ServicesAwareness Programs
Managed Service

Many organizations have training content.
Fewer have a program.

Tiamat Awareness Programs help you design, launch, and operate a repeatable cybersecurity awareness and training program — with the governance, reinforcement cadence, and evidence model needed to keep it running year after year.

Service Options

Choose the level of support you need

From a focused design sprint to fully managed operations — every engagement follows the same proven methodology.

Best for starting from scratch

Program Design Sprint

Annual program design, role matrix, framework crosswalk, evidence model, and implementation roadmap. You get a complete program blueprint in weeks, not months.

Ideal for organizations resetting after a failed audit or building their first formal program.

MOST POPULAR
Best for teams that need it run

Managed Annual Program

Program design and launch, monthly reinforcement, completion monitoring, quarterly reviews, and evidence maintenance — fully managed so your team can focus on their day jobs.

The most popular option. We build it, run it, and prove it's working.

Best for complex environments

Virtual Program Manager

Operational ownership, stakeholder coordination, escalation tracking, audit support, and annual improvement planning. A dedicated program manager who knows your frameworks, your people, and your audit calendar.

For regulated industries and organizations with multiple frameworks or stakeholder groups.

What You Receive

A complete operating model for security awareness

Program Design & Governance

  • Program charter and governance structure
  • Annual security awareness and training plan
  • Training audience inventory and role-based learning matrix
  • Onboarding and refresher requirements

Operations & Reinforcement

  • Monthly reinforcement calendar
  • Phishing and social engineering reinforcement strategy
  • Policy acknowledgment structure
  • Completion monitoring, reminders, and remediation

Evidence & Reporting

  • Metrics dashboard and leadership reporting
  • Audit-ready evidence package
  • Annual review and next-cycle recommendations
Our Methodology

Discover. Design. Launch. Reinforce. Prove.

Every engagement follows the same proven five-phase cycle — from discovery through evidence review and annual improvement.

01 — Discover
Identify applicable frameworks, in-scope user populations, audit pain points, current tools, and the most common human-risk patterns in your environment.
02 — Design
Create the governance model, annual program plan, role-based learning paths, framework crosswalk, and evidence collection model.
03 — Launch
Deploy baseline awareness training, role-based assignments, policy acknowledgments, automated reminders, and reporting workflows.
04 — Reinforce
Run SSSC micro-assessments daily, rotate monthly awareness themes, execute phishing reinforcement campaigns, and deliver targeted retraining where performance data shows gaps.
05 — Prove
Review program metrics, validate evidence against framework requirements, support auditors and assessors directly, and update the program plan for the next annual cycle.
Why It Works

Built for how programs actually operate

Continuous, not annual-only

Awareness does not spike once and hold. The method keeps learning active across the full year through daily micro-assessments, monthly themes, and quarterly reviews.

Framework-aware, not fragmented

Instead of running separate efforts for CMMC 2.0, ISO/IEC 27001, NIST RMF, and PCI DSS, the method uses one master program with a mapping layer that covers all of them.

Operational, not just educational

A working program needs owners, cadences, records, remediation, and reporting — not just training content. The methodology defines who does what, when, and how it gets documented.

Built for evidence

Records, reporting, remediation, and reviews are part of the program design from day one — not an afterthought assembled under deadline pressure at audit time.

Who This Is For

Built for organizations with real compliance obligations

Organizations preparing for or maintaining CMMC 2.0 certification

Businesses aligning with ISO/IEC 27001

Teams working under NIST RMF or NIST SP 800-171 requirements

Merchants or service providers addressing PCI DSS obligations

Companies responding to recurring customer security questionnaires

Organizations that have training content but no formal program structure behind it

Get Started

Need more than annual awareness training?

Tiamat helps you build and run a continuous security program with the structure, reinforcement, and evidence your auditors and customers expect.

Book a Program Design Session →Take the Free Assessment