Overview

Problem 

The information security team at SeamlessCargo (name changed for privacy purposes), flagged a recent increase in cybersecurity incidents caused by phishing attacks. SeamlessCargo had recently been hiring a large number of remote employees and management were concerned that addressing the need for cybersecurity awareness with an email campaign may be ineffective. The new hires were already processing a large amount of both role-specific and general company information as they adjusted to their new positions.

 

​

Solution

After analysing the problem, I could see that the company policies were labelled and accessible within a management system however, they were text heavy and time-consuming to navigate. 

 

I proposed an interactive policy library on the company intranet with the following features:
 

1. Clear introduction of policy owners to ensure new hire familiarity with staff network in their remote work situation.
        

2. Ability to integrate a ticketing system that leverages existing digital communication channels already in place to demonstrate a company commitment to an inclusive “open door policy”.
    

3. eLearning that includes a knowledge check and scenario simulation for each Policy and Procedure area (including cybersecurity phishing awareness).
    

4. LMS/LRS functionality to monitor and measure learner progress.

​

​

 

 

 

 

 

 

 

 

 

 

 

 

Design process (specific focus on Phishing Awareness training)

 

Initial research with SMEs

I consulted two subject matter experts (SMEs). 

1. A HR professional who gave me insight into the importance of the new hire onboarding experience. 

2. An experienced information security specialist who worked with me to develop measurable performance goals for Policy and Procedure phishing awareness compliance. 

 

Below, I discuss both interactions separately. 

 

HR Professional - New Hire Onboarding Experience

 

My consultation with my HR SME confirmed my own research. New hire productivity and retention can be increased by more than 70% through good employee onboarding. Failing to take advantage of an opportunity to make necessary compliance training a flexible, easy-to-access experience that promotes inclusion, leads to a poor onboarding experience. This can cause new hires to change their mind about the job – before they even start. Instead of feeling excited, appreciated and confident, new hires feel lost and their minds are full of unanswered questions.

 

IT Specialist - Crafting a Performance Goal Policy and Planning to Measure Progress

​

Following my discussions around Phishing Awareness with this SME, I chose to measure progress of the Phishing Awareness eLearning by monitoring the cybersecurity incident response metrics that feed into the company’s overall security posture.

 

My measurable goal was:

“Phishing cybersecurity incidents will decrease 20% by next year as employees demonstrate use of phishing awareness training in their daily work.”

​

Note: There is room in the structure of this eLearning to incorporate scenarios simulating company specific procedures for other cybersecurity non-compliance concerns. However, given the conceptual nature of this project these scenario simulations were not included in the design.

​

 

Action Map

​

We used an action map to identify the actions required by remote employees to reduce the occurrence of cybersecurity incidents resulting from phishing attacks. 

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

Script / storyboarding (Text-based storyboard)

Once the action map was complete, I began working on a text-based storyboard that incorporates these key actions into a realistic scenario. I chose to craft the main protagonist as an employee responding to a phishing email. I based this choice on adult learning theory which recognises adults as problem solvers, requiring problem-centred learning​. The phishing email features a spoofing scam designed to imitate the identity and domain name of the employee’s boss and Chief Financial Officer.

 

I began the scenario by programming an email analysis that invites the learner to assume the role of the protagonist and analyse the features and warning signs present in a phishing scam. Call to action prompts then lead the learner to determine the best next steps when phishing is identified.

 

Question prompts allow the learner multiple choices in the scenario. When selected, each scenario plays out for the learner to see the consequence of their choice (good or bad). Once the learner is informed of the consequence they are congratulated on their success or prompted to try again.  

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

 

Visual mock-ups

Once the text-based storyboard was revised and finalised, I began creating visual mockups for the scenario in Adobe XD. I created a custom palette and ensured consistency in my font choice and vector design. I used best practice in alignment, proximity, contrast, and typography to ensure the design was visually sound. 

​

​

​

​

​

​

​

​

​

​

​

​

​

 

I chose to use photographs, when representing something specific, like the phishing email scenario in which I had to relay emotions and facial expressions. In other areas I used illustrated vectors, such as in my interactive policy graphic where I used vector illustrations to represent each department area as they are not one specific item but a grouping of knowledge, policies, procedures and the people who curate these.

​

​

Explore the visual mock-up gallery below

​

​

​

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

​

 

 

User Experience (UX)

I consulted my Human Resources SME when planning the user experience of my Policy and Procedure Organisational interactive graphic. I designed this interactive graphic to look like a network organisational structure, complete with professional staff photographs to serve as a visual map for the policy and procedure library. 

 

This design places Corporate Governance in the centre, informing the target audience (new hires) that company mission, vision and values is at the heart of compliance training. With an ability to integrate a ticketing system to place queries, this design is intended make compliance training a people-centred experience.

​

 

 

 

 

 

 

 

 

​

​

​

​

​

​

​

​

​

​

The navigation side bar invites learners (new hires) to engage in eLearning specific to each policy/procedure. This concept requires learners to interact with the policies and procedures in micro-learning chunks over time improving content retention. 

​

Interactive Prototype

I used Articulate Rise 360 to create an interactive prototype using the visual mockups and storyboard to bring the programming to life. I received feedback suggesting I separate the phishing email analysis from the branching scenario to allow the learner time to interact with and analyse the email as if it were an email in their own inbox. 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Full Development

After implementing the changes and feeling content with the look and feel of the triggers and functionality, I commenced full development in Rise 360. I included features such as a navigation side bar to separate content into micro learning sections which offers flexible access and provides learning in small chunks over time improving retention. I enabled a search function as an employee will likely navigate to that feature when searching for information within the company policy and procedure library.

 

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

xAPI implementation and the LMS/LRS

To test my triggers, I exported my eLearning to SCORMCloud, a Software as a Service (SaaS) training delivery platform that hosts eLearning content. 

This allowed me to track:

• How many users completed training.

• Progress status of learners.

• Time learners spent completing the eLearning.

​

​

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Visualisation

I wanted to create a more comprehensive report that would allow me to evaluate my eLearning from multiple angles. I used Watershed, a data visualisation tool, to visualise data such as how long learners paused or hovered over information or the elapsed time between commencing and completing a knowledge check. To achieve this I created an inbound LRS connection using SCORMCloud’s endpoint URL to allow Watershed to access the xAPI statements generated by my users/learners.

 

A feature I liked about Watershed was it automatically pulled in learner interaction data in real time allowing me to monitor the metric dashboard. 

​

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

​

​

​

​

This project allowed me to work with SMEs, managers, and learners to create a not only a scenario-based eLearning experience but a concept-driven eLearning tool. It enabled further growth in my role as a Learning Experience Designer and it tested my project management skillset. 

​