Providing Project Management Expertise for Company Wide Phishing Training Initiative

The offshore drilling company selected a security awareness and training platform called KnowBe4 because of its comprehensive training approach. KnowBe4 offered regular and on-demand modules with dynamic content, and incorporated phishing campaigns that could be used as simulations. The solution could be used for employees, contractors and third parties, with defined role-based curriculum requirements.

• Library of Customized Training Modules: KnowBe4’s learning modules covered critical topics related to behavior, policy adherence, and compliance expectations. KnowBe4’s tailored learning modules incorporated role-based training, addressing the specific context of various job functions within the company.  Training used to be a one-size-fits-all approach, but the new platform allowed specific departments to have tailored curriculum based on the specific threats they are more frequently exposed to.
• Simulated Phishing Campaigns & Training: Implementation of simulated phishing and social engineering attacks that test employees’ ability to identify red flags. These simulations also serve as a tool for identifying individuals who may be more susceptible to phishing attempts and automatically provide them with additional training requirements.
• SAPA (Security Awareness Proficiency Assessment): SAPA is a questionnaire to assess the organization’s security awareness and identify specific areas where additional training is needed. It serves as a tool for tailoring training modules to address the unique cybersecurity awareness needs of different teams and individuals.

MRE provided oversight of the project delivery. We leveraged our Project Management Framework to oversee the project, manage the timeline and proactively identify risks or issues. MRE coordinated with the client and vendor and fostered collaboration among stakeholders for a smooth implementation. and ensuring alignment with the client’s PMO standards, and reporting and documentation requirements.

MRE’s Project Manager proactively identified and managed risks to ensure a smooth implementation. For instance, the team ran into an unexpected issue during Active Directory integration. The Active Directory (AD) structure did not reflect the way the organization needed to group people and departments for rolling out the security curriculum. For example, generic rig accounts in the AD structure would not require training and contractor workforce needed to be included based on their role.    We actively worked through this issue, conducting manual reconciliation and quality assurance checks as confirmation. Our approach to risk management instilled confidence with the client and ensured the project stayed on track.