Skip to main content
Free Kit · Lead Magnet #20

Run Your 30-Day Security Sprint — Free Tracker

The facilitated awareness program your team can complete in 5 minutes a day. Pre-sprint checklist, 4-week module calendar, daily activity cards, KPI scorecard, and compliance evidence templates — all in one 12-page kit.

82%
of breaches involve the human element (Verizon DBIR 2024)
14×
ROI on security awareness training investment (SANS 2023)
4 weeks
to measurable phishing click-rate improvement
Compliance evidence for: HIPAA §164.308(a)(5) SOC 2 CC1.4 NIST CSF PR.AT-1 ISO 27001 Annex A 6.3

What's Inside the 12-Page Kit

Everything you need to plan, run, and document a 30-day security awareness sprint — from pre-launch to post-sprint compliance evidence.

Page 3

Pre-Sprint Readiness Checklist

12 items to complete before Day 1: exec sponsor, kickoff email, delivery method, baseline phishing simulation, compliance mapping, and LMS setup.

Page 4

4-Week Module Calendar

Week-by-week grid: Phishing & Email Threats, Password Hygiene & MFA, Social Engineering & Vishing, Incident Reporting & Response.

Pages 5–8

Week-by-Week Activity Cards

Day-by-day activity cards for all 4 weeks: 5-minute daily tasks, facilitator talking points, real breach anchors (MGM, Change Healthcare, Caesars, IBM MTTD).

Page 9

Employee Completion Tracker

Printable table: employee name, department, per-week completion checkboxes, pre/post quiz scores, and overall pass/fail. Audit-ready format.

Page 10

Manager KPI Scorecard

6 KPI cards with RAG thresholds: module completion rate, phishing click-rate delta, quiz score improvement, MFA adoption, incident reports submitted, time-to-report.

Page 11

Compliance Evidence Templates

Crosswalk table mapping each sprint module to HIPAA §164.308(a)(5), SOC 2 CC1.4+CC2.2, NIST CSF PR.AT-1+PR.AT-2, and ISO 27001 Annex A 6.3 with evidence artifact types.

4-Week Sprint Modules

Each week targets one threat domain with daily 5-minute activities and a 30-minute Friday debrief. Total employee time commitment: ~55 minutes over 30 days.

Week 1

Phishing & Email Threats

SLAM method, live phishing simulation, simulation debrief, team quiz. Breach anchor: MGM Resorts ($100M+ vishing attack that started with a single LinkedIn search and a phone call to IT helpdesk).

Week 2

Password Hygiene & MFA

Password audit self-assessment, MFA enrollment drive, password manager demo, IT helpdesk hardening. Breach anchor: Change Healthcare ($22M ransom, no MFA on the compromised Citrix account).

Week 3

Social Engineering & Vishing

Vishing audio example, pretexting scenarios, role-play drill, call-back verification policy sign-off. Breach anchor: Caesars Entertainment ($15M vishing, 65M loyalty PII exposed).

Week 4

Incident Reporting & Response

What-to-report training, channel verification, tabletop exercise, notification timeline review, sprint wrap-up + post-assessment. Breach anchor: IBM 2024 — 194-day average breach detection time.

Download Your Free Sprint Tracker

Enter your details below and we'll send you the full 12-page facilitator kit instantly. No credit card. No commitment.

Check Your Inbox

Your 30-Day Security Sprint Tracker is on its way. It includes the 12-page PDF with the pre-sprint checklist, 4-week calendar, daily activity cards, completion tracker, KPI scorecard, and compliance evidence templates.

Related Free Tools

Pair your sprint with these tools for maximum impact.

Free Tool

Tabletop Exercise Facilitator Pack

6 scenarios (ransomware, BEC, insider threat, vendor compromise, vishing, data breach). Perfect for Week 4 Day 3 of your sprint.

Download Free →
Free Tool

Phishing IQ Quiz

15-question quiz (BEC, smishing, deepfake voice, OAuth consent grant). Use for pre- and post-sprint baseline measurement.

Take the Quiz →
Free Tool

Domain Security Scanner

Scan SPF, DMARC, DKIM, DNSSEC. Get a 0–100 score and fix steps. Use results as a Week 1 Day 4 debrief anchor.

Scan My Domain →
Free Tool

Incident Response Plan Template

12-page fillable IR Plan with roles matrix, severity classification, and regulator notification timelines — perfect complement to Week 4.

Download Free →

Your team is one phishing email away from a breach.

A single 60-minute training session can change that. Book today — sessions from $150.

Book a Session →

Personal · Executive · Business tiers · Satisfaction guaranteed