Security Awareness Training Update
Introducing CyberHoot – What to Expect
To help protect our organization from phishing attacks and other email-based threats, we are updating our Security Awareness Training (SAT) program. This document explains what's changing, what to expect, and how to access training.
Why this matters
Phishing emails remain one of the most common ways attackers try to gain access to company systems, data, and accounts. These messages are becoming more convincing every year and often target people—not technology.
Security awareness training helps everyone:
  • Recognize suspicious emails and links
  • Avoid common phishing tactics
  • Know what to do when something doesn't look right
Keeping awareness high across the organization is one of the most effective ways to reduce risk.
What's changing
We are transitioning our Security Awareness Training platform to CyberHoot.
Security awareness training
Interactive lessons designed to build your knowledge and confidence
Phishing simulation exercises
Safe practice spotting suspicious messages in real-world scenarios
Policy acknowledgments
Required policy reviews when assigned by your department
What's different is how the training is delivered. Instead of long, infrequent training sessions, CyberHoot focuses on short, interactive lessons spread out over time, keeping learning manageable and engaging. The goal is to reduce training fatigue while keeping security awareness fresh and relevant.
How phishing simulations work
As part of the program, you may receive simulated phishing emails. These are safe, internal tests designed to help you practice spotting suspicious messages in a real-world setting.
01
Realistic scenarios
Simulations look like actual phishing attempts you might encounter
02
Think before you click
Practice careful review of emails before taking action
03
Learn from feedback
Receive immediate guidance to improve your awareness skills

Watch the video: To better understand how the phishing simulation program works, please watch this short video: How the new phishing simulation program works
When this starts
To avoid repeating training that would not apply to the new year, the rollout will happen in two phases:
1
Before January 1
  • You will receive welcome emails from CyberHoot
  • These emails are legitimate
  • No required training will be due yet
2
After January 1
  • Required training assignments will begin
  • Phishing simulations and awareness activities will start
  • Any required policy acknowledgments will be assigned
3
New users
  • New hires will receive access shortly after onboarding
  • A short window of time will be provided to complete initial training
How to access CyberHoot (no passwords required)
CyberHoot uses a passwordless login system.
  • You do not need to create a username or password
  • Training emails contain secure links that log you in automatically
1
Go to the IT Portal
2
Click the CyberHoot link
Find the CyberHoot access option on the portal
3
Enter your email address
Provide your work email to request access
4
Check your inbox
A new secure login link will be sent to you immediately
This system helps reduce password issues and makes access easier. If you accidentally delete an email or need access again, simply follow these steps.
Reporting and accountability
Training completion is tracked as part of the security program.
Department-level reports
Department heads will receive compliance reports showing training progress
Leadership visibility
Reports help leadership understand awareness levels and reinforce security culture
Regular updates
Reporting will begin within the first month and continue on a regular basis
These reports are designed to support department leaders in ensuring their teams stay current with security training requirements. Tracking completion helps us maintain a strong security posture across the entire organization.
What we need from you
Complete assigned training
Watch for CyberHoot emails and complete assigned items on time. Training is designed to be brief and manageable.
Take simulations seriously
Treat phishing simulations like real emails—slow down and think before clicking. This practice builds real-world skills.
Ask when unsure
If something looks suspicious or you're unsure, contact IT for help. It's always better to ask than to risk a security incident.
Security awareness works best when everyone participates. Your engagement in this program directly contributes to protecting our organization, our data, and our colleagues from cyber threats. Thank you for doing your part to keep us all safe.
Need help?
Visit the IT Portal
Access resources and links at https://aln.support
Contact the IT Helpdesk
Reach out to the IT team if you have questions or concerns about training or access
Report suspicious emails
If you're unsure about an email, it's always better to ask. We're here to help.

Remember: Your vigilance is our best defense. Thank you for your participation in keeping our organization secure.