How is this different from buying a KnowBe4 license ourselves?

A platform license without managed delivery becomes a once-a-year compliance video. Anneal Tech runs the program: behavior baseline, campaign calendar, simulation design, training enrollment, escalations on repeat offenders, and executive reporting. The platform is the tool; the program is what creates the cultural change.

Which platforms does Anneal Tech support?

Anneal Tech is platform-neutral and works with the leading security awareness platforms in the market, including KnowBe4, Proofpoint, and Hoxhunt. Platform recommendation is based on the customer culture, risk profile, and existing investments, not vendor allegiance.

How long does it take to see measurable results?

Click rate improvement is typically visible within 60 to 90 days of an active program. Sustained cultural change takes longer, usually six to twelve months of consistent campaigns, escalation discipline, and visible executive support.

How does Anneal Tech handle repeat offenders?

Repeat offenders trigger escalating enrollment in targeted training, manager notification, and (where customer policy supports it) increased monitoring. Anneal Tech provides the data and the playbook; HR and IT leadership make the final policy decisions.

Does the program cover compliance training requirements?

Yes. The platforms Anneal Tech works with include LMS modules covering common compliance frameworks. Compliance is treated as a baseline outcome of running a real awareness program, not the primary framing of the engagement.

What does executive reporting look like?

Monthly leadership summary with risk score trend, click rate trend, top risk groups, and recommended next campaigns. Quarterly executive briefing covers cultural movement, repeat-offender patterns, and program adjustments. The reporting is designed for executives who do not want to read a 40-page security report.

Is this the same as Anneal Tech End User Training?

No, those are separate services. Security Awareness Training is focused on cyber risk and human behavior change. End User Training is technology and productivity training (Microsoft 365, collaboration tools, workflow adoption). Many customers use both.

Security Awareness Training

Name: Security Awareness Training
Brand: Anneal Tech

Anneal Tech's Security Awareness Training service turns users into the strongest layer of your defense through behavioral training and simulated phishing campaigns. The service operates as a managed program rather than a once a year compliance video, delivering monthly phishing simulations, role specific micro training, behavioral analytics, and executive dashboards designed to drive measurable improvement in user behavior over time. The program runs on KnowBe4 KSAT, Proofpoint PSAT, or Hoxhunt, deployed and operated by Anneal Tech as part of the service.

Why behavioral training matters

94 percent of successful cyberattacks begin with human error: clicks, attachments, and poor judgment. The only scalable solution is behavioral change. Most security awareness training is delivered as a once a year compliance checkbox. Users click through a video, take a quiz, and forget the content by the next morning. The result is a measurable gap between policy and behavior: users still click suspicious links, still hand over credentials to convincing impersonation, and still fall for the social engineering attacks that drive most ransomware incidents.

Behavioral training works differently. Short, frequent, role relevant exposure changes habits over time. Simulated phishing measures real behavior rather than self reported knowledge. Targeted remediation focuses effort where it matters most. Leadership engagement keeps the program credible. The result is measurable improvement in click rates, reporting rates, and the kind of incident outcomes that show up on cyber insurance claims data.

What is included

Phishing simulation - monthly campaigns calibrated to your industry threat profile and culture.
Role based training - micro training content matched to job function and risk exposure.
Behavioral analytics - measurement of click rates, reporting rates, and remediation outcomes.
Leadership engagement - executive briefings and visibility tools that keep the program credible.
Industry compliance content - training mapped to HIPAA, SOX, GDPR, CCPA, and other applicable frameworks.
Managed program management - campaign calendar, content selection, and remediation routing owned by Anneal Tech.
Phishing campaign calendar design - varied scenarios timed to keep the program effective without becoming predictable.
Micro training copywriting and LMS setup - content tailored to your environment.
Departmental culture analysis - understanding of how different teams respond to phishing simulations.
CISO dashboard reporting - board ready visibility on behavioral metrics.
Automated rule creation and SCIM provisioning - integration with your identity platform.

Platforms we support

KnowBe4 KSAT - the world's largest security awareness training platform with comprehensive phishing simulation and a deep content library.
Proofpoint PSAT - enterprise grade threat intelligence platform with targeted attack simulations grounded in real threat data.
Hoxhunt - next generation gamified security awareness solution with adaptive AI based training tailored to individual user behavior.

How the program runs

Baseline assessment establishes current behavior with an unannounced phishing campaign that measures click rate and reporting rate before any training. Platform selection chooses the platform that fits your culture, industry, and budget. Monthly campaigns run on a varied calendar with realistic scenarios calibrated to your threat profile. Behavioral analytics track click rates, reporting rates, time to report, and remediation outcomes. Targeted remediation routes repeat clickers into additional training. Quarterly business reviews translate behavioral data into strategy conversations with leadership and confirm program direction.

What you receive

Baseline assessment - initial click rate and reporting rate measurement.
Custom content library - role specific training mapped to your industry.
Monthly simulations - varied phishing campaigns calibrated to current threats.
Targeted remediation - additional training routed to repeat clickers.
Executive dashboards - board ready reporting on behavioral metrics and trend.
Quarterly business review - facilitated leadership conversation covering program health and roadmap.
Compliance evidence - logged training completion suitable for audit and insurance.

Who security awareness training is for

Organizations required to demonstrate security awareness training for cyber insurance underwriting. Regulated industries with HIPAA, SOX, GDPR, or CCPA training requirements. Businesses that have experienced a phishing incident and want to harden behavior across the user base. Organizations that have a training platform but no one running the program. Leadership teams committed to behavior change as part of the security program.

Frequently asked questions

Do you use real company emails or generic phishing templates?

We customize email templates to your industry and company context. Most campaigns appear to come from internal senders or trusted vendors.

What happens if users fail a phishing test?

Failed users receive immediate, targeted training modules aligned to the attack vector they fell for. No shame; just targeted learning.

Can we exclude certain users from phishing simulations?

Yes. Executives, board members, and sensitive roles can be opted out. We do recommend everyone participates for equal awareness.

How often should we run phishing campaigns?

Monthly is standard. Some organizations run weekly for the first few months to build habit, then taper to monthly or quarterly.

Does this integrate with our LMS or HRIS?

Yes. We can push training to your existing learning platform or pull user rosters from your identity provider or HRIS.

What industries do you specialize in?

We have pre-built content libraries for legal, healthcare, finance, accounting, tax, and bookkeeping firms. Custom content is available for others.

Is this GDPR or CCPA compliant?

Yes. All user data is encrypted at rest and in transit. We comply with GDPR, CCPA, and industry-specific data handling rules.

What if a user repeatedly fails simulations?

We flag at-risk users in executive dashboards. You can assign additional coaching or consider it a signal for team or role reassessment.

Engagement model and program integration

Security Awareness Training is delivered on a per user, per month subscription with no per simulation fees and no per course charges. Onboarding sets up your tenant, integrates with Microsoft 365 or Google Workspace identity, deploys the Phish Alert button to mailboxes, and establishes a baseline phishing simulation against your team. From there the program runs on a monthly cadence: one simulation per user per month, one micro learning module per user per month, and a quarterly report showing click rate and report rate trends over time.

The program is operated, not just licensed. Anneal Tech engineers configure the simulation templates, schedule the campaigns, route Phish Alert reports to the SOC for triage, and handle the just in time training that follows a failed simulation. The work that normally falls on an internal security champion is owned by us, which is the difference between a training platform that gets switched on and a training program that actually changes behavior. Quarterly reviews translate the metrics into a roadmap for the next quarter of campaigns.

Security Awareness Training is included at no additional cost in Security Core Complete and in Solution Packages tiers that include cybersecurity. For organizations that do not need managed cybersecurity, the standalone program still produces the compliance evidence required by SOC 2, HIPAA, FTC Safeguards, and most cyber insurance carriers. The reports are accepted at underwriting and audit time without translation.

Why Anneal Tech

Anneal Tech operates Security Core and Incident Response in production for organizations across regulated industries. The training program is grounded in the threats your environment actually faces rather than generic content, and the same team running detection and response informs the campaign calendar.

Contact Anneal Tech or book a security awareness training scoping call. Call 512-593-8001.