Empower Your Staff with Stickley on Security Cybersecurity Training

Welcome to the definitive buying guide for Stickley on Security. In an era where human error accounts for the vast majority of data breaches, organizations—particularly in the financial sector—require more than just static firewalls; they need a "human firewall." Founded by renowned cybersecurity expert Jim Stickley, this platform provides a unique blend of high-quality video education, real-world cyber-attack simulations, and automated security awareness content designed to keep both employees and customers safe.

This guide will walk you through the core capabilities of Stickley on Security, from its industry-leading video production to its automated phishing simulators. You will learn how the platform fits into a broader risk management strategy, the technical prerequisites for a successful rollout, and how to determine if this solution aligns with your organization's specific compliance and educational needs. Whether you are a Credit Union looking to protect your members or a mid-market firm seeking to harden your internal defenses, this guide provides the objective insights necessary for an informed procurement decision.

Stickley on Security offers a comprehensive suite of tools focused on the human element of security:

• Professional Video Education: High-production-value videos featuring Jim Stickley that explain complex threats (like business email compromise or SIM swapping) in relatable, non-technical terms.
• Automated Phishing Simulations: A robust testing engine that allows IT teams to send realistic, "Stickley-crafted" phishing emails to employees to identify vulnerabilities and trigger immediate point-of-failure training.
• The Stickley Security Center: A white-labeled, hosted portal that serves as a central hub for security articles, videos, and news, which can be shared with employees and customers alike.
• Monthly "Security Awareness" Content: Regular updates including newsletters, social media posts, and "Security Minutes" that ensure the educational content never becomes stale.
• Compliance Reporting: Detailed analytics and tracking that provide proof of training for auditors, showing which employees have completed modules and how the organization is performing in phishing tests.
• Real-World Threat Intel: Content is based on current, active exploits seen in the wild, often before they hit mainstream headlines.

• The Community Bank Breach Prevention: A mid-sized bank uses Stickley’s phishing simulator monthly. After six months, they saw a 40% reduction in "click rates" on suspicious emails, significantly lowering their risk of ransomware.
• Credit Union Member Value-Add: A Credit Union embeds the Stickley Security Center on their public website. Members use the "Search" feature to learn about the latest "Grandparent Scams," reducing the number of fraudulent wire transfers the CU has to investigate.
• Annual Compliance Fulfillment: A healthcare provider uses Stickley's video modules to fulfill their HIPAA-mandated security awareness training requirements, providing a more engaging experience than the standard "death-by-PowerPoint" methods.
• Rapid Incident Response Education: Following a high-profile national data breach, an organization pushes out a Stickley "Breaking News" video to all staff within 24 hours to explain the threat and how to avoid similar tactics.

Stickley on Security typically utilizes a subscription-based model tailored to the size and scope of the organization:

• Annual Subscription: Most contracts are billed annually.
• Tiered by Employee/Member Count: Pricing is often scaled based on the number of employees (for internal training) or the number of members/customers (for the public-facing Security Center).
• Module-Based Pricing: Organizations can choose to subscribe to specific components, such as the Employee Awareness suite, the Customer Education portal, or the Phishing Simulator, or bundle them for a discount.
• No Hidden "Per-Phish" Fees: Unlike some competitors, Stickley generally offers unlimited phishing simulations within the subscription tier.
• Setup Fees: A one-time initial configuration and branding fee may apply for white-labeled portals.

The platform is a SaaS (Software as a Service) solution with minimal infrastructure impact:

• Browser Compatibility: Fully supports modern browsers including Chrome, Edge, Safari, and Firefox.
• Email Whitelisting: Requires the ability to whitelist specific IP addresses and domains in the organization’s email gateway (e.g., Mimecast, Proofpoint, or Microsoft Defender) to ensure phishing simulations are delivered.
• Internet Access: Standard high-speed internet for video streaming (vimeo/proprietary players).
• Mobile Readiness: Portals are responsive and accessible via iOS and Android mobile devices for on-the-go learning.
• No Local Installation: No agents or software need to be installed on local workstations.

To successfully deploy Stickley on Security, organizations should meet the following prerequisites:

• Stakeholder Buy-in: Leadership must view cybersecurity as a cultural priority rather than a checkbox exercise, as the platform works best when integrated into regular communication channels.
• Marketing/Communications Alignment: Since the platform provides branded content, the internal marketing or comms team should be involved to ensure the "Stickley" content aligns with brand voice and distribution schedules.
• Designated Administrator: While the platform is low-maintenance, a point person (typically in IT or Compliance) is needed to select monthly topics, review phish-test results, and manage user lists.
• Training Culture: A willingness to move away from "once-a-year" training toward a "continuous micro-learning" model is essential for maximizing the ROI of the service.

Implementation of Stickley on Security is typically rapid compared to enterprise ERP or CRM systems:

• Phase 1: Discovery & Branding (Week 1): Initial kickoff call to define goals, provide brand assets (logos/colors) for the portal, and identify key target audiences (employees vs. customers).
• Phase 2: Technical Setup & Whitelisting (Week 2): Configuring email servers to allow simulated phishing attacks and setting up SSO if applicable.
• Phase 3: Content Selection & Integration (Week 3): Choosing the initial "Stickley" videos and articles to be featured on the organization's website or intranet.
• Phase 4: Launch & Training (Week 4): Rolling out the first training module to employees and announcing the new security resources to customers.
• Go-Live: Full platform access is usually achieved within 30 days of contract signing.

Stickley on Security provides several layers of support to ensure client success:

• Dedicated Account Management: Enterprise clients are often assigned a success manager to help with content strategy and campaign planning.
• Technical Support: Help desk support is available via email and phone during standard business hours (typically Eastern Time).
• Resource Library: A comprehensive knowledge base including "How-to" guides for whitelisting, SSO configuration, and portal customization.
• Content Updates: Automatic delivery of new video and written content as part of the subscription, requiring no manual intervention from the client.
• Professional Services: Available for organizations that require custom video production or specialized on-site speaking engagements with Jim Stickley.

Stickley on Security is designed to be "plug-and-play" with standard corporate infrastructure:

• Web Integration: Provides easy-to-use scripts and widgets for embedding the "Stickley Security Center" directly into existing corporate websites or member portals.
• Email Systems: Compatible with Microsoft 365, Google Workspace, and on-premise Exchange for the delivery of newsletters and phishing simulations.
• Single Sign-On (SSO): Supports SAML 2.0 and other standard protocols to allow employees to access training modules without needing separate credentials.
• LMS Compatibility: Content can often be exported or accessed in formats compatible with standard Learning Management Systems (SCORM/AICC) depending on the tier.
• API Access: Limited API availability for reporting data to be pulled into centralized GRC (Governance, Risk, and Compliance) tools.

Stickley on Security is built to meet the high standards of the financial services industry:

• SOC 2 Compliance: The platform typically maintains SOC 2 Type II certification to ensure data privacy and operational security.
• Data Encryption: All data in transit is encrypted via TLS, and data at rest is protected using industry-standard AES-256 encryption.
• Privacy Controls: Minimal Personally Identifiable Information (PII) is required for the platform to function, usually limited to employee names and work email addresses.
• Audit Trails: Detailed logs are maintained for all administrative actions and user training completions.
• Regulatory Alignment: Content is specifically mapped to help organizations meet requirements for FFIEC, NCUA, GLBA, and GDPR awareness training.