I was mainly doing the awareness training and awareness module of SecurityCoach. I have used it twice in two companies for a longer period of time. I was the lead to get the tool deployed in the organization and then worked on the security and awareness module of it.

With this module of SecurityCoach, we used to do our phishing campaign and training campaign. We had a proper training planner generated at the start of the year with quarterly phishing awareness planned. We rolled out those trainings through SecurityCoach around the organization, and once we identified people who were phished or clicked on the link, we trained them. The training was also rolled out through SecurityCoach. It's a video-based training with a proper library available that has substantial content and videos. We trained them through these video modules. We asked them to watch these modules, which ranged from two to five minutes - short video clips to make them aware that they had been phished, clicked on a link, and this was the message we wanted to deliver to our audience or employees.

It has reduced our number of people who have been phished. When we pushed trainings through SecurityCoach, we saw a good number of people who were not being phished or who were more aware. People particularly enjoyed the security games present in SecurityCoach library.

During our awareness month in my previous organization, we pushed these short games to our employees, and we received a good response. Overall, through SecurityCoach, it was a great fun and learning experience for the employees.

In both organizations where I used it, it introduced the concept of security awareness, demonstrating why security awareness is important and delivering the message to non-technical people as well. SecurityCoach is designed to teach from scratch. It made learning an easy and fun experience for everyone. It helped us reduce our phishing numbers and incidents as people became more aware of security incidents and their security responsibilities. We noticed fewer human errors and incidents triggered by humans.

It is easy to use, making it accessible for someone from a non-technical background to adapt to it easily. The UI interface is easy and flexible. The learning content SecurityCoach offers is extensive, with substantial content available. It also offers flexibility - if we don't want SecurityCoach videos published to our audience, we can have our own organization-generated videos pushed through SecurityCoach. The key features are the UI interface, extensive content library, and flexibility.

Regarding analytics and dashboard functionality, it was somewhat beneficial. It provides insight into campaign metrics, showing numbers of people who were phished, clicked on links, or avoided phishing attempts. However, it doesn't provide a complete picture of insights. When running campaigns, I had to download the data from SecurityCoach and present it manually in dashboards through Power BI or Excel sheets. The data analysis and reporting aspects could be improved to provide better insights.

We encountered an issue during a phishing campaign where there was downtime from SecurityCoach's end, which delayed our scheduled campaign. After contacting technical support, we learned about their status page where we could check scheduled downtimes, bug fixes, and patches. They helped us proceed with our phishing campaign once the solution was operational.

The modules tested were good, though they could add advanced features. The main area for improvement remains the dashboarding capabilities. Apart from that, there aren't significant areas requiring improvement.

I have been engaged with SecurityCoach for around 2.5 years. I used it in my previous organization and even before that, accumulating approximately two to 2.5 years of experience using SecurityCoach.

It was quite easy to set up with the SecurityCoach team collaborating with us. Setting up the environment, deploying the tool, and starting operations was seamless because the team was there to guide us. The process is very straightforward and accessible even for non-technical persons.

The integration capabilities are quite good as it has completely integrated into our organization. We configured the emails being pushed from SecurityCoach to our email mailbox, including training emails and phishing emails. SecurityCoach can easily be integrated into JumpCloud or any single sign-on mechanism running in the organization. Users can easily sign in to SecurityCoach just as they sign into other organizational apps.

The team is excellent. Their support department operates through a ticketing system, and whenever we faced an issue with the tool, we emailed them. They are quite responsive and try to resolve issues as quickly as possible. The team is really good and helpful.

Positive

I don't recall the exact numbers involved in licensing, but it was cost-effective and provided good return on investment. This is evidenced by the fact that it continues to be used in the organization even after my departure. If it wasn't providing the best investment, it would have been discontinued.

In both organizations, which had around 1,000 employees each, we had licenses for approximately 1,000 employees. One organization acquired them from their parent company and the other acquired from a local vendor.

I would recommend others to definitely go for it. If this is the first learning tool or security awareness tool being deployed in your organization, then SecurityCoach should be considered because it has great content, it is easy, and it is fun. On a scale of 1-10, I rate SecurityCoach a 9.