Where Do I Start?
“I know I need to do some work on developing proactive security behaviours, but I just don’t know where to start…”

We hear this again and again from businesses who find themselves strapped for time, and ideas, when it comes to tackling security awareness with employees.

Interested in booking a ‘Where Do I Start?’ Consultation?

‘Where Do I Start?’ is designed to get your culture change strategy up and running.

Just imagine having an hour with a security culture change expert, dedicated to developing a workable strategy for behavioural change, tailored to your organisation. Well that’s what we’re offering with ‘Where Do I Start?’ We’re not about just offering you theory; we will use the hour to:

Identify and prioritise your human factor risks.

Provide a step-by-step guide to behavioural change related to those risks.

Co-create a workable action plan.

Discuss your time-frame, and review dates.

At the end of the hour’s consultation, the action-plan is yours to take away and implement in your business.

Where Do I Start? Benefits to Your Business

A detailed discussion of the context for security awareness in your business.

A list of the human factor vulnerabilities you are currently facing.

The potential cost to the business of not initiating proactive security behaviours.

A tailored list of best practice behaviours, and measurements, for your business.

A step-by-step plan which you feel confident that you could implement immediately.

A resource pack with ideas, suggestions, and leadership tips to ensure that your initial efforts build momentum and become self-sustaining.

Where Do I Start? Return on Investment

A practical plan for preventative, proactive security which is ongoing.

Identifying and tackling your top ‘human factor’ vulnerabilities.

Switching on your ‘human firewall’

Who Will I Be Speaking To…?

Every member of the Layer 8 team has expertise in cultural change, behavioural change, and security awareness education. We have all worked extensively across a range of sectors with organisations of 50 – 50,000 employees.

Take a look at our Customer Success page for our Case Studies.

How Does ‘Where Do I Start?’ work?

Once you have registered, we will contact you within two working days to arrange an appointment.

We’ll send you a short questionnaire which will allow us to get acquainted with your business before we speak to you, and give you the opportunity to raise specific issues you’d like us to work with you on.

We look forward to starting the conversation with you…

Price: £250 (ex VAT) for an hour long conversation with one of our security culture experts.

Start Here

We Offer a Number of Themed ‘Where Do I Start?’ Conversations:

GDPR is currently on everybody’s mind. Whether your business is just starting to prepare for this new regulation, or you’re already on track to meet the new requirement in 2018, this is a great opportunity to put security culture at the top of the Board’s agenda, and use 25.05.18 as a focus to set new goals for proactive security protection with your advocates/champions network or security team.

Your hour-long consultation will include:

  • Consideration of the benefits of involving employees in the process of preparing for GDPR.
  • Discussion of a range of preparatory activities to ‘put the human back in the data’.
  • Planning for 2018 to ensure that your business is GDPR ready as far as the human factor is concerned.


Creating an effective security culture for your business means that from the moment a new employee starts work, they know that an integral part of their role will be taking responsibility as a proactive security protector of the business’ assets. If this crucial message is absent early on, security will be likely to remain an ‘add-on’ for that employee for as long as they remain with the company.

Your hour-long consultation will include:

  • Creating an induction session that will engage new employees.
  • Working with HR on Induction.
  • Making Induction the start of a process that will continue through their employment.


One of the most successful strategies for engaging employees in cybersecurity issues is the development of a Security Champions, or Security Advocates network. Research suggests that when security communications are supported and enthusiastically communicated by peers, as well as the leadership, they have a far higher success rate than those issued from an anonymous source. Layer 8 has run a number of highly successful Security Champion programmes, and has seen the speed at which an effective and proactive security culture can grow from just a handful of advocates who are committed to spreading the word, changing behaviours, and making the workplace secure.

Your hour-long consultation will include:

  • Strategies for finding your champions who will kick-off the process.
  • Getting buy-in for your Champions network.
  • Champions induction – creating a self-sustaining, powerful network that maintains the security conversation across the business.


What’s the existing security story in your business? Perhaps it’s as simple as “IT does security’, or “Lots of rules that slow me down and a CBT test”. These stories do harm to the business because they make security a bother, and the responsibility of IT. Changing your security story is about creating a compelling narrative that encapsulates what security means – uniquely- to the business. It gives context, content and agency to each of the employees who hear and share it. Stories are ‘sticky’, they’re a natural way of learning, and the invite telling, retelling, and adaptation as the story develops.

Your hour-long consultation will include:

  • The development of your unique security story.
  • Advice on the ways in which your story can be used across the business.
  • Delivery tips for selling your story to a range of listeners – including the board.


According to a new report from Node4, human error is now considered to be the biggest security threat to a business. Whilst the majority of businesses have a security policy, the problem is that around half of employees do not consider themselves ‘cyber-savvy’ and don’t know what responsible security behaviours are. Many security professionals struggle to know how to get employees to understand their responsibilities and translate them into secure behaviours.

Your hour-long consultation will include:

  • Step-by-step introduction to a range of tried and tested methods for getting buy-in from employees.
  • Development of a tactical approach to changing key security behaviours in order to encourage proactive engagement with risk.
  • Creating the framework for a security maturity model which provides a roadmap for all departments, and sets manageable goals on the journey to a proactive workplace.


Why don’t perfectly reasonable rules translate into secure behaviours? This is a question we’re asked by businesses again and again. What if the question needs turning around though; what if rules emerge out of secure behaviours? We have found that rules that follow behaviours are far more likely to be effective, and behaviours are embedded as part of the process leading up to rule-making. Having used it this approach successfully a number of times it has become a structure that can be repeated across a range of different contexts.

Your hour-long consultation will include:

  • Identification of the behaviours that are most important to the risks your business faces.
  • Introduction to a simple five-step process for embedding those behaviours.
  • Creating a framework for collaboration and rule-making within the business.


Have any questions? Contact Us Via 0800 772 0372 or the form below

 Yes add me to the Layer 8 mailing list so I can find out about webinars and security culture developments

Please leave this field empty.

Keeping sharing simple...