At first we tried maintaining our own awareness trainings content and used the built-in awareness training of eramba but due to lack of time and imagination our content for these awareness trainings is lacking.
I now see there are a lot of awareness training providers available but most will sell you this as a subscription to be handled within their framework.
I am curious what other organisations do? Do you use a provider? Do you buy the material somewhere and implement it inside eramba?
we are using Lucy (lucysecurity.com). Originally we have just used it for phishing campaigns, but since last year we are using it for security awareness campaigns as well. There is an annual fee to be paid (pricing might change because there is a new owner), but overall it’s quite ok, there are tons of templates to use.
We are using the Eramba awareness module only for very specific trainings (e.g. for information about new procedures or similar, acknowledgement of policies etc.)
For us, we’re currently a InfoSec Institute reseller where we buy seats in bulk and distribute them out to our clients. Their LMS is used and they create the content - covering general security awareness, GDPR/privacy and secure development training. They’ve also got phishing capabilities along with AD/Azure AD Sync available.
They, along with many others, have the ability to export their content out to a “SCORM” package, which is the training industry standard package for moving content/courses between LMSes. Therefore, if you do have an LMS that accepts the SCORM packages, you can buy content from multiple providers and consolidate it. It would be awesome if Eramba was able to ingest and utilize the SCORM packages, but from a prioritization perspective, I’m fairly sure it’s going to be a while.