implement network segmentation based on the Purdue Enterprise Reference Architecture (PERA) model to separate industrial control system networks into hierarchical security zones from Level 0 physical process through Level 5 enterprise, enforcing strict traffic control between OT and IT domains.
1SKILL.mdUpdated May 29, 2026