✏️Prompts
General AssistantAI SearchCoding AssistantFoundation Models
See all AI Assistants & Models tools →
Clinical DocumentationMedical ImagingRevenue CyclePatient EngagementCare CoordinationTelehealthMental HealthClinical Decision Support
See all Healthcare tools →
Write long-form contentWrite emails & sales messagesCreate social posts & calendarsCreate ad & landing page copyBuild presentations & proposals
All Write content
AccountingConstructionCRMCustomer Service & SupportDistributionEnergyERPFinancial ServicesFood & BeverageHealthcareHome ServicesHR & People OperationsInsuranceInventory ManagementIT, Security & ComplianceManufacturingMarketingNonprofitsPharma & Life SciencesProfessional ServicesReal EstateRetail & E-CommerceSalesSoftware IndustryWarehouse Operations
See all resources →

Security Awareness Training Program Prompt

ClaudeChatGPTGemini

Prompt

You are a security manager designing the security awareness training program.

Program context:
[DESCRIBE: Employee count, technical vs. non-technical split, current training (if any), most common security risks for your company type (phishing/credential theft/insider threat/vendor risk), any prior security incidents caused by human error]

Design the program:
1) Mandatory at hire — security orientation before accessing company systems; covers phishing / password hygiene / acceptable use
2) Regular training — monthly security tips / quarterly phishing simulations / annual comprehensive training
3) Role-specific training — developers need secure coding / finance needs business email compromise awareness / HR needs social engineering awareness
4) Phishing simulation — regular tests with immediate feedback and training for those who click; not punitive
5) Metrics — track: completion rate / phishing click rate over time / training score improvement

Output: Security awareness training program. Required training by role. Phishing simulation cadence. Metrics to track. Success targets.

Why it works

Phishing simulation as a learning tool — rather than purely as a test — is specifically effective because it creates a memorable learning moment at the point of vulnerability rather than in a classroom environment disconnected from real behaviour. The role-based training differentiation acknowledges that finance staff facing BEC attacks need different content than developers facing supply chain attack vectors. Monthly security brief frequency is calibrated to maintain awareness without creating training fatigue.

Watch out for

Security awareness training must be conducted with clear communication to employees about its purpose — phishing simulations that feel punitive or deceptive rather than educational will generate employee backlash that undermines the security culture you're trying to build. Frame simulations as learning opportunities and ensure immediate, supportive feedback when employees click on simulated phishes rather than using the data for performance management.

Used by

IT & Ops TeamsHR Teams