Social engineering has proved to be one of the most prolific & effective means of attacking organisations of all sizes.  It is an attack vector that is growing rapidly.  Your staff need to be able to identify & defend against attempted attacks.  Your I.T team should focus on the more technical elements of security & the rest of your staff should focus on social engineering threats.

"Social Engineering: Manipulating people into carrying out specific actions or divulging information that is of use to an attacker"- NCSC

This face-to-face GCHQ certified course equips your staff with the skills to identify & combat social engineering attacks such as not clicking malicious links or opening phishing emails.  We follow nationally set standards and best practice to ensure you get the best awareness training possible for your staff.

Course Contents


The biggest attack vector. Staff learn how malicious emails are crafted and how to spot them.


Phone based attacks often used to gather intelligence for another attack. Staff learn how to spot & stop this attack.


A physical attack to gain access to your business & data. Staff learn strategies for challenging these attacks.

Counter measures

Staff learn about ways to improve security & create a better security culture within their organisation. They will see the business impact of successful attacks and why reducing your online footprint can be very important.

GDPR: Staff training on information security is a crucial part of risk mitigation under the GDPR. Companies who cannot show measurable compliance risk heavy fines. The ICO states that SMEs should train their staff to be aware of phishing, vishing & impersonation attacks as part of their data protection training.

GCHQ: By having your staff complete GCHQ approved training you can demonstrate a commitment to cyber security to your clients.

FRONTLINE DEFENCE: Staff are the front line of your cyber defences, as much as your firewall & anti-virus.

Course objectives

  • List the different types of social engineering attack, how to identify them & list appropriate countermeasures;
  • Identify assets within the organisation that require protection;
  • Identify relevant threats to assets and exploitable vulnerabilities;
  • Describe the business impact of a risk being realised;
  • Develop information risk management strategies to reduce the risk & explain the importance of security policies and auditing;
  • Explain the importance of auditing the information you put online;
  • Describe the threat landscape and adversarial thinking ; and
  • Explain the importance of encouraging a security culture within an organisation including awareness raising methods.

Why us?

Our course is GCHQ certified which is an industry recognised benchmark for cyber security training quality.

With our background in one of the U.K Police Cyber Crime Units we understand the threat well.


We are subject matter experts who speak at events around the world on cyber security & social engineering.


We provide high quality training that is fun & interactive and managed from start to finish.

I was hugely impressed by the Social Engineering Awareness Course run by Red Goat Cyber Security. It is one of the first courses I’ve encountered where those who attended it have continued to talk about it long afterwards; a sure sign that the key messages imparted by the trainer have stuck. The course was packed full of guidance and tips on how you can make it more difficult for cyber criminals to worm their way into your organisation and its finances, and even our most seasoned information and cyber security professionals found it thought-provoking and informative. This was such a valuable experience in raising awareness of the methods used by cyber criminals that we are looking to repeat the course for different sections of our workforce on a regular basis.

John Stanley MBCI, Risk & Resilience Manager


Benefits of GCHQ certified training

High Quality

Individuals and organisations can easily and quickly identify high quality, relevant training.

Rigorously Assessed

The course materials have been rigorously assessed against the exacting standards of GCHQ.

Quality Checked

The quality of the trainers' delivery and course administration has been quality checked.

IISP Framework

GCHQ Certified Training is based on the industry respected IISP Skills framework.


Social engineering is one of the largest cyber attack vectors being used. Your human firewall (your staff) need to be able to identify & defend against attempted attacks to protect the company & themselves. Social engineering is a huge part of cyber security. Your I.T team should focus on the technical parts of cyber security & your staff should focus on social engineering threats.

They get a certificate of completion of a GCHQ accredited course to evidence their training. This can be used to demonstrate your commitment to cyber security both to your clients & the ICO under the GDPR.

The course lasts for 4 hours Including the exam. This means your staff don’t miss an entire day off work so the course causes minimal operational disruption.

Alternatively there is a 2 hour, non-GCHQ certified course which has the core elements of the 4 hour course but is not certified by GCHQ.  Contact us for more information.

This awareness level course is for all company staff and has been designed to be practical and easily understood by anyone.

GCHQ is one of the three UK intelligence agencies, along with MI5 and the Secret Intelligence Service (MI6). With the abundance of cyber security training courses on offer it can be difficult for customers to identify highly competent trainers and good quality courses. GCHQ Certified Training (GCT) addresses this issue- providing customers with a choice of rigorously assessed training providers, thus they can feel confident they’ll receive training that is consistent with industry best practice. 

The APMG swirl device logo is a trademark of The APM Group Ltd. Use of this trademark on this with website  has been authorised solely for marketing purposes. All rights reserved.