Awareness and Training

Build me a phishing follow-up automation in Tracecat. After each phishing simulation, record who reported, who ignored, and who clicked in a table. Send reporters a thank-you in Slack, assign clickers the refresher module in Vanta, and track completion with two reminders before escalating to managers. Report the trend by department each quarter. First help me understand how this maps to PR.AT-01 and why reinforcement timing matters more than training content. Ask me which simulation tool we use and how results export. Talk me through keeping the tone helpful so reporting rates go up, not down.

Build me a training coverage tracker in Tracecat. Map specialized roles to required training: engineers with production access, admins of security tools, and finance staff who approve payments, derived from Okta group memberships. Compare against completion records in Vanta, chase gaps in Slack, and keep an auditable coverage table per role. First help me understand how this maps to PR.AT-02 and why role-based requirements beat one generic course. Ask me which roles carry specialized risk in our org. Talk me through what happens when someone changes roles and their requirements shift.

Build me a nudge automation in Tracecat. When a user triggers a low-severity policy event, a risky OAuth grant, a file shared externally, or a password reuse alert, send them a short Slack note explaining what happened and the two-line version of the policy, with a link to the full one. Log acknowledgments and surface repeat patterns to the security team instead of punishing one-offs. First help me understand how this maps to PR.AT-01 and why teaching at the moment of the event outperforms annual training. Ask me which policy events fire often enough to be worth nudging. Talk me through keeping nudges rare enough that people still read them.