Training & Awareness — Flagship Service

Security Awareness Training — Workshops

Live workshops on phishing, social engineering, password hygiene, and safe data handling — demonstrated by the same team that runs the pen tests. Measurable behaviour change, not another annual slideshow.

AED 8,000 – 25,000 CEH · OSCP · GRC Mastery 90 min – 1 day formats
Book a 30-min Scoping Call →
Book a 30-min Scoping Call →
Jump to FAQ

What it is

A live, demonstration-driven security awareness workshop series — delivered in-person, virtual, or hybrid. We cover the attack techniques your employees actually face: phishing, vishing, smishing, credential harvesting, business-email compromise, physical social engineering, and data-handling mistakes.

What makes it stick is the live demos. Your employees watch a pen-tester spoof a Wi-Fi network, walk through a phishing kit, and demonstrate how a convincing pretext call unfolds. They leave with an intuition — not a compliance certificate.

Pair with our Phishing Simulation service to measure real behaviour change across 30 / 60 / 90-day windows. Workshop + sim together is the model most clients choose.

What this is not

Not a click-through e-learning module. Live workshops with real demos.
Not a 3-hour generic slideshow. Role-specific, attack-focused, tightly timed.
Not delivered by career trainers. Pen-testers deliver the training, because they can demonstrate what they're warning against.
Not a compliance checkbox. It satisfies ISO 27001 / NESA / PDPL training requirements — but that's a side effect, not the goal.

Who this is for

1
You had a phishing incident or near-miss and need to show the board you've responded.
2
You're preparing for ISO 27001 / NESA / PDPL audit and need evidence of security awareness training.
3
Your annual training click rates on phishing sims haven't moved despite years of e-learning.
4
You're onboarding a new cohort (growing team, M&A, new office) and want them calibrated early.
5
Your finance or executive teams are high-value targets and generic training isn't cutting it.

What you get

  • Tailored workshop design — content calibrated to your sector, risk profile, and team roles.
  • Live delivery — classroom, virtual, or hybrid. 90 minutes standard; 45-min exec briefing and 1-day intensive available.
  • Live demonstrations — Wi-Fi spoofing, phishing kit walkthrough, credential harvesting, pretext call flow (all in controlled scenarios).
  • Role-tiered content — executives, finance, developers, general employees each get targeted modules.
  • Attendance records and session summary — useful as compliance evidence.
  • Reinforcement assets — printable quick-reference card, 6 pre-built phishing-sim scenarios for the 90 days post-workshop, manager conversation guide.
  • Q&A themes report — what your team asked, what they misunderstood, and what to prioritise in future training.

How we deliver

01
Scoping & tailoring
1 week before delivery
60-minute call to understand your risk profile, recent incidents, team composition, and goals. Content tailored accordingly.
02
Optional: baseline phishing sim
Week prior (add-on)
Run a pre-workshop phishing simulation to capture baseline click rate. Referenced live during the session.
03
Workshop delivery
90 min – 1 day
Live session with demos, discussion, and role-specific content. In-person, virtual, or hybrid.
04
Summary & assets handover
Within 3 days post-workshop
Attendance records, Q&A themes, reinforcement assets, and a short exec summary delivered.
05
Optional: follow-up sims
30 / 60 / 90 days
Phishing sim waves to measure behaviour change. Before/after click-rate report for the board.

Pricing

Published range

AED 8k – 25k

Per program. Single-session 90-min workshop starts at AED 8k; multi-wave role-tiered program for large populations up to AED 25k.

What drives the price:

  • Number of sessions / waves
  • Population size
  • Role tiering (general vs. exec + finance + dev)
  • In-person vs. virtual (travel)
  • Add-on: phishing simulation bundle

Commercial terms

  • Deposit: 50% at signing (smaller engagement)
  • Net terms: Net-30
  • Quote validity: 30 days
  • Delivery lead time: 2 – 3 weeks typical
  • Annual repeat: 15% returning-client discount

Your cert-backed team

Lead Trainer & Pen-Tester

Nelson Durairaj

OSCP · eJPT · CEH · BlackHat Linux · HTB Omniscient

Focus: Live attack demonstrations (Wi-Fi spoof, phishing kit, credential harvest), real-incident case studies, technical Q&A.

Supervising Practitioner

Manoj Prabhakaran

CPTS · CDSA · ISO 27001 Lead Auditor · GRC Mastery

Focus: Executive briefings, compliance-context framing (ISO 27001 / NESA / PDPL), manager-level discussions.

Frequently asked questions

Is this classroom or virtual?

Both. We deliver in-person classroom sessions at your UAE office, remote live virtual sessions via your preferred platform (Teams, Zoom, Webex), or hybrid. Most clients run a mix — live in-person for executive and high-risk teams, virtual live for larger population waves.

What language do you deliver in?

English today. Arabic-language delivery is on the 2027 roadmap with a named Arabic-speaking trainer; until then we can provide Arabic-translated slide decks for offline reinforcement.

How long is a workshop?

Standard format is 90 minutes per session. Executive briefings compress to 45 minutes. Full-day intensive available for security champions or IT teams (6 hours with breaks).

How is this different from an e-learning platform?

E-learning is click-through at scale and mostly forgotten within a week. Our workshops are live, demonstration-driven, and role-specific. Attendees remember the Wi-Fi spoof we ran in front of them — they don't remember slide 47 of a Learn-Management module. We're launching our own E-learning platform in 2027 to complement the workshops.

Do you combine this with phishing simulation?

Yes — that's the recommended model. Run a baseline phishing sim before training, deliver the workshop, run follow-up sims at 30 / 60 / 90 days. You get measurable click-rate change, not a feeling.

Who attends?

The workshop is designed for general staff but can be tailored. We often run 3 – 4 tiers: general employees, finance team (wire fraud focus), developers (secure coding awareness), and executives (whaling, board-level cyber).

Can you handle large populations?

Yes. We run wave-based delivery for organisations of 200 – 2,000+ staff. Each wave is 20 – 40 attendees for interaction quality. For 500+ populations a blended model (workshops + company-wide video + phishing sim) gives better coverage.

What do I get after the workshop?

A summary report of topics covered, attendance records (for compliance evidence), Q&A themes that surfaced, and a set of reinforcement assets: printable quick-reference card, 6 short phishing sim scenarios for the 90 days that follow, and manager conversation guide.

You might also need

Phishing Simulation

The measurement layer for awareness training. Before/after sims produce real behaviour-change data.

Contact to scope

Tabletop Incident Response Exercise

Test your team's response plan against a simulated incident — the best complement to awareness training.

Contact to scope

ISO 27001 Implementation

ISO 27001 requires documented awareness training — this satisfies it.

Read full details

Network Penetration Testing

Pair technical testing with human-layer testing for full picture of risk.

Read full details

Tired of annual training that doesn't change click rates?

Book a 30-minute scoping call. We can typically schedule workshops within 2 – 3 weeks. Written quote within 48 hours.

Book a Scoping Call →
Book a Scoping Call →