Cybersecurity Training 🔐

Applying Learning Science to Mitigate Enterprise Risk

Compliance training is often viewed as a "check-the-box" activity. At Dataiku, existing training had high completion rates but zero correlation with reduced phishing clicks or improved reporting. I was tasked with moving the needle from passive awareness to active behavioral defense.

Cybersecurity Training Design

Research & Learning Science Approach

Instead of starting with content, I conducted a front-end analysis and thorough research on "security fatigue" and "social engineering."

The findings: Learners understood the rules but failed in the moment of stress.
The strategy: I reframed the solution around Cognitive Load Theory—reducing academic jargon and replacing it with high-stakes, rapid-decision-making simulations.
Stakeholder alignment: Partnered with IT and Trust & Safety to map training scenarios directly to real-world "high-risk" logs from the previous fiscal year.

Narrative Design: The "Impostor" Framework

To drive engagement, I leveraged gamification and narrative learning using an Among Us inspired theme.

The hook: A custom-animated video (After Effects) that established an emotional "need to know."
Why it works: By casting the learner as a "guardian" identifying "impostors," I utilized identity-based learning to increase personal accountability for data security.

The Solution: High-Fidelity Simulation

I developed a multi-modal experience using Articulate Storyline and the Adobe Creative Suite.

Dynamic simulations: I built 10 randomized scenarios where learners had to make real-time "keep or report" decisions. Instead of just a "wrong" screen, I used real-time feedback loops to explain the 'why' behind malicious links, essentially coaching the learner through the decision-making process as it happened.
Multimedia integration: Original graphics and animations ensured a cohesive cognitive environment, preventing the "distraction effect" common in stock-heavy corporate training.

Validation & User Experience

To ensure the "Among Us" mechanics translated into clear learning, I facilitated "think-aloud" protocols with an employee pilot group. Observing these real-time interactions allowed me to refine the interface and ensure that the narrative elements supported—rather than distracted from—the core instructional goals.

I developed a comprehensive framework to track success across three distinct metrics:

User sentiment: Shifted learner satisfaction from 40% to 92% by replacing standard compliance modules with an immersive, narrative-driven experience.
Skill acquisition: Drove a 54% improvement in threat detection accuracy during post-simulation assessments.
Behavioral change: Yielded a 15% increase in real-world phishing reports within 30 days of launch, as verified by IT threat telemetry.

Sustainability & Reinforcement

To combat the "forgetting curve," I integrated Mantra to send periodic, low-stakes phishing simulations to certified employees. This provided spaced repetition in the flow of work. I also established a biannual audit cycle, cross-referencing new IT threat logs to push rapid content updates, ensuring the simulation evolved alongside emerging security risks.