Awareness

Inclusive awareness framework

Move from awareness campaigns that tick boxes to ones that actually change behaviour. Integrates accessibility, security and communication psychology to make learning relevant to everyone — not just those who already feel included.

↓ Download as PDF Preview the PDF

Who it's for

Security awareness leads, learning and development teams, and internal communicators who suspect their content isn't reaching everyone.

When to use it

Before commissioning the next round of training. Before the next phishing simulation. Before anything you're about to send to all staff.

Why most awareness fails

It's written for the people who already engage. The font is too small, the language is too jargon-heavy, the videos have no captions, the simulations punish the wrong people. The result: the people most at risk get the least support.

The five lenses

Sensory — can people see, hear and read what you produced.
Cognitive — is the language plain, the structure clear, the load reasonable.
Emotional — does the tone build confidence or shame.
Cultural — does it land with people who don't share your reference points.
Practical — can people apply it on the actual systems they use.

In practice

How to run it

1
Run any new awareness asset through the five lenses before publishing.
2
Test with three real people who are not on the security team.
3
Measure behaviour change, not click-through. Awareness that doesn't change behaviour is just noise.
4
Replace anything that scores poorly. Don't keep it because it's already paid for.

← Previous

Outcome-based security framework

Training trauma risk scorecard

Want the full story?

The frameworks are most powerful alongside the case studies, research, and playbooks in the book.

Buy Access Denied →