πŸ§‘β€πŸ«πŸ” Security Training

Role-Based, Just-In-Time, Behavior-Changing β€” With Evidence

Security Training only works if it changes behavior and stands up in audits.
SolveForce delivers a program that is role-based, just-in-time, and metrics-drivenβ€”wired to your stack so lessons appear at the moment of risk and completion/effectiveness are provable.

Connective tissue:
🧭 GRC β†’ /grc β€’ πŸ“Š Evidence/Automation β†’ /siem-soar β€’ 🚨 IR & Drills β†’ /incident-response β€’ /tabletop
πŸ‘€ IAM & Access β†’ /iam β€’ πŸ” ZTNA/NAC/SASE β†’ /ztna / /nac / /sase
πŸ” Data & Privacy β†’ /data-governance β€’ /dlp
πŸ’³ PCI β†’ /pci-dss β€’ πŸ₯ HIPAA β†’ /healthcare-networks β€’ πŸ›οΈ NIST/FedRAMP β†’ /nist β€’ /fedramp

🎯 Outcomes (Why our program)

  • Behavior change β€” fewer risky clicks, faster reporting, fewer secret/key leaks, better access hygiene.
  • Just-in-time coaching β€” micro-lessons triggered by real events (e.g., secret found in PR, suspicious share link).
  • Role relevance β€” tracks for execs, finance/AP, IT/helpdesk, dev/DevOps, data stewards, OT/ICS, contact center, healthcare, retail payments.
  • Audit-grade proof β€” completion, quiz, simulation, drill and attestation evidence exported to SIEM/SOAR.

🧭 Scope (What we deliver & operate)

  • Core baseline β€” annual + onboarding: phishing/BEC, passwords/passkeys, MFA, data labels, safe sharing, incident reporting.
  • Role-based paths
  • Exec/Board: risk, incident comms, fiduciary duties, wire-fraud scenarios.
  • Finance/AP: BEC/wire fraud, vendor spoof, dual-control.
  • Helpdesk/IT: identity proofing, token/session safety, escalation SOPs.
  • Developers/DevOps: secrets hygiene, supply chain (SBOM, signing), IaC policy-as-code, vulns triage.
  • Data Stewards/Analysts: labeling, DLP, tokenization, privacy by design.
  • Contact Center (CCaaS): PCI redaction/tokenization, recording policies.
  • Healthcare: HIPAA/42 CFR Part 2, minimum necessary, ePHI handling.
  • OT/ICS: safety first, change control, vendor access with ZTNA/PAM.
  • Simulations & labs β€” phishing/BEC, smishing/QRishing, OAuth-app consent, secure coding/k8s/cloud labs.
  • Drills β€” incident tabletops and mini-TTX (ransomware, key leak, data exfil) with AAR artifacts.
  • Policy attestation & exceptions β€” annual sign-off and tracked, time-boxed exceptions in GRC.

🧱 Building Blocks (Spelled out)

  • Microlearning: 3–7 minute lessons; scenario-based; accessible; localized.
  • Learning intercepts (JIT):
  • Secret detected in PR β†’ 90-second lesson + auto-rotate guide.
  • Public link to Restricted data β†’ label/DLP nudge + one-click fix.
  • MFA fatigue detected β†’ β€œhow to report” card + session hygiene.
  • LMS + SIEM wiring: all completions, quiz scores, and sim results stream to SIEM/SOAR for dashboards and audits. β†’ /siem-soar
  • Gamification w/ guardrails: leaderboards and badges for teams; no shaming.
  • Accessibility: WCAG-aware content; audio/transcripts; low-bandwidth variants.

🧰 Reference Programs (pick & mix)

1) Phishing & BEC Defense β€” monthly sims, VIP/vendor impersonation, time-of-click training, report-rate coaching.
2) Dev & Cloud Secure SDLC β€” secrets hygiene, supply chain, signed artifacts/SBOM, IaC gates, k8s/network policies.
3) PCI Awareness β€” PAN scopes, tokenization, hosted fields, redaction & recording rules. β†’ /pci-dss
4) HIPAA & Privacy β€” PHI labels, minimum necessary, e-mail/DLP encryption, subject-rights workflows.
5) Zero-Trust in Practice β€” ZTNA usage, device posture, least privilege & JIT/PAM. β†’ /ztna β€’ /pam
6) Incident Ready β€” how to escalate, evidence handling, comms trees; annual TTX + ad-hoc micro-drills. β†’ /tabletop

πŸ“ SLO Guardrails (what we commit to)

DomainKPI / SLOTarget (Recommended)
CoverageBaseline completion (regulated roles)β‰₯ 99% by due date
Role-based track completionβ‰₯ 95%
BehaviorPhish sim failure rate (rolling 4Q)↓ trend, target < 5%
Median time-to-report phishing≀ 10 min
Secret leak rate in PRs↓ 50%+ by Q2 of program
EffectivenessPost-lesson retention quiz (30–90d)β‰₯ 85–90% pass
DrillsTTX participation & AAR closure100% / ≀ 30 days
EvidenceLMS/sim logs to SIEM≀ 120 s delivery

SLO breaches open tickets and trigger SOAR nudges (auto-assign lesson, notify manager, schedule micro-drill). β†’ /siem-soar

πŸ”’ Compliance Mapping (examples)

  • SOC 2 (CC2.2), ISO 27001 (Clause 7.3 awareness & Annex A controls), PCI DSS (Req. 12.6), HIPAA (164.308(a)(5)),
    NIST 800-53 (AT family), CMMC (AT), FedRAMP ConMon evidence.

πŸ“Š Observability & Evidence

  • Dashboards: completion/overdue, sim failure & report-rate, quiz retention, secrets-in-PRs, DLP blocks, JIT intercepts.
  • Evidence pack: rosters, certificates, sim artifacts, policy attestations, TTX AARsβ€”exportable to auditors.

πŸ› οΈ Implementation Blueprint (No-Surprise Rollout)

1) Assess & map β€” personas, risks, frameworks, policies to teach.
2) Design tracks β€” baseline + role paths; choose sim cadence; define JIT intercepts.
3) Integrate β€” LMS ↔ HRIS/IdP; SIEM/SOAR; code scanning & DLP hooks for JIT.
4) Pilot & adjust β€” one BU/site; tune difficulty & tone; set KPIs.
5) Launch β€” org-wide with quarterly micro-refreshers; publish dashboards.
6) Exercise β€” TTX + incident micro-drills; attach AARs and close gaps.
7) Improve β€” quarterly review of SLOs, content gaps, repeat-clicker coaching; update roadmap.

βœ… Pre-Engagement Checklist

  • πŸ‘₯ Persona list (exec, finance, IT, dev, data, CCaaS, OT/ICS, healthcare).
  • πŸ“œ Policy library & attestation cadence; exception process.
  • πŸ“¨ Sim cadence & channels (email/SMS/QR/OAuth consent).
  • πŸ” Identity & device posture sources (IdP/MDM/EDR).
  • πŸ§‘β€πŸ’» Dev/Cloud scanners for JIT (SAST/SCA/secret & IaC).
  • πŸ” DLP labels & triggers; encryption methods.
  • πŸ“Š LMS/SIEM endpoints; reporting cadence & owners.
  • πŸ—“οΈ Audit calendar; frameworks in scope (SOC2/ISO/NIST/PCI/HIPAA/FedRAMP).

πŸ”„ Where Security Training Fits (Recursive View)

1) Grammar β€” training outcomes flow into /grc metrics.
2) Syntax β€” JIT intercepts tie to /iam, /dlp, /siem-soar, and SDLC gates.
3) Semantics β€” /cybersecurity defines the controls; training operationalizes them.
4) Pragmatics β€” /solveforce-ai powers adaptive lessons and grounded assistant content.

πŸ“ž Launch Security Training That Changes Behaviorβ€”and Proves It