Helping organizations build a culture of security through awareness, training and strategy development


In today’s cyber security meetings,  more Human Resources professionals are being called upon to address the issues of insider threat.  There are a number of issues that can turn employees into risks to the organization—a change in the business climate resulting in job losses and disgruntled employees. 

As part of the building of a security culture and strategy, an organization must consider and develop internal mechanisms to monitor and mitigate the threats that lie within an organization.  This is a marriage of technology and human understanding



In order to create and sustain increased security posture within an organization, it is the responsibility of leadership to communicate and continually reinforce the importance of security to employees, customers and partners. Security Culture is a top down responsibility that if done effectively will significantly reduce the risks an organization face both within and outside of the organization. 

  • Explaining to customers the importance of identity verification and how this may impact the average handle time regardless of the channel—phone, in person, chat, email

  • Common courtesy (ie. Holding the door open for a “perceived” employee)

  • Increased security protocols for suppliers---risks through the supply channel are on the rise!


The Security Culture Institute was founded with the mission to improve the readiness of modern enterprises by changing the organization culture for cyber threats. Our approach focuses on social engineering.

Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.

In the world of the hacker, social engineering is one of the most effective and widely used forms of exploitation and many of us, are completely unaware and unprepared for what is happening. In many cases, our innate desire to help others is the weakness the sophisticated hacker depends most upon.


We work with organizations to build awareness and understanding around how hackers will target employees whether it's over the phone, online or in person.


Our approach--whether delivered in person or online--provides participants with realistic, real life scenarios and challenges them to understand and identify situations that may cause risks for themselves and the organization. In addition, we work with leadership to develop mitigation protocols that empower team members to act in situations where they believe social engineering exploits are at play.

Our service offerings focus on awareness, training and strategy development.



Awareness is the cornerstone of changing behaviours, especially within large organizations.

Our service offerings include awareness programs for every level of the organization ... from the C-Suite to the Call Centre.



Security programs exist in a continuum, starting with awareness and building with training.

Training should be ongoing informed by periodic assessments to determine areas requiring additional work.



Changing organizational behaviour around cyber security should be undertaken within the context of other security programs. 

We can work within senior management to develop a security culture program that works.



At Security Culture Institute, we believe that security posture within any organizations begins with its people. Year after year statistics indicate the impact of human error as it relates to data and security breaches. Many organizations fail to recognize the importance of awareness and situational based training for employees. By developing a strong understanding of social engineering and the exploitation tools used by the sophisticated hacker, individuals within an organization are better equipped to address and defend against potentially damaging threats. 

Our vision is to create organizations where security is a strongly embraced and a practiced part of the corporate culture and provides its team members with the skills and ability to ensure the safety of themselves, their customers their employer and their families.


2 Rean Drive

Toronto, ON

M2K 3B8



© 2018 by the Security Culture Institute. All rights reserved.