Right-sized programs for
your organization.
Three engagement tiers scaled to your organizations headcount. Structured 6 and 12 month contracts with cadenced simulations, monthly reporting, and no enterprise overhead.
What every engagement includes.
These four pillars remain standard across all tiers. The tiers determine reporting frequency, analysis depth, and the extras layered on top.
Quarterly Phishing Simulations
Four phishing campaigns per year targeting your full organization over a rolling 3-month window. Scenario types vary each cycle so your team never sees the same simulated attack twice.
Monthly Metric Updates & Newsletter
Concise monthly email reports with your current click rate, open rate, and phish reporting rate. The numbers and tech news you need to stay informed between quarterly reviews.
Quarterly Training Content
Rotating library of security awareness topics each quarter, matched to your simulation results. Topics such as phishing recognition, password hygiene, multi-factor, social engineering, and more.
Branded PDF Reports
Professional findings reports with executive summary's for non-technical leadership. Full methodology provided, comprehensive metrics breakdown, and a personalized action plan.
What every engagement includes.
Three tiers scoped so your organization pays for exactly the coverage and reporting depth your size needs. Each band reflects meaningful difference in simulation scope, reporting volume, and complexity.
1 - 30 EMPLOYEES
Essentials
Small organization's and boutique offices
The right entry point for a solo-owner shop, small professional office, or any team under 30 employees. Established testing and training cadence without over-engineering the program for your size.
- 4 phishing simulations per year
- Full team is covered every quarter
- Monthly metrics email update
- Quarterly security training content
- Annual kickoff and debrief call
- Annual branded PDF report
- Remediation recommendations
31 - 150 EMPLOYEES
Professional
Growing businesses and larger offices
The right fit for most small-to-medium sized businesses. Quarterly reporting loops give leadership visibility throughout the year, not just at the end of it. Introduction IT and cyber consulting.
- 4 phishing simulations per year
- Full team is covered every quarter
- Monthly metrics email update
- Monthly newsletter
- Quarterly security training content
- Quarterly debrief calls
- Quarterly branded PDF report
- Department-by-department breakdown
- Advanced scenario library
- Remediation recommendations
- 10 total IT consulting hours
151 - 500 EMPLOYEES
Ultimate
Larger organizations and multi-office businesses
Full features and embedded consulting hours with executive level targeting. Built for larger organizations with multiple departments, offices, and suite of leadership. Focused metrics and management of multiple teams.
- 4 phishing simulations per year
- Full team is covered every quarter
- Monthly metrics email update
- Monthly newsletter
- Quarterly security training content
- Quarterly debrief calls
- Quarterly branded PDF report
- Department-by-department breakdown
- Advanced scenario library
- Executive spear phishing campaigns
- Remediation recommendations
- 5 hours of consulting per quarter
- Custom training content on request
500+ EMPLOYEES
Enterprise
Organizations above 500 employees have security needs that go beyond our standard programs. We work with the larger organizations on a case-by-case basis. Reach out with your headcount and we work with you to create a proposal specific to your situation
Not sure which tier fits? Send us your employee count and we will recommend the right level and will draft a custom quote for you.
Five numbers tell the whole story.
Every debrief report tracks the same five metrics. Over a 12-month engagement, the trend line across these numbers bring clear awareness to your organization.
Open Rate
Who in your organization opened the phishing email
Click Rate
Who clicked the malicious link or file
Submission Rate
Who entered credentials into fake login page
Report Rate
Who correctly identified and reported the phishing attempt.
Time-to-Click
How fast each team member engaged after delivery
Contract Terms
Available from month one, on any tier.
Both terms include all core deliverables at your tier. The 12-month term adds scheduling advantages and a year-end analysis that makes the case for ROI for continuing the program.
6-Month Term
- Two full quarterly simulation cycles
- All core deliverables at your tier level
- Good for evaluating the program before longer commitment
- Scheduling based on availability at contract time
12-Month Term
- Four full quarterly simulation cycles - a complete year of data
- All core deliverables at your tier level
- Priority scheduling across all four campaigns
- Wider scenario variety
- Year-in-Review at month 10 showing all trends
- Improvement graphs become your internal case for renewal
Consulting Add-Ons
Available from month one, on any tier.
The point of using dummy text for your paragraph is that it has a more-or-less normal distribution of letters. making it look like readable English.
Beyond the simulation program
Your simulations identify the gaps, these add-ons close them. Each is scoped and priced separately from your base contract. You choose what makes sense based off your needs and the data presented.
Add-ons are available to all tier clients starting in 1-3 months after first engagement, once baselined simulation
Password Manager Implementation
Hands-on rollout of a business password manager across your organization. Includes vendor selection guidance, team onboarding, credential migration support, and written policy recommendation tailored to your workflow.
Security Awareness Seminar
Live or asynchronous security training session for your full organization or specific department. Topic is driven by your simulation data or priorities leadership desires.
Find your security gaps before attackers do.
Most businesses don't know how vulnerable their team is until after an incident. A free consultation changes that.