icon icon

Cybersecurity Workshops – real attack scenarios, NIS2, KSC and AI security (ISO 27001, ISO 42001)

icon

Training process

Training needs analysis

If you have specific requirements regarding the training programme, we will carry out a training needs analysis for you. This will guide us on which aspects of the programme should receive greater emphasis, so that the training programme meets your specific needs.

What will you gain?

icon

Recognize real threats - You will learn how to tell phishing, ransomware, and supply chain attacks from routine operational issues, so you can spot warning signs earlier and respond before damage escalates.

icon

Respond effectively to incidents - You will practice what to do in the first hours after an incident is detected, who to notify, and how to limit the impact of an attack without making the situation worse.

icon

Protect accounts and identity - You will understand how account takeovers, password leaks, and MFA bypass happen, so you can better protect your credentials, devices, and access to company systems.

icon

Use AI safely at work - You will learn how to use AI tools without exposing sensitive data, how to spot prompt injection and LLM-specific risks, and how to avoid common mistakes in everyday work with generative AI.

icon

Understand NIS2 and KSC duties - You will get a clear view of the key obligations under NIS2 and the National Cybersecurity System, making it easier to understand what your organization expects from you in practice.

icon

Make standards-based decisions - You will see how ISO 27001 and ISO 42001 structure IT and AI security, helping you make better decisions about data, processes, risks, and responsibilities across the organization.

icon

Resist social engineering - You will learn the manipulation techniques used by attackers, including spear phishing, pretexting, and deepfakes, so you can detect influence attempts before sharing data or taking risky action.

icon

Leave with practical actions - You will finish the training with concrete quick wins, checklists, and recommendations based on realistic scenarios that you can apply immediately in your team or organization.

Training programme

1. Introduction to contemporary threats

  • current threat landscape (phishing, ransomware, supply chain attacks),
  • the most common mistakes of users and organizations,
  • the role of the employee and staff in the security system,
  • the connection of cybersecurity with the use of AI.

2. Attack scenarios – practical workshop

  • phishing attack simulation (message analysis, threat identification),
  • account takeover scenario (passwords, MFA, data leaks),
  • introduction to a ransomware attack – course and consequences,
  • incident analysis step by step (vector → escalation → consequences),
  • organization's response – what to do in the first hours.

3. Social engineering and attacks on the user

  • manipulation techniques used by attackers,
  • spear phishing and pretexting attacks,
  • use of AI in attacks (deepfake, content generation),
  • good practices and habits limiting risk.

4. Regulations and obligations of the organization

  • key assumptions of NIS2,
  • requirements of the National Cybersecurity System,
  • incident reporting obligations,
  • responsibility of the organization and management staff,
  • consequences of non-compliance.

5. IT and AI Security – standards and a systemic approach

  • introduction to ISO 27001,
  • basics of ISO 42001,
  • how standards support compliance with regulations,
  • examples of security controls in practice.

6. AI Security in the Organization

  • main risks related to the use of AI (LLM, data, prompt injection),
  • safe use of AI tools at work,
  • data protection in the context of AI,
  • introduction to AI governance.

7. Incident response and good practices

  • incident response procedures,
  • roles and responsibilities in the organization,
  • communication in a crisis situation,
  • security checklists for employees and managers.

8. Summary workshop

  • analysis of a case tailored to the participants,
  • identification of gaps in the organization's security,
  • development of recommendations for actions,
  • key conclusions and quick wins for implementation.

What are the prerequisites for participating in the training?

icon

Basic digital skills - You should be comfortable using email, a web browser, files, and messaging tools so you can follow the attack scenarios and practical exercises discussed during the workshop.

icon

Familiarity with your work setup - You should understand how accounts, passwords, MFA, documents, and online tools are used in your organization, because the training refers to everyday work situations.

icon

Basic security awareness - You should know core terms such as phishing, password, incident, and sensitive data so you can actively take part in case analysis and group discussion during the training.

icon

Readiness for workshop exercises - You should be willing to analyze sample messages, incidents, and AI-related risks and join the discussion, because the training is built around practical scenarios.