Hey and thanks again for the warm welcome! One of our most impactful formats has been our internal video podcast called “Gordon meets …”, which we created to make IT and cybersecurity topics more tangible and relatable for our colleagues … especially those without a technical background. Right from the start, our goal was to make cybersecurity understandable. Not through expert-level talk, but by using real-life examples, simple language and a hands-on approach. That’s why we brought in external experts and filmed the interviews directly at their locations. Sometimes that meant travelling to Cologne, Frankfurt or even Hamburg to get the conversation on camera. When we started, we had no idea how to produce a video podcast. We just knew we wanted to try. So we learned as we went. With each episode, our equipment and production quality got a bit better. We always said: It’s okay if it’s not perfect. What really matters is the content. And it paid off. What really made a difference was hearing key messages from trusted external experts. It just hits differently when someone outside the company explains a risk or gives advice. That really helped build trust and understanding. One of the most common reactions we got from employees was: “This was the first time I truly understood the topic.” Over time, we produced 12 episodes with a total runtime of 3 hours and 45 minutes, reached 4,002 episode views, and got 123 employees to participate in our awareness quiz. Thanks to one of our suppliers who kindly supported us as a sponsor, we were able to add a small quiz to each episode. At the end of the series, we summed up all the quiz results and raffled off several prizes among the 10 best participants. The prizes included an iPad, Apple AirPods, and a 27-inch monitor. Of course, this whole project was a lot of work. My colleague and I spent quite a bit of our free time on it, because there was simply no way to make it happen alongside our daily operations. But it was absolutely worth the effort. If anyone here is thinking about starting something similar, I can truly recommend it. You don’t need a perfect studio setup … just a good story, helpful insights, and a bit of passion. I hope this gave you a bit of inspiration for your own awareness projects. If you have any questions or want to exchange ideas, feel free to reach out!
This is really inspiring Gordon S. 🙌 Such a creative way to bring awareness to life – really appreciate you sharing this.
“This was the first time I truly understood the topic.” – That speaks volumes! 🎯
Also, the fact that you gamified the process is such a smart way to keep people engaged throughout. Would love to hear more about how you promoted the episodes internally – what helped drive visibility? Also curious to hear what others think – Semjon N. Katharina K. Jana K. René K. – what are your thoughts? Have you run similar awareness initiatives in the past?
Melissa G. Thanks so much. I really appreciate the kind words :) Great question regarding internal promotion. We used a mix of formats to drive visibility and engagement: • Teaser posts on our intranet usually including a short quote or behind-the-scenes photo from the episode. • A consistent design and branding so people recognised it at a glance – including the logo, the format title “Gordon meets …”, and the newly implemented hashtag #StrongerTogether to flag all of our cybersecurity content. • We also published all episodes on a dedicated internal landing page that showed the full series and the quizzes. • And finally, we tied the whole thing to a prize draw at the end, which definitely boosted motivation. If I had to pick one success factor, I’d say it was the combination of authentic content and clear internal branding. People knew what to expect and that it would be worth their time.
René K. Thank you for your kind feedback! Each episode focused on a specific topic that was relevant to our everyday work environment. Always with the goal of making it practical and easy to understand for non-tech colleagues. Some of the topics we covered included: • Phishing and Social Engineering (e.g. how attackers trick you into giving away information) • Dangerous USB devices like Rubber Ducky sticks • Home office security and how to protect your home network • Ransomware threats and how modern attacks are put together • And even parental control software to help employees protect their kids online We always tried to keep things accessible and sometimes even humorous, because we wanted people to feel informed, not intimidated or even bored. Another important element was relating each topic to our employees’ personal lives. We wanted the episodes to feel useful beyond the workplace, so I would usually end each interview with the same question: “Do you have any tips that our colleagues can apply at home?” This helped make the content even more relatable and actionable. One expert, for example, pointed out how convenient smart locks can be, but also explained why they can pose a serious security risk, especially if not properly configured or secured. As for broader awareness efforts: Until recently, we created our phishing simulations manually in Microsoft Defender, which was quite time-consuming. The emails worked well technically, but we noticed that the training content behind them lacked depth. Now that we’ve switched to SoSafe, we not only get high-quality phishing simulations but also engaging and professional learning videos that follow each click. Because in the end, it’s not about triggering clicks, it’s about turning them into meaningful learning experiences. That’s where SoSafe really adds value. We also try to integrate a short quiz into every awareness activity. Whether it’s after a video, a presentation, or so. And we regularly reach out to our suppliers to sponsor small prizes that we can hand out to participants. This adds a fun incentive and helps boost participation. In addition, we are currently planning a Cybersecurity Awareness Week. The exact date is still to be determined, but it will include live speakers, escape rooms, and interactive challenges to raise engagement across the company. And we’re also using creative physical reminders to keep the topic present in everyday work life: We’ve placed roll-ups at different spots across the company with our key messages. We designed custom gummy bear packs that promote our new cyber security awareness hashtag #StrongerTogether. And we even produced fortune cookies with 25 unique cybersecurity messages inside. Our sweets are distributed at random times in the cafeteria, at our reception, or meeting zones. Just to keep the topic top of mind in a playful way. To make individual efforts in cybersecurity awareness even more visible and valued, we’re currently working on a custom “trophy block” system that employees can place on their desks. For specific cybersecurity-related tasks, employees will receive small trophies that they can proudly display on their blocks. For example, all 123 participants of the internal podcast quiz will receive a trophy. The ten employees who achieved the maximum score will even get a special version with a different colour or design. We’ll also create trophies based on achievements within SoSafe, such as earning medals, and for other activities like participating in our upcoming cybersecurity escape room. The idea is to gently encourage friendly competition across departments. If, say, a manager from HR visits the finance department and sees their employees have far more trophies, the hope is that they’ll motivate their own team to catch up by taking part in more trainings. It’s a fun, visual way to create momentum and internal awareness benchmarking – without pressure, just motivation. The biggest win, however, isn’t just that people talk more openly about cybersecurity. What’s even more powerful is the behavioural change we’re seeing. Employees now correct each other when someone forgets to lock their screen. They reach out proactively to the IT team when they’re unsure about a suspicious email, a link, or a USB stick. That shift in mindset is something we’re really proud of. From the very beginning, we also made it clear that our goal is not to blame people for mistakes. We encourage everyone to report incidents early and openly, even if they feel they’ve made a mistake. Because hiding an incident would only make things worse. We’ve worked hard to build a culture where it’s okay to make mistakes (as long as they’re not intentional) and where people know they can always come to us without fear of punishment.
Gordon S. 👏👏👏! You’ve clearly put an incredible amount of thought and energy into creating not just content, but a culture around cybersecurity. I loved the question you asked at the end of each episode: “Do you have any tips that our colleagues can apply at home?” - that shows how much you care about making it relevant beyond the workplace! Also, the physical reminders – gummy bears, fortune cookies, trophies – such creative and playful ideas! It seems like you’ve managed to secure a lot of internal buy-in for these efforts. Was that an easy journey or did it take some more convincing to get everyone on board? Thanks again for sharing so generously – it’s really inspiring to see such a holistic approach to awareness and culture building. Dandy B. Christoph E. Monika G. curious to hear your thoughts, which parts resonated most with you or sparked ideas for your own programs? 😊
To be honest: no, it hasn’t been an easy journey. Cybersecurity and awareness aren’t exactly topics that naturally spark enthusiasm in a company, especially when you’re trying to build something strategic and long-term. Initially, it’s all about costs, without any immediately visible benefit. It’s an investment in prevention and that’s hard to grasp until something actually happens. There are also ongoing internal challenges. One of them is working with our marketing department, who often criticise my designs for not fully aligning with our corporate branding. I understand their perspective, but I’m creating content for users, not for advertising campaigns. If we want people to engage with awareness materials and actually enjoy them, we need some creative freedom. A generic template just won’t catch anyone’s attention anymore. We’re still far from the kind of “cybersecurity awareness culture” I’m aiming for … where security becomes as natural as grabbing your morning coffee. Many colleagues are now genuinely engaged, contribute ideas and keep learning more on their own. But there are still others who simply don’t care at all. The real challenge is figuring out how to get them on board in the long run Not through pressure, but by making it relevant and appealing. I’d love to hear how others are approaching this in their own organisations.
Thank you so much for sharing and for your transparency, Gordon S.! Pretty sure many members here would add a big +1 to the challenges you mentioned. ℹ️ I’m definitely keeping this quote: “Where security becomes as natural as grabbing your morning coffee.” ☕😄 René K. – I saw you commenting earlier in the thread too! Would love to hear your take on this — feel free to jump in anytime!
Thank you Gordon S. again for offering so many valuable suggestions! And I also think it's important to understand how much effort is involved in such a project. My experiences many years ago were similar. I also considered SoSafe for further trainings, because in combination with our phishing simulation, our victims are led directly to the right E-Learnings and do not have the feeling of helplessness, rather they will have the opportunity to learn anonymously and at their own pace.
