# Workflows: Anti-Phishing Training Program

## Workflow 1: Annual Program Lifecycle

```
Q1: Baseline & Planning
  +-- Run baseline phishing simulation
  +-- Assess current awareness maturity level
  +-- Define annual targets and KPIs
  +-- Select/renew training platform
  +-- Design curriculum by role and department
  |
Q2: Foundation Training
  +-- Deploy core phishing awareness modules
  +-- Run monthly simulations (easy difficulty)
  +-- Launch phishing report button
  +-- Begin tracking metrics
  |
Q3: Advanced Training
  +-- Role-specific training (finance, IT, executives)
  +-- Increase simulation difficulty
  +-- Recognize security champions
  +-- Mid-year metrics review
  |
Q4: Assessment & Optimization
  +-- Run year-end assessment simulation
  +-- Compare against baseline
  +-- Generate annual report
  +-- Identify gaps for next year
  +-- Present ROI to leadership
```

## Workflow 2: Just-in-Time Training Flow

```
User interacts with simulated phishing email
  |
  v
[Did user click the link?]
  |
  +-- NO (ignored or reported) --> Positive outcome tracked
  |     |
  |     +-- [Did user report it?]
  |           +-- YES --> Send congratulations, award points
  |           +-- NO --> No action (not a failure)
  |
  +-- YES (clicked link)
       |
       v
  [Landing page shows "This was a test"]
       |
       v
  [Immediate micro-training module (2-3 min)]
       +-- What red flags were present
       +-- How to identify similar emails
       +-- How to report suspicious emails
       |
       v
  [Auto-enroll in refresher course within 7 days]
       |
       v
  [Manager receives aggregate report (not individual names)]
       |
       v
  [User included in next simulation cycle]
```

## Workflow 3: Repeat Offender Escalation

```
User fails first simulation
  |
  +-- Standard just-in-time training
  +-- Auto-enrolled in awareness module
  |
User fails second simulation (within 6 months)
  |
  +-- Enhanced training assignment
  +-- One-on-one coaching session offered
  +-- Manager notification (private)
  |
User fails third simulation
  |
  +-- Mandatory extended training
  +-- Access restrictions considered (additional MFA, restricted permissions)
  +-- HR involvement per policy
  +-- Monthly targeted simulations
  |
User passes subsequent simulation
  |
  +-- Return to normal simulation schedule
  +-- Positive reinforcement
```

## Workflow 4: Metrics-Driven Optimization

```
Monthly Data Collection
  |
  +-- Simulation results (click, submit, report rates)
  +-- Training completion rates
  +-- User-reported real phishing volume
  +-- Help desk phishing tickets
  |
  v
[Analyze by dimensions]
  +-- Department breakdown
  +-- Role/seniority breakdown
  +-- Location breakdown
  +-- Trend over time
  |
  v
[Identify patterns]
  +-- Which departments are improving?
  +-- Which scenarios are most effective?
  +-- Are repeat offenders decreasing?
  +-- Is report rate increasing?
  |
  v
[Adjust program]
  +-- Increase difficulty for high-performing groups
  +-- More training for struggling departments
  +-- New scenario types for common gaps
  +-- Update content for new threat trends
```