Our training philosophy is guided by three principles:
Employees have better things to do than to spend their day watching training videos. We keep training compact, engaging, and game-like when possible. We also strive to keep training fresh so you don't need to bore people with the same class year after year. Full courses are often 20 minutes; micro courses are only 5 minutes long!
Most successful "cyber" attacks over the past few years have had a significant "social engineering" component. In addition to required compliance topics, we focus on phishing and techniques to support your efforts to keep employees from falling victim to social engineering. This includes Outlook, Gmail, and other email plugins to encourage employees to report phishing attacks.
Compliance is necessary and often dictates training requirements. However, this doesn't mean that employees need to endure long compliance sessions. Our PCI, OWASP, NERC, and government training is very targeted and as short as possible. This includes short documentation review and quiz options for developers who have taken development security training before.
Our phishing training includes email system plugins to automate internal reporting and reduce risk, SMS text messages, phone and voicemail, simulated malicious USB drives, Office attachments with macros, spear phishing, detailed reports, and context-based training to help your employees identify red flags. We include over 1,000 customizable templates that cover real-world examples, including Google, Microsoft 365, and the Canada Revenue Agency.
Our web-based training courses include modern gaming techniques, 5-minute micro courses to get to the point, cover compliance requirements, and keep security awareness strong throughout the year, simulations, and posters. We also have big-bang courses if you need to meet compliance needs right away.
Course topics cover software development, PII, PCI, Canadian Privacy Requirements, OWASP Top 10, job-specific cybersecurity awareness training, training for executives, and hundreds of other topics.
All consulting engagements include the option of one-on-one training with your system administrators to understand security vulnerabilities. In cases where computer-based training is not appropriate or available, we are happy to provide on-site training presentations.
ThreeShield supports the Safe and Secure Online® training program. As part of our environmental and social impact program, our Certified Information Systems Security Professionals provide training to schools and other community organizations free of charge.
" Collaborating with ThreeShield to ensure data security was an exciting and educational experience. As we exploded in growth, it was clear that we needed to rapidly mature on all fronts, and ThreeShield was integral to building our confidence with information, software, and infrastructure security. "
" ThreeShield helped us focus our efforts, enhancing our security posture and verifying PCI compliance.
All of this was achieved with minimal disruption to the engineering organization as a whole.
The approach was smart. In a short time, we accomplished what much larger companies still struggle to achieve. "
Senior Director of Systems and Build Engineering
" ThreeShield very much values active and respectful collaboration, and went out of their way to get feedback on policies to make sure proposals balanced business needs while not making employees feel like they were dealing with unreasonable overhead. By doing so ThreeShield really helped change the culture around security mindfulness is positive ways. "
29 January 2024
13 February 2023
2 February 2023
16 January 2023
26 March 2021