Infosec: Cybersecurity Training and Phishing Simulation Software

Welcome to the Comprehensive Buying Guide for Infosec (an ITPRO company). In an era where human error accounts for the vast majority of security breaches, choosing the right education partner is critical. This guide evaluates Infosec’s dual-pronged approach: Infosec IQ, which focuses on enterprise-wide security awareness and phishing simulations, and Infosec Skills, a technical training platform designed to upskill cybersecurity professionals.

As you navigate this guide, you will learn how Infosec differentiates itself through role-based content, hands-on cyber ranges, and automated behavioral analytics. Whether you are a CISO looking to satisfy compliance requirements or a Talent Development Manager aiming to bridge the cybersecurity skills gap, this guide provides the technical and strategic insights necessary to determine if Infosec is the right fit for your organization’s security posture.

Infosec provides a comprehensive suite of features designed to change user behavior and build technical expertise:

Infosec IQ (Security Awareness & Phishing)

• Automated Phishing Simulations: Over 1,000 templates based on real-world threats, allowing for automated, randomized campaigns that test employee vigilance.
• Personalized Learning Paths: AI-driven recommendations that deliver training based on an individual's past performance and role-specific risks.
• PhishSim & TeachPriv: Interactive modules that provide 'just-in-time' education the moment a user clicks a simulated phishing link.
• Extensive Content Library: High-quality, localized videos, posters, and newsletters in 30+ languages to support global deployments.

Infosec Skills (Technical Training)

• Hands-on Cyber Ranges: Cloud-hosted environments where IT pros can practice offensive and defensive tactics in a risk-free setting.
• Certification Prep: Structured paths for industry-standard certs like CISSP, CEH, Security+, and CCSP, including practice exams.
• Skill Assessments: Pre-and-post training evaluations to measure knowledge gains and identify team-wide skill gaps.
• Boot Camps: Intensive, instructor-led training options for rapid certification attainment with a 'Pass Guarantee.'

• Global Manufacturing Compliance: A multi-national manufacturer uses Infosec IQ to deliver localized security awareness training in 15 languages, ensuring all factory and office staff meet GDPR and ISO 27001 requirements while tracking compliance from a centralized dashboard.
• Financial Services Phishing Defense: A mid-sized bank uses automated phishing simulations to target 'high-risk' departments like Wire Transfer and HR. By using the 'Report Phish' button, employees have decreased the company's average click rate from 15% to under 2% in one year.
• Government Agency Upskilling: A state agency uses Infosec Skills to provide their IT department with access to hands-on labs. This allows their generalist IT staff to transition into dedicated cybersecurity roles, filling internal vacancies without external hiring.
• Retail Rapid Onboarding: A large retailer integrates Infosec IQ with their HRIS (Workday). New hires are automatically enrolled in 'Security Essentials' training on day one, ensuring immediate compliance and risk reduction.

Infosec generally operates on a subscription-based SaaS model:

• Infosec IQ: Priced per-user, per-year. Tiers are usually based on the volume of learners and the level of content access (Standard vs. Enterprise). Volume discounts apply for large organizations.
• Infosec Skills: Available as individual or team licenses. Team accounts include administrative dashboards to track progress and assign paths.
• Boot Camps: Priced per-seat, per-course. These are higher-cost, fixed-fee engagements that include live instruction and exam vouchers.
• Additional Costs: Consider costs for professional services (managed services where Infosec runs your campaigns) and any custom content development needs.

Infosec is a cloud-native platform with minimal local infrastructure requirements:

• Browser: Compatibility with latest versions of Chrome, Firefox, Safari, and Microsoft Edge.
• Email Environment: Ability to whitelist specific IP addresses and domains in your email gateway (Mimecast, Proofpoint, etc.) and mail server (O365, Google) to ensure phishing simulations bypass spam filters.
• Network: Sufficient bandwidth for streaming high-definition video content and accessing cloud-based cyber ranges (for Skills).
• End-User Devices: Training is responsive and accessible via desktop, tablet, and mobile devices.
• Whitelisting: Requires the ability to modify 'Safe Senders' lists and potentially bypass 'Link Rewriting' (like Mimecast TTP or Outlook Safelinks) for simulation accuracy.

To maximize the ROI of Infosec, organizations should meet these business prerequisites:

• Executive Sponsorship: Security awareness is a cultural shift; leadership must endorse the time spent by employees on training and simulations.
• Dedicated Program Manager: While the platform offers automation, a designated individual (usually in IT or HR) should oversee campaign schedules and follow-up on non-compliance.
• Process for Remediation: A defined policy for how to handle employees who consistently fail phishing simulations (e.g., mandatory additional training vs. HR intervention).
• Internal Communication Plan: A strategy to announce the program to employees to ensure high engagement and transparency regarding the purpose of phishing simulations.

A typical Infosec IQ implementation follows this schedule:

• Phase 1: Discovery & Planning (1-2 weeks): Define goals, identify target learner groups, and establish baseline phishing metrics.
• Phase 2: Technical Setup (1 week): Domain verification, whitelisting Infosec mail servers, and setting up SSO/Active Directory synchronization.
• Phase 3: Content Customization (2 weeks): Selecting training modules, branding the learner dashboard, and customizing phishing templates.
• Phase 4: Pilot Launch (1-2 weeks): Rolling out to a small subset of users to test delivery and gather initial feedback.
• Phase 5: Full Go-Live (Week 6+): Launching the first company-wide awareness campaign and automated phishing cadence.
• Note: Professional technical training (Infosec Skills) can be deployed almost instantly once licenses are assigned.

Infosec provides tiered support to ensure client success:

• Customer Success Managers (CSM): Enterprise clients are typically assigned a dedicated CSM to help align training with business goals and review quarterly progress.
• Technical Support: Available via email and phone during standard business hours, with 24/7 options for critical platform issues.
• Managed Services: For overstretched IT teams, Infosec offer 'Managed Awareness Services' where their experts design and execute your phishing and training roadmap.
• Knowledge Base: A robust self-service portal with documentation, 'how-to' videos, and best-practice templates.
• Community: Access to a network of security professionals and peer-led forums.

Infosec offers robust integration capabilities to streamline administration:

• User Provisioning: Native integrations with Microsoft Azure AD (Entra ID), Google Workspace, and on-premise Active Directory via SCIM to automate user onboarding and offboarding.
• Authentication: Support for SAML 2.0 and OpenID Connect for Single Sign-On (SSO) across all platforms.
• Security Stack Integration: API-based connections with SEIM/SOAR tools to feed phishing report data into your broader security operations.
• LMS Integration: Content can often be exported via SCIM/AICC for organizations that prefer to host training within their existing Learning Management System.
• Phish Notification: A 'Report Phish' Outlook/Gmail add-in that integrates directly with the Infosec IQ dashboard for real-time threat analysis.

Infosec maintains enterprise-grade security standards:

• Certifications: SOC 2 Type II compliant, ensuring rigorous controls over data security, availability, and privacy.
• Data Residency: Options for data storage in various regions to comply with local laws like GDPR (EU) and CCPA (California).
• Privacy: Strict data minimization practices; Infosec only requires minimal PII (Name/Email) to function.
• Accessibility: Content is designed to meet WCAG 2.1 AA standards, ensuring training is accessible to employees with disabilities.
• Audit Logs: Comprehensive logging of all admin actions and learner progress for compliance auditing.