March 14, 2026
How to Run Security Awareness Training in Slack
Learn how to deliver security awareness training in Slack using micro-lessons, quizzes, and automated reminders. A step-by-step guide to building a program your team will actually complete.
Most security awareness training fails before it starts. Employees receive an email linking to a video portal, click through a 45-minute module as fast as possible, answer a few multiple-choice questions, and forget everything within a week. Completion rates for traditional security training hover around 50-60%, and retention is even worse. Organizations check a compliance box once a year and hope for the best.
The problem isn't that people don't care about security. It's that the training is disconnected from where they actually work. Security awareness training in Slack changes that equation. Instead of pulling people out of their workflow and into a separate platform, you deliver training directly in the tool they already have open eight hours a day. Short lessons arrive on a schedule, quizzes reinforce key concepts, and managers can track completion without chasing anyone down.
Why Slack-based security training works
Traditional security training fights for attention against every other tab, notification, and meeting on someone's calendar. Slack-based training sidesteps that competition entirely because it lives inside the communication tool your team already relies on.
High visibility. Messages in Slack don't get buried the way training portal emails do. When a lesson appears in a channel or DM, it's part of the natural flow of the workday. People see it alongside project updates and team conversations, not in a forgotten browser tab.
Asynchronous by default. Not everyone works the same hours, especially on distributed teams. Slack-based training lets people complete lessons when it fits their schedule. A developer in London and a designer in San Francisco can both finish the same module without coordinating time zones or booking a conference room.
Fits into the flow of work. The concept of microlearning is built on research showing that short, focused lessons outperform long training sessions for knowledge retention. A two-minute read on phishing red flags, followed by a quick quiz, is more effective than a 60-minute video watched once a year.
Reinforcement through repetition. Security training isn't a one-time event. Threats evolve, and so should your team's awareness. Slack makes it easy to deliver recurring lessons on a quarterly or monthly cadence, reinforcing critical topics throughout the year rather than cramming them into a single annual session.
What to cover in security awareness training
A strong security awareness program covers the threats your team is most likely to encounter. Here are the core topics every program should address.
Phishing and email security
Phishing remains the leading cause of data breaches. According to the 2024 Verizon Data Breach Investigations Report, phishing is involved in over 15% of all breaches, and the median time for a user to click a malicious link is under 60 seconds. Training should teach employees how to identify suspicious emails, verify sender addresses, spot malicious links, and report phishing attempts. Include real-world examples of phishing emails that have targeted companies in your industry.
Social engineering
Phishing is one type of social engineering, but it's not the only one. Cover pretexting (fabricated scenarios to extract information), baiting (leaving infected USB drives or files), tailgating (following authorized personnel into secure areas), and vishing (phone-based social engineering). Employees need to understand that attackers target human behavior, not just technical systems.
Password hygiene and authentication
Cover the basics: unique passwords for every account, minimum length and complexity requirements, and why password reuse is dangerous. Introduce password managers as a practical tool, and explain multi-factor authentication (MFA), including why SMS-based MFA is weaker than authenticator apps or hardware keys.
Data handling and classification
Employees should know how to handle sensitive data, including customer PII, financial records, and intellectual property. Cover your organization's data classification levels, acceptable storage locations, sharing policies, and what to do if data is accidentally exposed.
Physical security
Remote work hasn't eliminated physical security risks. Cover screen locking, clean desk policies, secure disposal of printed documents, and awareness of shoulder surfing in public spaces. For office-based teams, include visitor policies and badge access protocols.
Incident reporting
Even the best-trained team will encounter suspicious activity. Make sure everyone knows exactly how to report a potential security incident: who to contact, what information to include, and what the response timeline looks like. The faster incidents are reported, the faster your security team can respond.
How to build a security awareness program in Slack with Doozy
Doozy's Tracks feature lets you create structured training sequences delivered directly in Slack. Combined with AI-generated quizzes, automated reminders, and completion tracking, you can build a complete security awareness program without a separate LMS.
Step 1: Map your security topics to a training schedule
Start by listing the topics you need to cover (use the list above as a starting point) and assign them to a quarterly cadence. For example:
- Q1: Phishing and email security, password hygiene
- Q2: Social engineering, incident reporting
- Q3: Data handling and classification, physical security
- Q4: Annual review covering all topics, plus emerging threats
This gives your team regular exposure to security concepts throughout the year rather than a single overwhelming session. If your industry has specific compliance requirements (like SOC 2), map those requirements to the relevant quarters.
Step 2: Create a Track for each training cycle
In Doozy, create a new Track for each quarter's training. Name it clearly, such as "Q1 2026: Phishing & Password Security," so employees and admins can identify it at a glance.
Choose your delivery channel. You can send Tracks to a dedicated #security-training channel for visibility, or deliver them as DMs for a more focused experience. DMs tend to have higher completion rates because the content feels directed at the individual.
Set the schedule for when messages should be delivered. Spacing lessons two to three days apart gives people time to absorb each topic without feeling overwhelmed.
Step 3: Write micro-lessons as Track messages
Each message in your Track is a self-contained micro-lesson. Keep them short: two to three minutes of reading time is the sweet spot. Structure each lesson with:
- A clear topic heading
- A brief explanation of the threat or concept
- One or two real-world examples
- A specific action the reader should take
For example, a phishing lesson might open with a statistic about phishing prevalence, describe three common phishing techniques with example screenshots, and close with a checklist for verifying suspicious emails.
Write in plain language. Avoid jargon and acronyms unless you define them. The goal is comprehension, not showcasing your security team's expertise.
Step 4: Add AI-generated quizzes to test comprehension
After each lesson (or group of related lessons), add a quiz to test whether the material stuck. Doozy's AI quiz generation can create questions based on your lesson content, saving you the work of writing them from scratch.
Effective security training quizzes should include:
- Scenario-based questions ("You receive an email from your CEO asking you to wire funds urgently. What should you do?")
- Identification questions ("Which of these URLs is a phishing attempt?")
- Process questions ("What is the first step when you suspect a security incident?")
Mix question formats to keep the experience engaging. Multiple choice works well for knowledge checks, while true/false questions can address common misconceptions.
Step 5: Configure auto-reminders for incomplete training
The single biggest advantage of running security training through Doozy is automated follow-up. Configure reminders so that employees who haven't completed their lessons or quizzes receive a nudge after a set period.
This eliminates the most tedious part of security training administration: chasing people down. Instead of managers sending weekly reminder emails, the system handles it automatically. HR and security teams can focus on content quality rather than logistics.
Example security awareness training Track
Here's what a realistic Q1 security awareness Track might look like, delivered over two weeks:
Week 1: Phishing and email security
| Day | Content | Type |
|---|---|---|
| Monday | Lesson: "What is phishing and why it works" | Micro-lesson (2 min read) |
| Wednesday | Lesson: "How to spot a phishing email: 5 red flags" | Micro-lesson (3 min read) |
| Friday | Quiz: Phishing identification (6 questions) | Knowledge check |
Week 2: Password security and authentication
| Day | Content | Type |
|---|---|---|
| Monday | Lesson: "Why password reuse is your biggest risk" | Micro-lesson (2 min read) |
| Wednesday | Lesson: "Setting up MFA and using a password manager" | Micro-lesson (3 min read) |
| Friday | Quiz: Password hygiene and MFA (5 questions) | Knowledge check |
Week 3: Review and assessment
| Day | Content | Type |
|---|---|---|
| Monday | Combined assessment: All Q1 topics (10 questions) | Final quiz |
| Wednesday | Auto-reminders sent to anyone who hasn't completed the Track | Automated |
This structure delivers six lessons and three quizzes over three weeks, requiring roughly 20 minutes of total employee time. Compare that to a two-hour annual training session with a fraction of the retention.
Tracking completion and reporting
Running training is only half the job. You also need to prove that people completed it, especially if security awareness training is tied to compliance requirements.
Doozy's admin dashboard gives you visibility into:
- Completion rates: See what percentage of your team has finished each Track, broken down by individual. Identify who's completed all lessons versus who's fallen behind.
- Quiz scores: View individual and aggregate quiz results. Spot topics where your team scores well and areas that need reinforcement.
- Time to completion: Track how quickly employees finish their training after it's assigned. This helps you determine whether your delivery schedule is realistic.
For audit purposes, you can export completion data showing who finished which training, when they completed it, and what scores they achieved. This documentation is essential for frameworks like SOC 2, HIPAA, and ISO 27001 that require evidence of security awareness training. If your team uses a GRC platform like Vanta, Drata, or Sprinto for compliance automation, structured training records from Doozy integrate cleanly into your evidence collection workflow.
If you're building a broader compliance program, the compliance training tracking guide covers how to set up reporting across multiple training types.
Tips for ongoing security training
Security awareness isn't a project with a finish line. It's an ongoing program that needs to evolve alongside the threat landscape. Here's how to keep it effective over time.
Update content quarterly
Review your training content every quarter and update it with current examples. If a major phishing campaign targeted your industry last month, incorporate it into your next lesson. Real, recent examples are far more compelling than generic scenarios from three years ago.
Use real incidents (anonymized) as teaching moments
When your organization experiences a security event, even a near-miss, turn it into a training opportunity. An anonymized case study about a phishing email that almost fooled a colleague is more impactful than any hypothetical scenario.
Gamify with quiz leaderboards
Doozy's knowledge checks can include leaderboard functionality that adds a competitive element to training. Teams that see their quiz scores ranked tend to engage more actively with the material. Keep it lighthearted: the goal is engagement, not pressure.
Layer security training with broader learning initiatives
Security awareness works best when it's part of a broader culture of continuous learning. If your team already uses Doozy for onboarding or professional development, security training feels like a natural extension rather than an isolated compliance exercise.
Gather feedback with polls
After each training cycle, send a quick poll asking employees what they found useful, what they already knew, and what topics they'd like covered next. This feedback loop helps you refine future content and signals to your team that their input matters.
Start small, then expand
You don't need to launch a comprehensive program covering every topic on day one. Start with the highest-risk area for your organization (usually phishing), run one Track, review the results, and iterate. A focused program that runs consistently is better than an ambitious one that stalls after launch.
Get started with security awareness training in Slack
Building a security awareness training program doesn't require a six-figure LMS contract or months of setup. With Doozy, you can create your first security training Track in minutes, deliver it directly in Slack, and track completion automatically.
Install Doozy to start building your security awareness program today.