Security Awareness & User Education

Skill 3

Introduction

Even the strongest cybersecurity system can be undone by a single click on a malicious link. People are often the weakest link in security, but they can also be the strongest defense if they are well-informed and vigilant. Security Awareness & User Education focuses on equipping individuals with the knowledge and habits needed to protect themselves and the organizations they work for.

Through this skill, I aim to make complex security concepts simple and practical. The ability to communicate effectively about threats like phishing, weak passwords, and unsafe browsing is just as important as technical defenses. The artifacts on this page demonstrate my ability to create clear, accessible, and engaging materials that can help users avoid common pitfalls and contribute to overall cybersecurity.

Artifact 1: Phishing Awareness Poster

Description:
This poster was designed to alert users to the dangers of phishing emails and teach them how to spot suspicious messages. It uses clear visuals, short text, and examples of red flags, such as unusual sender addresses, urgent language, and unexpected attachments or links.

Reflection:
Creating this artifact taught me how to distill complex threat patterns into simple, memorable tips. Visual communication is key in security awareness — people are more likely to remember a poster they’ve seen in the office or online than a long written policy. This skill is essential for reaching busy users who may not have time for detailed training sessions.

Poster:

Artifact 2: Cybersecurity Best Practices Quick Guide

Description:
This two-page guide provides everyday users with clear, actionable steps to protect their personal and work-related information. It covers topics such as creating strong passwords, enabling multi-factor authentication, keeping software updated, and recognizing social engineering tactics.

Reflection:
Developing this guide helped me focus on clarity and brevity. Good security advice must be easy to understand and apply immediately. Writing for a non-technical audience reinforced my ability to communicate without jargon, which is crucial for training diverse groups of users.

Two page guide:

Cybersecurity Best Practices Quick Guide

Purpose:
To help users protect personal and organizational information by following simple, practical steps every day.

1. Use Strong, Unique Passwords

  • Create passwords that are at least 12 characters long.

  • Use a mix of uppercase letters, lowercase letters, numbers, and symbols.

  • Avoid using the same password for multiple accounts.

  • Consider using a reputable password manager to generate and store passwords.

2. Enable Multi-Factor Authentication (MFA)

  • Turn on MFA wherever possible for email, banking, and work accounts.

  • MFA adds an extra layer of security even if your password is compromised.

3. Keep Software and Devices Updated

  • Regularly install updates for your operating system, applications, and antivirus software.

  • Enable automatic updates to reduce the risk of missing critical patches.

4. Be Cautious with Links and Attachments

  • Don’t click links in unsolicited emails or text messages.

  • Hover over links to see the real URL before clicking.

  • Only open attachments from trusted senders.

5. Protect Personal Information

  • Avoid oversharing details such as your full birth date, address, or phone number on social media.

  • Be wary of online quizzes or forms that request sensitive data.

6. Secure Your Home Network

  • Change default router passwords and update router firmware.

  • Use WPA3 or WPA2 encryption for Wi-Fi.

  • Hide your network name (SSID) from public view.

7. Backup Your Data

  • Create regular backups of important files.

  • Use both cloud storage and physical external drives for redundancy.

8. Report Suspicious Activity

  • Notify your IT department or security contact immediately if you suspect a phishing attempt, malware infection, or account compromise.

Artifact 3: Security Training Program Diagram

Description:
This diagram outlines the structure of a workplace security training program. It shows the flow from initial orientation, to monthly security tips, to simulated phishing campaigns, and finally to reporting and feedback loops.

Reflection:
Designing the diagram required me to think about the training process as a whole — from awareness to reinforcement. A structured approach ensures that knowledge is retained and tested over time. This artifact demonstrates my ability to plan effective, ongoing education programs, not just one-off sessions.

Diagram:

Closing Reflection

Security Awareness & User Education is about empowering people to be part of the defense, not part of the problem. The three artifacts here show different ways to achieve that — through eye-catching visuals, concise guides, and structured training plans. By helping users understand threats and adopt safe habits, we strengthen every other layer of security. This skill will be valuable in any cybersecurity role where protecting information depends on both technology and the people who use it.