Security Awareness & Training

Kevin Mitnick Security Awareness Training

Old school Security Awareness Training doesn’t hack it anymore. Today, your employees are frequently exposed to sophisticated phishing and ransomware attacks.



Baseline Testing
We provide baseline testing to assess the Phish-prone percentage of your users through a free simulated phishing attack.


Train Your Users
The world’s largest library of security awareness training content; including interactive modules, videos, games, posters and newsletters. Automated training campaigns with scheduled reminder emails.


Phish Your Users
Best-in-class, fully automated simulated phishing attacks, thousands of templates with unlimited usage, and community phishing templates.

See The Results
Enterprise-strength reporting, showing stats and graphs for both security awareness training and phishing, ready for management.



Unlimited Use

We offer three Training Access Levels: I, II, and III, giving you access to our content library of 1000+ items based on your subscription level. Unlimited access to all phishing features.


Smart Groups

With the powerful new Smart Groups feature, you can use each employees’ behavior and user attributes to tailor phishing campaigns, training assignments, remedial learning, and reporting.


Custom Phishing & Landing Pages

Apart from the existing templates, you can customize scenarios based on personal information, creating targeted spear phishing campaigns. Each Phishing Template can also have its own Custom Landing Page, which allows for point-of-failure education and specifically phish for sensitive information.


Simulated Attachments

Your customized Phishing Templates can also include simulated attachments in the following formats: Word, Excel, PowerPoint and PDF, (also zipped versions of these files).


Advanced Reporting

You’ll see reporting for training and phishing campaigns as well as a general overview of your last 5 campaigns. With 60+ built-in reports, you get insights that provide a holistic view of your entire organization with instant detailed reporting on key awareness training indicators.


Risk Scoring

The new innovative Virtual Risk Officer functionality helps you monitor where you stand over time showing you the Risk Score by employee, group, and your whole organization.

Your Complete Security Awareness Training Program

More than ever, your users are the weak link in your network security. They need to be trained by an expert like Kevin Mitnick, and after the training stay on their toes, keeping security top of mind.

KnowBe4 is the world’s largest integrated Security Awareness Training and Simulated Phishing platform with over 40,000+ customers. Based on Kevin’s 30+ year unique first-hand hacking experience, you now have a platform to better manage the urgent IT security problems of social engineering, spear phishing and ransomware attacks.

With world-class, user-friendly new-school Security Awareness Training, KnowBe4 gives you self-service enrollment, and both pre-and post-training phishing security tests that show you the percentage of end-users that are Phish-prone. KnowBe4’s highly effective, frequent, random Phishing Security Tests provide several remedial options in case an employee falls for a simulated phishing attack.

Gauge the security awareness proficiency of your users and measure your organization’s overall security culture posture with KnowBe4 Assessments. These two science-based assessments help you tailor training to address proficiency gaps and weaknesses, as well as monitor the impact your security awareness training program has on improving your users’ knowledge and sentiment to security awareness over time.

With both the Security Awareness Proficiency Assessment (SAPA) and Security Culture Survey (SCS) Benchmarking features, you can compare your organization’s security awareness proficiency scores with other companies in your industry. Get a firsthand look at how your organization stacks up across the seven security knowledge areas and seven dimensions of security culture from your baseline assessment and survey as well as monitor your organization’s ongoing improvement.

With the revamped end-user security awareness training interface, your users get a fresh new learner experience that makes learning fun and engaging. KnowBe4’s localized training interface is available in multiple languages, giving your users the option to choose the language they’re most comfortable with for an immersive training experience. With the optional customization features to enable gamification, your users can compete against their peers on leaderboards and earn badges while learning how to keep your organization safe from cyber attacks.

Want to supplement your KnowBe4 security awareness training content with your organization’s custom training or other corporate training content? Now you can! Upload your own SCORM-compliant training and video content and manage it alongside your KnowBe4 ModStore training content all in one place. You just got your very own mini-Learning Management System!

With the new Virtual Risk Officer and Advanced Reporting features, you can start to identify risk at the user, group, and organizational level that helps you make data-driven decisions when it comes to your security awareness plan. You see next-level-reporting for simulated phishing and security awareness training campaigns that help you measure the effectiveness of your security awareness training program.

Many IT pros don’t exactly know where to start when it comes to creating a security awareness program that will work for their organization. We’ve taken away all the guesswork with our Automated Security Awareness Program (ASAP). ASAP allows you to create a customized program for your organization that helps you implement all the steps to create a complete security awareness training program in just a few minutes!

Training Access Levels

KnowBe4 gives you the world’s largest library with 1000+ items of security awareness training content; including interactive modules, videos, games, posters and newsletters.We offer three Training Access Levels: I, II, and III, giving you access to our “always-fresh” content library based on your subscription level. You will get web-based, on-demand, engaging training that addresses the needs of any organization whether you have 50, 500 or 5,000 users.

Kevin Mitnick Security Awareness Training specializes in making sure employees understand the mechanisms of spam, phishing, spear phishing, malware and social engineering; and are able to apply this knowledge in their day-to-day job.

Trainees get unique job-aids: Social Engineering Red Flags™ with 22 things to watch out for in email, and 20 ways to block Mobile Attacks (PDF).  The Training Campaigns do the heavy lifting of getting your users through their training.

Our 5,- 15-, 25- and 45-minute basic training modules specialize in making sure employees understand the mechanisms of spam, phishing, spear phishing, malware, ransomware and social engineering, and are able to apply this knowledge in their day-to-day job. For your compliance training needs, the Compliance Plus training library is also available as an optional add-on to any Training Access Level.

You get high quality web-based interactive security awareness training combined with common traps, live demonstration videos, short comprehension tests and scenario-based Danger Zone exercises with a variety of translated content available in over 30 languages.


You can schedule regular Phishing Security Tests (PST for short) from our large library of more than 10,000 “known-to-work” templates, choose from the community templates section, which were created by admins for admins to share with their peers. You can also create your own custom phishing templates. There are many more features!


The Industry Benchmarking feature lets you compare your organization’s Phish-prone percentage™ with other companies in your industry. See where you stack up! Monitor your employee phish-prone percentages over time and watch how performance from your initial baseline phishing test, after 90 days, and 1 year compares. With regular phishing security tests and security awareness training campaigns, you’ll see how your Human Firewall improves over time helping to reduce risk and improve your IT security defense. You’ll have real-time stats that helps you keep a pulse on how your security awareness program and employees stack up against other companies in your industry. Great intel to share with your management team!

Our Phishing Reply Tracking allows you to track if a user replies to a simulated phishing email and can capture the information sent in the reply. You can also track links clicked by users as well as test and track if users are opening Office attachments and then enabling macros.

In case an employee falls for one of these simulated phishing attacks, you have several options for correction, including instant remedial online training. You can schedule one-shot, weekly, bi-weekly or monthly simulated phishing attacks and immediately see which employees fall for these social engineering attacks. Here is some visible proof the training works over a 12-month period.

In addition, KnowBe4’s no-charge  Phish Alert Button reinforces your organization’s security culture, users can report suspicious emails with one click.

  • When the user clicks the Phish Alert button on a simulated phishing email it’s reported in the Admin Console.
  • Incident Response gets early phishing alerts from users, creating a network of “sensors”.
  • Your employee gets instant feedback, which reinforces their training
  • Now also supports Outlook Mobile!

Advanced Phishing Features

PhishER™ is your lightweight Security Orchestration, Automation and Response (SOAR) platform to orchestrate your threat response and manage the high volume of potentially malicious messages reported by your users. Emails can be reported through the KnowBe4 Phish Alert Button or simply by forwarding to a mailbox. With automatic prioritization for emails, PhishER helps your InfoSec and Security Operations team cut through the inbox noise and respond to the most dangerous threats more quickly. Available as an optional add-on across all subscription levels. 


Phishing Reply Tracking™ allows you to track if a user replies to a simulated phishing email and can capture the information sent in the reply. This feature works hand-in-hand with the simulated CEO Fraud attacks you can launch to inoculate high-risk employees.

Social Engineering Indicators™ (SEI) patented technology, turns every simulated phishing email into a tool IT can use to instantly train employees. When a user clicks on any of the 8,000+ KnowBe4 simulated phishing emails, they are routed to a landing page that includes a dynamic copy of that phishing email showing all the red flags. You can also customize any simulated phishing email and create your own red flags. Users can then immediately see the potential pitfalls and learn to spot the indicators they missed in the future.

USB Drive Test™ allows you to test your user’s reactions to unknown USBs, on average 45% of users will plug in USBs they find! You can download a special, “beaconized” Microsoft Office file from your KnowBe4 admin console onto any USB drive which you can drop at an on-site high traffic area. If an employee picks up the USB drive, plugs it in their workstation, and opens the file, it will “call home” and report the fail. Should a user also enable the macros in the file, then additional data is also tracked and made available in the admin console.

GEO-location lets you see where your simulated phishing attack failures are on a map, with drilldown capability and CSV-export options.

Vishing Security Tests using IVR attacks over phone (Gold level on up). Supports US and International, both pre-recorded messages and text-to-speech campaigns using system templates or admin-customized templates. 

User Management and Reporting


Smart Groups
Automate the path your employees take to smarter security decisions. With the powerful new Smart Groups feature, you can use each employees’ behavior and user attributes to tailor phishing campaigns, training assignments, remedial learning and reporting.

You can now create “set-it-and-forget-it” simulated phishing and security awareness training campaigns so you can instantly respond to any phishing clicks with remedial training or have new employees automatically notified of onboarding training, and much more. The “Incremental Phishing with Smart Groups” video has been published in the Help Center. Here is the link.

Easy User Management
As the Security Awareness Training project leader, KnowBe4’s Active Directory Integration allows you to easily upload user data and saves you time by eliminating the need to manually manage user changes. Once the ADI is configured, users will be added, changed and archived in sync with changes made within AD automatically. You can also upload users with CSV files.

Security Roles allows you to assign granular access control for users and groups within the KnowBe4 console. Create custom permissions for the exact roles needed by your organization. Easily allow groups like HR teams to access reporting only to review individual user results or employees with creative control to create phishing templates and landing pages.

Enterprise-strength Reporting
You also get enterprise-strength reporting with the Virtual Risk Officer and Advanced Reporting features that gives you actionable metrics on your security awareness program. Executives get the insight they need to maximize security awareness training ROI and track security compliance. The Admin Console provides instant graphs of training effectiveness. You can also leverage KnowBe4’s Reporting APIs for custom reports and dashboards that integrate with other business systems to showcase your security awareness program statistics. If you manage multiple KnowBe4 accounts, Roll-up Reporting makes it easy to select reports and compare results in aggregate across accounts or multi-location offices.