Social Engineering Awareness Course

The APMG swirl device logo is a trademark of The APM Group Ltd. Use of this trademark on this with website has been authorised solely for marketing purposes. All rights reserved.

Social Engineering Training

Social engineering has proved to be one of the most prolific & effective means of attacking organisations of all sizes. It is an attack vector that is growing rapidly. Your staff need to be able to identify & defend against attempted attacks. Your I.T team should focus on the more technical elements of security & the rest of your staff should focus on social engineering threats.
“Social Engineering: Manipulating people into carrying out specific actions or divulging information that is of use to an attacker”- NCSC
This face-to-face NCSC certified course equips your staff with the skills to identify & combat social engineering attacks such as not clicking malicious links or opening phishing emails. We follow nationally set standards and best practice to ensure you get the best awareness training possible for your staff.

Social engineering training

Course Contents


The biggest attack vector. Staff learn how malicious emails are crafted and how to spot them.



Phone based attacks often used to gather intelligence for another attack. Staff learn how to spot & stop this attack.


A physical attack to gain access to your business & data. Staff learn strategies for challenging these attacks.

Counter measures

See the business impact of successful attacks and learn ways to improve security within their organisation.




Staff training on information security is a crucial part of risk mitigation under the GDPR. Companies who cannot show measurable compliance risk heavy fines. The ICO states that companies should train their staff to be aware of phishing, vishing & impersonation attacks as part of their data protection training.



By having your staff complete a NCSC certified training course you can demonstrate a commitment to cyber security to your clients.



Staff don’t have to be a security weakness, with the right training they can be your greatest defence.

Why Us



Our course is NCSC certified which is an industry recognised benchmark for cyber security training quality.



With our background in one of the U.K Police Cyber Crime Units we understand the threat well.



We are subject matter experts who speak at events around the world on cyber security & social engineering.



We provide high quality training that is fun & interactive and managed from start to finish.

What People are Saying

Futures Housing Group

“Red Goat were really helpful in tailoring a course to our needs. The trainer was really engaging.”

Futures Housing group
Bristol Airport

“Red Goat were very helpful and provided an excellent training course that was really engaging and helpful to a wide range of our staff”.

Bath hospital

“Excellent course and great scenarios. We would recommend this course to anyone, really informative and relaxed. Rarely is there a course that is both informative and enjoyable. Really good.”

Take control of your cyber security and contact us now...


By submitting your message and your phone number and/or email address, you are permitting us to contact you by these means in response to your enquiry or feedback. You also acknowledge that you have read our privacy terms and that you consent to our processing data in accordance with them.Read our privacy policy here


Who is the course for?

This is a face-to-face awareness level course. It is suitable for all company staff and has been designed to be practical and easily understood by anyone. Our clients often employ it to provide their “high risk” staff with more in-depth training.

Who is the trainer?

All our NCSC certified social engineering courses are taught by award-winning cyber security expert Lisa Forte.

Where do you run the courses?

The courses are run at a venue of your choice. We are able to run the courses anywhere in the world and we frequently run courses in the UK, Europe and the USA.

Do students get a certificate?

Students get a certificate of completion of a GCHQ accredited course to evidence their training. This benefits their CPD and demonstrates your commitment to cyber security both to your clients & the ICO under the GDPR.

How long is the course?

The course lasts for 4 hours Including the exam. This means your staff don’t miss an entire day off work so the course causes minimal operational disruption.
Alternatively there is a 2 hour, non-NCSC certified course which has the core elements of the 4 hour course but is not certified by GCHQ. Contact us for more information.

Why NCSC Certified Training?

With the abundance of cyber security training courses on offer it can be difficult for customers to identify highly competent trainers and good quality courses. NCSC Certified Training addresses this issue- providing customers with a choice of rigorously assessed training providers, thus they can feel confident they’ll receive training that is consistent with industry best practice.

What is the difference between cyber security training & social engineering training?

Social engineering is one of the largest cyber attack vectors being used. Your human firewall (your staff) need to be able to identify & defend against attempted attacks to protect the company & themselves. Social engineering is a huge part of cyber security. Your I.T team should focus on the technical parts of cyber security & your staff should focus on social engineering threats.

 The APMG swirl device logo is a trademark of The APM Group Ltd. Use of this trademark on this with website has been authorised solely for marketing purposes. All rights reserved.

Related Content

Maersk Incident Response

Maersk Incident Response

Updated May 2022 Fire drills are commonplace. We test the alarms, the evacuation procedures and the fire marshals get to practice their roles. In a cyber attack there can be just as much chaos as with a fire, perhaps even more so. This is why incident response is such...

Are all Insider Threats bad apples?

Are all Insider Threats bad apples?

The "bad apples" argument for insider threats is simply too reductionist. Here is why:  When an intentional insider threat manifests it is a product of a hugely complex and escalating set of circumstances. The argument that they are "just bad people who go around...

3 easy traps your CMT could fall into and how to prevent them

3 easy traps your CMT could fall into and how to prevent them

Your Crisis Management Team, CMT, helps prepare your organisation for an incident and manages the strategic response to any incidents or crisis that occurs. In my experience of running cyber crisis simulations with these teams I see the same issues present themselves...