AETC Process

The D2 Cybersecurity Process

At D2 Cybersecurity, we believe that awareness is a comprehensive product of ongoing education, training, and communication. By combining online modules with simulated phishing campaigns into a total solution, the greatest rate of success can be achieved for your organization, as proven through D2’s past performance.

Through our AETC process, we thoroughly examine each organization’s position on cybersecurity practices and attitudes toward user behavior, designing a total solution that addresses their unique needs.

Initially, gaps in cybersecurity practices are identified within a target client base. These results can shape a tailored solution for effective behavioral change, and can be personalized for distinct groups of employees. D2’s interactive cybersecurity suite of modules form the basis for educational development of critical thinking skills necessary for operating technology in the workplace. As a training exercise, simulated phishing campaigns are sent out to end users, to reinforce the application of knowledge gained from their cybersecurity education. D2 implements periodic updates of courseware to increase ongoing communication of the latest cyber threats. Clients within similar industries are encouraged to share any cyber-related incidents, which are transformed into industry-specific mini case study modules.

Discussion with CTO/IT manager to analyze and assess some of the existing operational/behavioral gaps.
Initial phishing simulation campaign as a pretest to form a baseline of current user behavior.
Analysis used as a basis for customizing training to address the identified gaps in instrumentation and practice.
Assessment of your organization’s current cybersecurity awareness level to gauge ROI.
Recommendation of courseware/phishing simulation suitable for your organization.

EDUCATE

Modules contain interactive and stimulating multimedia learning content, including animated and live actor video content, gaming elements, and exercises.
Modules are periodically updated.
Modules teach fundamental cybersecurity knowledge as the foundational building block.
Cybersecurity modules are tracked on a Learning Management System (LMS) hosted by D2/Kean, or can reside on your organization’s own LMS.
Reports of learner activity measure progress and success within your organization, and can be organized by division or staff type.

TRAIN

Users are given the opportunity to apply what they have learned in their cybersecurity awareness education to meaningful practice. In training activities, users develop skills that can be transferred to everyday usage as they navigate potential risks and technology best practices in the workplace and elsewhere.

Skills-based practical exercises such as spotting suspicious clues in emails allow users to evaluate these communications in a protected environment with appropriate feedback.
Situational real-life scenarios such branched decision-making scenarios with live actors allow users to contemplate what they would do if faced with similar situations. Certain paths can be taken dependent upon the nature of their answers to thought-provoking questions.
Simulated phishing emails—including link, data entry, and download phishing scenario types—test whether users fall victim to phishing attacks. Reports measure which individuals were successfully attacked and how the organization performed collectively.

COMMUNICATE

Repetitive messaging over time is a vital key to learning and the formation of a cyber-awareness within your organization. Since cybersecurity is constantly evolving, our education and training is responsive to that trend. We are always improving course material and phishing scenarios as new information becomes relevant.

Communication should be an ongoing exercise, not a discrete event. We provide opportunities to learn and practice many times throughout the year.
Courseware is rapidly updated as new information develops, ensuring that material is up to date.
Periodic simulated phishing campaigns reinforce the need to be vigilant at all times, as users are tested without forewarning.
Threat-sharing of true case studies amongst clients in similar industries provide an additional layer of awareness.