[carohadad]

hey! our team developed this tool that allows security trainers and teams to develop their own anti-phihing-education trainings based on their own threats, apps, context and language.

would love to get your feedback on it :)

We are also aunching a free-program for 10 orgs on our Enterprise plan --> https://docs.google.com/forms/d/e/1FAIpQLSc5nl1K8IQWuvoR_6PH...

[VoidWhisperer]

So is the idea for Shira is that it is quizzes and other tools to teach people how not to be phished? Whereas I know some enterprise anti-phishing tooling I've seen lets IT/Security send a 'phishing email', where you are told good job if you report it and it is noted down on your employee record if you do fall for it

[carohadad]

Hey! super good question, that's exactly the point!

We (and reseach) have found that the "phishing simulation" technique has not been effective. This "IT/Security sending a phishing-email" that you describe is the standard in the industry but it does not foster a space where real education and undestanding about what should be consider suspicious (and why) can occur. We have seen people alerting each other on private channels "be careful with this email, that's the phishing, simulation!". So IT have false data and people are not actually learning much...

Shira allows creating a controlled learning enviroment where people can learn about the phishing tactics and how to detect those in a controlled setting, with tailored explanations adapted to the org language/level/context :)

We wrote about it here: https://shira.app/phishing-quizzes

We launched it with a beta program some months and we have had very good feedback on effectiveness so far!

This is a demo quiz que created, but the idea is that trainers can create their own quizzes with any content and explanations they want https://quiz.shira.app/