Anyone interested in an MSP referral exchange community?

Our clients regularly ask us to recommend an MSP for the broader cybersecurity work that falls outside our scope. We focus solely on security awareness training, so rather than turn those requests away, we'd like to send them to someone we know.

The exchange between MSPs also might work. Maybe client is in the timezone that is not working for you or requesting services you can't provide.

Would you like to be a part of a community for the client referral exchange? Also, what may be the downsides of such an initiative?

reddit.com
u/anthonyDavidson31 — 9 days ago

How to train employees to feel when something's off?

Saw a brilliant comment recently that I can't stop thinking about:

>Focusing on the "tells" in a phishing email was always doomed... "Count the fingers" only worked until the AI models caught up. The point isn't to make your employees into deepfake detectors, it's to train them to know when something doesn't feel right and to trust their instincts, question it, and follow your response procedure.

Want to implement something like this in my company, but not sure how that should work in practice. Any suggestions?

Allowing employees to breach security protocols once in a controlled environment and issue a warning so that they would never do that again seems like a complex training procedure.

reddit.com
u/anthonyDavidson31 — 1 month ago

How to train employees to feel when something's off?

Saw a brilliant comment recently that I can't stop thinking about:

>Focusing on the "tells" in a phishing email was always doomed... "Count the fingers" only worked until the AI models caught up. The point isn't to make your employees into deepfake detectors, it's to train them to know when something doesn't feel right and to trust their instincts, question it, and follow your response procedure.

Want to implement something like this in my company, but not sure how that should work in practice. Any suggestions?

Allowing employees to breach security protocols once in a controlled environment and issue a warning so that they would never do that again seems like a complex training procedure.

reddit.com
u/anthonyDavidson31 — 1 month ago

Hey r/opensource

I'm a cybersec engineer with an L&D background. Got tired of boring security awareness courses and teamed up with a builder tool to deliver a free interactive SAT for AI era.

AI agents, LLMs, and autonomous tools are being adopted faster than the security practices meant to govern them. While threats like phishing are well-understood, the AI wave has introduced attack vectors that most people have never encountered -- prompt injection, RAG exploitation, and more. The problem isn't awareness alone. Most security training is passive: slide decks and videos that people click through and forget.

This library takes a different approach. Every exercise drops you into an interactive 3D office environment where you face realistic scenarios in first-person. You interact with real objects -- a phone, a PC running a live OS (browser, terminal, Zoom), a flipchart -- and make decisions under pressure, just like you would at your desk.

Free to use personally, professionally, or in commercial workshops. The only restriction is reselling or redistributing the content as a standalone product. So if you're running an in-person training -- this library can be a great addition to your learning materials. Sharing the materials free of charge is encouraged!

What's included:

Scenarios include things like:

  • Identifying hidden prompt injection instructions in uploaded documents
  • Spotting sensitive data categories that should never enter AI prompts
  • Evaluating third-party AI plugins for supply chain risks before deployment And more!

...and more!

Two ways to use it:

Web view -- run exercises directly in a browser, ideal for workshops or sharing with students and colleagues.

GitHub repo -- every exercise is packaged as a SCORM .zip, ready to import into any LMS, embed into an existing training pipeline, or test on SCORM Cloud before rollout. Note: SCORM files make API calls to the server for pre-rendered scene files and iframes. If that's a blocker for you or you need a security assessment -- create an issue

The repo root contains full course packages. Other .zip files in the "Individual exercises" folder contain standalone exercises if you want to build a custom curriculum.

https://github.com/ransomleak/training-owasp

Happy to answer questions or take your thoughts on the exercises!

P.S: will appreciate your stars 😄

reddit.com
u/anthonyDavidson31 — 2 months ago
▲ 7 r/MSSP

Heads up: this post has been admin approved and I'm affiliated with the platform used to build the exercises. It's commercial, and the exercise preview link is on that tool's domain. That said, the SCORM files are fully white-labeled -- no logos, no backlinks, no sign-up, no paywall. You can grab them and self-host if you'd prefer.

-------

Hey r/MSSP

I'm a cybersec engineer with an L&D background. Got tired of boring security awareness courses and teamed up with a builder tool to deliver a free interactive SAT.

Every exercise drops you into an interactive 3D office environment where you face realistic incidents in first-person. You interact with real objects -- a phone, a PC running a live OS (browser, terminal, Zoom), a flipchart -- and make decisions under pressure, just like you would at your desk.

Exercises designed to build practical skills and develop muscle memory on how to respond to threats. So that when something bad is about to happen at work, people remember having faced it before -- and respond accordingly. Every exercise ends with a quiz at a 100% pass threshold to confirm the knowledge is stuck.

Free to use personally, professionally, or in commercial workshops. The only restriction is reselling or redistributing the content as a standalone product. So if you're running an in-person training -- this library can be a great addition to your learning materials. Sharing the materials free of charge is encouraged!

What's included:

- Spotting phishing indicators in a suspicious email
- Handling a scam phone call (vishing) in real time
- Downloading a malicious file and watching the consequences unfold
- Identifying hidden prompt injection instructions in uploaded documents
- Spotting sensitive data categories that may breach GDPR
- Evaluating third-party AI plugins for supply chain risks before deployment

...and 80 more exercises!

Two ways to use it:

Web view -- run exercises directly in a browser, ideal for workshops or sharing with students and colleagues.

GitHub repo -- every exercise is packaged as a SCORM .zip, ready to import into any LMS, embed into an existing training pipeline, or test on SCORM Cloud before rollout. Note: SCORM files make API calls to the server for pre-rendered scene files and iframes. If that's a blocker for you or you need a security assessment -- drop an email to one of the devs: maksym(at)ransomleak(dot)com

The repo root contains full course packages. Other .zip files in the "Individual exercises" folder contain standalone exercises if you want to build a custom curriculum.

Web view

GitHub

Happy to answer questions or take your thoughts on the exercises!

P.S: In case this gets traction — I'll add more free exercises for the community! Feel free to drop exercise topics in the comments. There's also "OWASP Top 10 for Agentic AI Applications" course in the works

u/anthonyDavidson31 — 3 months ago