Security Training

Security Awareness Training That Produces Measurable Results

Phishing simulations, tabletop exercises and executive briefings. Documented click-rate reduction for audit evidence.

Sherlock Forensics delivers security awareness training programs that include phishing simulations, tabletop incident response exercises, executive briefings and compliance training. Programs produce measurable outcomes with documented phishing click-rate reduction from 25-35% to under 5%. Three pricing tiers: Foundation ($3,500 CAD), Professional ($8,500 CAD) and Enterprise ($18,000 CAD). Led by Ryan Purita, CISSP, ISSAP, ISSMP. Contact 604.229.1994.

Book a Program View Program Details

Program Structure

Four pillars of security awareness

01

Phishing Simulations

Realistic phishing campaigns modeled after current threat intelligence. We send simulated attacks to your employees and track open rates, click-through rates and credential submission. Employees who click receive immediate inline training. Results are compiled into a report with department-level metrics.

  • Custom attack templates based on real campaigns
  • Tracking: opens, clicks, credential entries
  • Instant remediation training on click
  • Department and role-level reporting
02

Tabletop Exercises

Scenario-based incident response exercises for technical and leadership teams. We present a simulated security incident and walk your team through the response process: detection, containment, communication, recovery and post-incident review. Exercises expose gaps in your incident response plan before a real incident does.

  • Ransomware, data breach and insider threat scenarios
  • Tests communication chains and escalation
  • Identifies gaps in your IR plan
  • Written after-action report with recommendations
03

Executive Briefings

One-hour briefings for C-suite and board members covering current threat landscape, organizational risk posture, compliance obligations and the ROI of security investment. Designed for decision-makers who need the strategic picture without the technical detail.

  • Current threat landscape specific to your industry
  • Risk posture summary from phishing results
  • Compliance status and gap analysis
  • Budget justification for security initiatives
04

Compliance Training

Role-based training modules mapped to PCI DSS 4.0 Requirement 12.6, SOC 2, PIPEDA, HIPAA and ISO 27001. Includes attendance tracking, assessment scores and compliance-ready documentation for auditor review. Satisfies the annual security awareness training requirement for all major frameworks.

  • PCI DSS 4.0, SOC 2, PIPEDA, HIPAA, ISO 27001
  • Role-based content (technical, non-technical, executive)
  • Attendance records and assessment results
  • Audit-ready documentation package

Measurable Outcomes

Numbers your auditor can verify

Click-Rate Reduction

Baseline phishing simulations typically show click rates between 25% and 35%. After three rounds of simulation and training, organizations average under 5%. We document every data point for board reporting and audit evidence.

Credential Submission Drop

Credential submission rates on simulated phishing pages typically fall from 15-20% on baseline tests to under 2% by the third round. This is the metric that directly correlates to breach risk reduction.

Incident Reporting Increase

Trained employees report suspicious emails at significantly higher rates. Organizations in our program see reporting rates increase from under 10% to over 60% within six months, catching real threats faster.

Compliance Documentation

Every program produces audit-ready documentation: attendance records, training content summaries, assessment scores, phishing simulation results and trend analysis. Formatted for PCI DSS, SOC 2 and ISO 27001 auditor review.

Pricing

Three tiers, transparent pricing

$3,500

Foundation

One-time engagement

  • Baseline phishing simulation (one round)
  • 2-hour security awareness session (up to 25 staff)
  • Post-simulation report with click-rate metrics
  • Compliance documentation package
$8,500

Professional

Recommended for most organizations

  • Three phishing simulation rounds over 90 days
  • Half-day interactive training session
  • Tabletop incident response exercise
  • Executive security briefing (1 hour)
  • 60-day follow-up assessment
  • Trend analysis and improvement report
$18,000

Enterprise

Full-year program

  • Quarterly phishing simulations (four rounds)
  • Role-based training modules (technical, non-technical, executive)
  • Two tabletop exercises per year
  • Quarterly executive briefings
  • Annual compliance documentation package
  • Dedicated account manager
  • Custom pricing for 200+ employees

All prices in CAD. Custom pricing available for organizations with more than 200 employees. Contact us for a quote.

Customization

Tailored to your organization

Every program begins with a pre-engagement assessment. We review your industry, regulatory requirements, current security posture and past incident history. Phishing templates are customized to match the types of attacks your employees actually receive. Training scenarios reflect your specific technology stack and business processes. The result is a program that addresses your real risk profile rather than delivering generic content your team will ignore.

For organizations that combine security awareness training with a penetration test, we provide a gap analysis showing where human factors contributed to technical findings. This connection between awareness training and technical assessment gives leadership a complete picture of organizational security posture and creates accountability for improvement.

Frequently Asked Questions

Training Program FAQs

What is included in a security awareness training program?
Sherlock's program includes phishing simulations with real-world attack templates, interactive training sessions, tabletop incident response exercises, executive security briefings, compliance-specific modules for PCI DSS, SOC 2 and PIPEDA, post-training assessments and a detailed report with click-rate metrics and improvement recommendations.
How much does security awareness training cost?
Sherlock offers three tiers. Foundation starts at $3,500 CAD and includes a baseline phishing simulation plus a 2-hour awareness session. Professional is $8,500 CAD and adds tabletop exercises, executive briefings and three phishing rounds. Enterprise is $18,000 CAD for a full-year program with quarterly simulations and role-based training.
How do phishing simulations work in security training?
We send realistic phishing emails to your employees using attack templates modeled after current threat campaigns. We track who opens the email, who clicks the link and who enters credentials on the simulated phishing page. Employees who click are immediately redirected to a brief training module. Results are compiled into a report showing click rates by department, role and simulation round.
What measurable outcomes does security awareness training produce?
Organizations that complete the three-round phishing simulation program typically see click rates drop from 25-35% to under 5%. Credential submission rates fall from 15-20% to under 2%. Incident reporting rates increase from under 10% to over 60%. All metrics are documented in a formal report suitable for board presentations and audit evidence.
Does security awareness training satisfy compliance requirements?
Yes. Sherlock's programs satisfy security awareness requirements in PCI DSS 4.0 (Requirement 12.6), SOC 2 Trust Services Criteria (CC1.4 and CC2.2), PIPEDA, HIPAA and ISO 27001 Annex A.7.2.2. We provide compliance-specific documentation including attendance records, training content summaries and assessment results formatted for auditor review.

Ready to Reduce Your Human Risk?

Security awareness that produces evidence.

Contact us to scope a training program for your organization. On-site in Vancouver or remote anywhere in Canada.

Since 20064.8/5 ratingCISSP, ISSAP, ISSMP certified
Book a Program Call 604.229.1994