Information Security.
A complete redesign of Places for People's information security training, built on the principle that training effectiveness comes from authenticity, not abstraction. The new pathway used real phishing emails, live vishing scenarios, and peer testimony to shift learner behaviour and embed compliance as a lived practice rather than a compliance checkbox.
coverage &
real scenarios
The Challenge.
The existing information security training was haemorrhaging learners before completion. The interface was clunky, but the root problem ran deeper: the training felt removed from actual risk. Employees were learning about security in the abstract when what they needed was to experience it as real. The challenge was to rebuild the entire pathway around authenticity, ensuring compliance training felt consequential without becoming punitive.
Completion Collapse
The original course suffered from poor learner engagement and high dropout rates. The navigation interface was part of the problem, but the bigger issue was learner motivation. If security training felt disconnected from real threats, why would people prioritise it?
Behaviour, Not Just Knowledge
Compliance training often stops at knowledge transmission: "learners will know how to spot phishing." The actual challenge was behaviour change: getting people to act differently when faced with real threats in their inbox or on the phone.
Methodology.
The redesign pivoted on a single insight: authenticity drives engagement and behaviour change. Every element of the pathway was built to feel grounded in real threat scenarios, real consequences, and real human experience. This demanded a complete rebuild of structure, interaction design, and assessment logic.
- Step 01
Threat-Led Design
Mapped actual security threats that Places for People employees faced daily, then built learning modules directly around those scenarios rather than generic security principles.
- Step 02
Real Asset Integration
Sourced an actual phishing email from Places for People's own security systems, recorded a genuine vishing call scenario, and conducted an internal interview with a phishing victim to anchor learning in lived experience.
- Step 03
Gamification Architecture
Designed a points, badges, and leaderboard system that made progress visible and created low-stakes competition, keeping learners motivated across the full pathway.
- Step 04
Multimodal-First Design
Built accessibility into the interaction design from day one, not as a post-launch addition. Every audio element was transcribed, every visual concept had text equivalent, ensuring full inclusivity by design.
- Step 05
Microlearning Sequencing
Structured modules to stay under 15 minutes each, breaking complex security concepts into digestible chunks that respect learner time and attention.
- Step 06
Rigorous Testing & Deployment
Ran extensive User Acceptance Testing before launch to verify branching logic, gamification tracking, and SCORM compliance. The course deployed to Places for People's LMS with confidence in every interaction.
The Approach.
The pathway breaks into six distinct modules, each designed to shift learner confidence and behaviour incrementally. The gamified journey sets the tone; the phishing and vishing simulations provide visceral learning moments; the microlearning keeps pace alive; and the human interview at the end reframes security as something that matters to real colleagues.
- Gamified Progression
Points, badges, and a leaderboard make the learning journey feel consequential from the first screen. Progress is visible and celebrated, shifting security training from obligation to engagement.
- Immersive Threat Scenarios
Real phishing emails and vishing calls embedded directly into the course remove the abstraction. Learners must identify, analyse, and respond to actual threats, building muscle memory for real incidents.
- Humanised Stakes
The course closes with a real interview from a colleague who experienced phishing firsthand. This pivots the narrative from "follow the rules" to "this matters because it happened to someone you know."
- Accessible by Default
Full transcription of all audio, clean navigation, and multimodal design ensure the course is usable for all learners from day one. Accessibility is not a feature; it is foundational.
The Impact.
The redesigned pathway delivered measurable shifts in both learner behaviour and compliance outcomes. Completion rates rose, learners finished faster, and satisfaction scores reached 4.6 stars. Most importantly, security incident reporting increased by 16%, signalling that the training had achieved its true goal: employees were more alert to threats and more willing to flag them.