A just-in-time microlearning program that cut simulated phishing click rates by 52% in three months.
Instructional Designer
3 months
~2,000 office employees
Microlearning + simulations
The annual hour-long security course was something employees clicked through and forgot. Phishing simulations still showed a 25% click rate, and security was treated as a once-a-year checkbox rather than a daily habit. The goal: change behavior, not just complete training.
I replaced the once-a-year course with short, well-timed lessons built around real behavior:
One focused tactic per lesson — spoofed senders, urgent-payment scams, fake login pages — each ending with a quick spot-the-phish check.
Anyone who clicked a simulated phish landed on a calm, blame-free 30-second explainer showing the exact cues they missed — feedback at the moment it matters most.
A one-click "Report phish" button plus light recognition made reporting easy and visible, turning employees into an active line of defense.
52%
Lower simulated click rate
3x
More phishing reports
94%
Lesson completion