Human Firewall: Security Awareness Course Syllabus

4-Week Comprehensive Program

Modified

July 1, 2025

Course Syllabus: Human Firewall: Security Awareness

Course Information

Course Title: Human Firewall: Security Awareness
Duration: 4 Weeks
Level: All Levels (No technical prerequisites)
Next Start Date: August 15th, 2025
Format Options: Instructor-Led Online, Self-Paced, In-Person Workshops

Course Description

This comprehensive course focuses on building strong security awareness within organizations, recognizing that people are both the strongest and weakest links in the security chain. Through a blend of behavioral psychology, practical security knowledge, and program development techniques, participants will learn how to foster a security-conscious culture and implement effective awareness initiatives. The curriculum balances understanding human factors in security with practical skills for recognizing threats and building organizational resilience through people-centered approaches.

Prerequisites

  • No technical prerequisites
  • Suitable for all organizational roles and levels
  • Basic computer literacy
  • Interest in improving security posture through people-focused approaches
  • Computer with internet access

Learning Outcomes

By the end of this course, students will be able to:

  1. Explain how human behavior impacts security and identify common psychological factors
  2. Recognize and respond appropriately to social engineering attacks including phishing
  3. Implement strong personal security practices across devices and environments
  4. Design, implement, and measure effective security awareness programs
  5. Develop engaging security communications and training materials
  6. Foster a positive security culture within organizations
  7. Effectively involve employees in the incident response process
  8. Measure the impact and ROI of security awareness initiatives

Course Structure

Week 1: Security Awareness Fundamentals & Social Engineering Basics

Day 1-2: The Human Element in Security

  • The dual role of humans in security: vulnerability and strength
  • Psychology of security decisions:
    • Cognitive biases affecting security behavior
    • Risk perception and decision-making
    • Motivation and behavior change models
  • Current threat landscape focusing on human-targeted attacks
  • Building security awareness vs. building security culture

Day 3-5: Introduction to Social Engineering

  • Social engineering fundamentals and attack cycle
  • Psychological triggers used by attackers:
    • Authority
    • Scarcity/urgency
    • Social proof
    • Familiarity/liking
    • Reciprocity
    • Fear
  • Common social engineering attack vectors
  • Basic phishing awareness:
    • Identifying suspicious emails
    • Common red flags and indicators
    • Safe email practices
  • Practical exercises in phishing identification
  • Lab: Analysis of real-world social engineering examples

Week 2: Advanced Social Engineering Defense & Personal Security Practices

Day 1-2: Advanced Phishing and Social Engineering

  • Sophisticated phishing tactics:
    • Spear phishing
    • Whaling/executive targeting
    • Business email compromise (BEC)
    • Clone phishing
  • Other social engineering channels:
    • Vishing (voice phishing)
    • Smishing (SMS phishing)
    • Social media manipulation
    • QR code phishing
  • Practical defense strategies and exercises
  • Building effective reporting mechanisms
  • Lab: Interactive phishing simulation exercises

Day 3-5: Personal Security Best Practices

  • Password management principles:
    • Creating strong passwords
    • Password managers
    • Password policies that work
  • Multi-factor authentication:
    • Types and security levels
    • Implementation considerations
    • User experience factors
  • Safe browsing habits:
    • Recognizing malicious websites
    • Browser security settings
    • Safe download practices
  • Mobile device security:
    • App permissions and security
    • BYOD considerations
    • Mobile-specific threats
  • Remote work security:
    • Securing home networks
    • VPN usage
    • Public Wi-Fi dangers
  • Physical security awareness:
    • Tailgating prevention
    • Clean desk policies
    • Shoulder surfing defense
  • Lab: Security checkup of personal devices and accounts

Week 3: Security Awareness Program Development

Day 1-2: Program Foundations

  • Security awareness program frameworks and models
  • Program governance and stakeholder engagement
  • Conducting a needs assessment:
    • Identifying organizational risks and gaps
    • Compliance requirements
    • Baseline knowledge assessment
  • Audience analysis and segmentation
  • Setting goals and defining success metrics
  • Resource planning and budgeting
  • Lab: Creating a program charter and roadmap

Day 3-5: Content Development and Delivery

  • Learning principles for effective security training
  • Content development strategies:
    • Storytelling and scenario-based learning
    • Positive vs. fear-based messaging
    • Technical vs. non-technical audiences
    • Culture and language considerations
  • Delivery methods and their effectiveness:
    • In-person training
    • Computer-based training
    • Microlearning
    • Awareness campaigns
    • Newsletters and communications
  • Engaging reluctant or resistant learners
  • Gamification strategies for security awareness
  • Lab: Developing sample awareness materials

Week 4: Building Security Culture & Incident Response

Day 1-2: Fostering Security Culture

  • Security culture models and frameworks
  • Security champions programs:
    • Identification and recruitment
    • Training and empowerment
    • Ongoing engagement
  • Reinforcement techniques:
    • Recognition and rewards
    • Competitions and gamification
    • Regular touchpoints and communications
  • Measuring cultural change:
    • Surveys and assessments
    • Behavioral indicators
    • Reporting metrics
  • Executive engagement strategies
  • Case studies of successful security culture programs
  • Lab: Security culture assessment and planning

Day 3-5: Incident Response for Everyone & Program Measurement

  • Employee roles in the incident response lifecycle
  • Effective incident reporting mechanisms
  • Security incident identification for non-technical staff
  • Communication during security incidents
  • Post-incident learning and improvement
  • Tabletop exercise facilitation
  • Program effectiveness measurement:
    • Defining and tracking KPIs
    • Calculating awareness ROI
    • Demonstrating value to leadership
    • Continuous improvement processes
  • Capstone project presentations
  • Course review and next steps
  • Lab: Incident response tabletop exercise

Instructional Methods

  • Interactive lectures and discussions
  • Real-world case studies and examples
  • Hands-on security identification exercises
  • Simulated phishing and social engineering scenarios
  • Group projects and collaborative learning
  • Role-playing and simulation activities
  • Program development workshops
  • Awareness material creation exercises

Assessment and Grading

Assessment Components

  1. Security Scenario Assessments (25%)
    • Interactive exercises identifying security threats
    • Phishing identification tests
    • Social engineering response scenarios
  2. Security Awareness Program Plan (25%)
    • Development of a comprehensive awareness program
    • Audience analysis and strategy document
    • Implementation roadmap and metrics plan
  3. Training Content Development (20%)
    • Creation of awareness materials
    • Security communications samples
    • Engagement strategy
  4. Capstone Project (25%)
    • Comprehensive security awareness initiative design
    • Presentation and defense
    • Implementation considerations
  5. Participation and Engagement (5%)
    • Contribution to discussions
    • Peer collaboration
    • Exercise participation

Grading Scale

  • A: 90-100%
  • B: 80-89%
  • C: 70-79%
  • D: 60-69%
  • F: Below 60%

Required Materials

  • Personal computer with internet access
  • Access to the course learning management system
  • Program planning templates (provided)
  • Sample awareness materials (provided)
  • Recommended readings (provided throughout the course)

Course Policies

Attendance and Participation

  • Instructor-led format: Attendance at live sessions is strongly encouraged
  • Self-paced format: Regular progress through course materials is expected
  • Active participation in exercises and discussions is essential for skill development

Exercise Participation

  • Simulated phishing and social engineering exercises are conducted in a safe learning environment
  • All exercises are designed for educational purposes only
  • Participation in practical exercises is strongly encouraged for skill development

Academic Integrity

  • All work must be original or properly attributed
  • Collaboration is encouraged, but individual assignments must reflect individual work
  • Students are expected to respect confidentiality of organizational examples shared by peers

Support and Resources

  • Instructor office hours (schedule provided at course start)
  • Discussion forum for peer assistance
  • Curated list of external resources and readings
  • Templates and tools for security awareness program development

Accessibility

We are committed to providing an inclusive learning environment. Students with disabilities or special needs are encouraged to contact the instructor at the beginning of the course to discuss accommodations.

Course Schedule

A detailed week-by-week schedule with specific topics, readings, exercises, and assignment due dates will be provided at the start of the course.

This syllabus is subject to change at the instructor’s discretion. All changes will be communicated to students in advance.