Book a call
Menu
763-332-9976
Book a call
Home
/
Services
/
human risk reduction
Human risk reduction

Security awareness training

Behavior change that holds under real pressure — not a once-a-year checkbox. Phishing simulations, department tracks, role-based paths, and framework-mapped completion records.

Book a scoping call
All services
  • Launch in 3–14 days from kickoff
  • Under 50 to 400+ employees
  • Framework-mapped: SOC 2, HIPAA, ISO 27001

Training that actually changes behavior

Most security awareness programs are compliance theater — a module people click through once a year. We build programs designed around behavior change: phishing simulations with real feedback loops, department-specific content that feels relevant, and metrics that show whether it is actually working.

Platform license for awareness training tools (KnowBe4, Proofpoint, etc.) is client-paid where applicable. ISPH configures and manages the program.

Pricing tiers

Launch
$900–$1,800
per month · ~4–6 hrs/month · Launch: 1–2 weeks
Overage: $185/hr · Platform license (KnowBe4, Proofpoint, etc.) client-paid
  • Monthly security awareness module (pre-built, industry-relevant)
  • Monthly phishing simulation (standard template)
  • Completion tracking and compliance reporting
  • Annual policy acknowledgment workflow
  • GRC platform evidence sync (Drata or Vanta)
Growth · Most popular
$1,800–$3,200
per month · ~7–10 hrs/month · Launch: 1 week
Overage: $195/hr
  • Everything in Launch, plus:
  • Department-specific training tracks (engineering, finance, HR, operations)
  • Bi-monthly phishing simulations (intermediate campaigns)
  • Monthly security newsletter (pre-templated, customizable)
  • Training effectiveness metrics (click rates, completion rates, trends)
  • New hire onboarding security training
  • Quarterly awareness program report
  • Role-based training paths (admin, developer, executive, operations)
Scale
$3,200–$6,000+
per month · ~14–25 hrs/month · Launch: 3–5 days
Overage: $225/hr
  • Everything in Growth, plus:
  • Fully branded, white-labeled training program
  • Advanced phishing simulations (spear phishing, vishing, pretexting)
  • 1 custom training module per quarter
  • Insider threat awareness module
  • Executive and board security briefing (annual)
  • Security champions program design and management
  • Framework-mapped training records (SOC 2, HIPAA, ISO 27001)
  • Annual program benchmark against industry standards

Bundle recommendation

  • Bundle with Policy and Procedure Development — training is most effective when staff are trained on the policies they are acknowledging
  • Add tabletop exercises to stress-test whether training has changed behavior when it matters most

Training is most effective when staff know the policies they are acknowledging.

Bundle with Policy and Procedure Development — and add tabletop exercises to stress-test whether the training has changed behavior.

Talk to a practitioner