Skip to Content
Training & Awareness

Training & Awareness

Every team member completes security training before accessing client systems, with ongoing education throughout their employment.

Training Program

Onboarding Training

Every new team member completes security awareness training before beginning client work:

Topics Covered:

  • Information security fundamentals
  • Data handling and classification
  • Phishing and social engineering recognition
  • Acceptable use of systems and tools
  • Password and authentication best practices
  • Incident reporting procedures
  • Confidentiality obligations

Format: Self-paced online modules with knowledge verification

Completion Requirement: Must pass assessment before accessing any client systems

Quarterly Refresher Training

All team members complete refresher training every quarter:

Purpose:

  • Reinforce core security concepts
  • Address emerging threats and attack patterns
  • Update on policy or procedural changes
  • Review real-world incidents (anonymized) for learning

Topics Rotate Through:

  • Phishing simulation results and lessons
  • New threat landscape updates
  • Tool-specific security features
  • Client data handling reminders
  • Physical security (for those with hardware)

Tracking: Completion tracked and required for continued project access

Role-Specific Training

Additional training based on job function:

RoleAdditional Training
EngineersSecure coding practices, dependency management, secrets handling
Data AnalystsData privacy, PII handling, query security
Project ManagersClient communication protocols, access request procedures
All with cloud accessCloud security fundamentals, IAM best practices

Phishing Awareness

Simulated Phishing

We conduct periodic phishing simulations:

  • Realistic phishing emails sent to team members
  • Tracks who clicks, who reports
  • Immediate educational feedback for those who click
  • Results inform training focus areas

Reporting Culture

We encourage reporting of suspicious communications:

  • No penalty for reporting false positives
  • Recognition for catching real threats
  • Clear escalation path for concerns
  • Rapid response to reported threats

Security Culture

Continuous Reinforcement

  • Security tips in team communications
  • Lessons shared from industry incidents
  • Open discussion of security topics in team meetings
  • Encouragement to ask questions

Accountability

  • Training completion is a condition of employment
  • Repeated security violations addressed through HR process
  • Positive security behaviors recognized

Client-Specific Training

When client engagements have specific requirements:

  • We complete any required client security training
  • Team members acknowledge client-specific policies
  • Additional certifications obtained if required (e.g., HIPAA)

Training Records

We maintain records of:

  • Training completion dates
  • Assessment scores
  • Certifications held
  • Phishing simulation results

Records available for client review upon request.

Last updated on
Tools & InfrastructureConfidentiality & IP