Curated Supplier · Security Awareness · Phishing Simulation

Stickley on Security — training people actually pay attention to.

Security awareness training and phishing simulation specialist since 2007 — founded by noted security expert Jim Stickley (NBC, CNN, CNBC, LifeLock commercials). Powered Cybersecurity Training (PCT) and BadPhish phishing simulator with FFIEC-mandate alignment for financial services. Over 150,000 users protected nationwide. Sub-$500 MRR floor.

What Stickley on Security actually does.

Stickley on Security has been running awareness training and phishing simulation since 2007 — long enough to have learned what works and what doesn't. The pitch isn't "check the awareness training box for your auditor"; it's that nearly every breach traces back to someone clicking something, and the difference between content that gets clicked through and content that actually changes behavior is real. Jim Stickley spends time breaking into organizations for a living — the training material is informed by what actually works on people, not academic theory about adult learning.

Capabilities · A short list

Powered Cybersecurity Training (PCT) Fully managed awareness program — quarterly training, monthly phishing campaigns, automated reporting. 5-10 minute setup, then automatic. Built for SMB IT teams who don't have time to manage a training program.
BadPhish phishing simulator Next-generation phishing simulation, included with PCT at no additional charge for orgs that don't already have one. Designed by someone who's been on the offensive side for 25+ years.
Employee EDU Customizable LMS-compatible (SCORM v1/v2) courses. Quarterly campaigns on high-risk topics, 15-20 minute completion. For orgs that want more control over content.
SoS Advisor for financial services Customer-facing security education for banks and credit unions. FFIEC mandate alignment built in.
Spear phishing + typosquatting defense Domain monitoring, lookalike domain detection, takedown procedures. Layered above the human training.
Cyber insurance policy alignment Meets requirements for most cyber insurance policies — the training program that actually transfers risk.

Who this fits.

Best Fit

SMB IT/security lead needing turnkey awareness program

You know awareness training matters, you don't have time to design and run a program, you need something that runs automatically with minimal management overhead. PCT was built for this.

Strong Fit

Banks, credit unions, and other FFIEC-regulated orgs

FFIEC alignment is the lead story. Customer-facing security education plus employee training under one provider.

Mixed Fit

Enterprises with existing KnowBe4 / Proofpoint deployment

Switching costs are real once a program is established. Brief Stickley when you're refreshing your awareness program or expanding beyond standard offerings.

Less Likely

Pure technical security teams without awareness mandate

If you don't have a regulatory or insurance requirement and you're not measuring phishing susceptibility, the ROI is harder to quantify.

How Stickley on Security sits against the field.

This page

Stickley on Security

Security awareness training + phishing simulation
Founded 2007 — long industry presence
FFIEC-aligned for financial services
Powered Cybersecurity Training fully managed
Strong fit: SMB / FFIEC-regulated organizations

Adjacent

Cyrisma

Data-layer security and discovery
Different layer — technical, not human
Often complementary in mature programs
Available through our sourcing network
Both belong in well-rounded security stacks

Different shape

Drata

Compliance automation tooling
Different problem entirely
Drata may consume Stickley's training records
Often deployed together
Available through our sourcing network