NexGuards
    Book Demo

    A security awareness program. Built for your company.

    10 quick questions. 5 minutes. 10-section program. Free.

    We use your email to identify your company and send you the report. Nothing is emailed to your team.

    Standards-aligned
    • NIST CSF 2.0
    • CIS Control 14
    • ISO/IEC 27002 6.3

    Table of Contents

    10 sections, your program.Built from your real surface, not a template.

    1. 01

      Cover

      Company, generation timestamp, scope of the program.

    2. 02

      Executive Brief

      One-line summary, three findings, three first actions, and what leadership will have by Week 12.

    3. 03

      Situations & Priority Teams

      4–5 defensive scenarios anchored to your real public surface, with the teams each one targets and why.

    4. 04

      Evidence & Readiness

      The signals we built the report from, plus an 8-dimension readiness snapshot with status, finding, and next action. No fake-precision scores.

    5. 05

      90-Day Roadmap

      Four phases with DIY effort vs. NexGuards effort spelled out, plus a 5-item pre-launch checklist.

    6. 06

      Week-by-Week Plan

      Twelve weeks of email, SMS, voice, and meeting-invite simulations with capability badges and the audience for each.

    7. 07

      Measurement Plan

      Five behaviour metrics with what each one tells you, how to act on it, and where to drive the number.

    8. 08

      What This Replaces

      Side-by-side vs. traditional awareness platforms. The shape of the difference, in one comparison.

    9. 09

      Run with NexGuards

      If you'd rather not run it yourself: the capabilities NexGuards brings to operate the program end-to-end.

    10. 10

      Standards & Safe Sim

      NIST CSF 2.0 / CIS Control 14 / ISO 27002 6.3 alignment plus safe-simulation principles, in one footer.

    Live excerpt · Section 03 / 10

    One situation your program prepares for.Yours will read like this. Grounded in your real public surface.

    Situation · SIT-01·8+ public CFO appearances; AP 4h urgent-wire SLA

    Coordinated CFO impersonation with AI voice across email and phone

    Why it matters

    An email + AI voicemail combo can authorize an out-of-band wire faster than verification catches it. Voice models trained on public earnings calls and conference panels are indistinguishable from the real CFO to anyone outside the executive team.

    Behavior to train

    Any out-of-band wire request from an executive triggers a passphrase challenge or live video confirmation, regardless of caller-ID. No exceptions for 'this once, it's urgent'.

    Why it's plausible here

    Acme's CFO has 8+ recorded appearances on YouTube and podcasts in the last 18 months, more than enough audio for any open-source voice model. AP processes wire requests flagged 'urgent, close of quarter' within a 4-hour SLA, leaving little time for verification once the request lands.

    Voice simAI-personalizedMicrolesson
    Generate mine
    Live excerpt · Section 04c / 10

    The teams the program weights highest.Priority groups, not made-up department scores.

    1. Team · 01Finance & Procurement
      High
      Vendor / payment fraudOut-of-band verification simulation, week 6
    2. Team · 02IT / Helpdesk
      High
      MFA-reset social engineeringVishing identity-proofing test, week 8
    3. Team · 03Executives & Assistants
      High
      Wire-transfer impersonationDeepfake-aware verification protocol, week 9
    4. Team · 04Engineering & Product
      Medium
      Credential / session theftAiTM phishing + hardware-key MFA awareness, week 7
    5. Team · 05Sales / Customer Support
      Medium
      Lookalike-domain inbound luresCustomer-impersonation simulation, week 5

    Sample shown · full report covers every priority group with main risk and program focus

    How it's built

    Three steps. No call required.

    1. 01

      Signals collected

      Public OSINT, your domain's email-auth posture, your hiring footprint, your tech stack, plus a 60-second adaptive questionnaire to fill in what only you know.

    2. 02

      Mapped to standards

      Findings cross-walked to NIST CSF 2.0 (PR.AT), CIS Control 14, and ISO/IEC 27002:2022 Control 6.3. Same language your auditor uses.

    3. 03

      Compiled into 10 sections

      A defensive playbook tailored to your real surface, with status labels (not fake-precision scores), a 12-week calendar, and a measurement plan. Delivered as both a web report and a PDF.

    Generate program

    Build mine.

    Drop your work email. The dossier lands in your inbox in about three minutes. No call. No credit card. Delete anytime.

    We use your email to identify your company and send you the report. Nothing is emailed to your team.

    Common questions

    Need something we haven't covered? Talk to a real human.

    Contact us

    Yes. The full 90-day program (10 sections, web view and PDF) is free with no credit card. Security leaders who get value from the program sometimes return for our managed delivery service; that's the business model.

    No. Generating a program does not send any emails, simulations, or notifications to your team. Only you receive the report. Nothing is dispatched to your employees, your IT team, or anyone else at your company. The simulations described in the report are blueprints only; they run if and when you explicitly choose to launch them with NexGuards.

    We use the domain to identify your company and to email you the report when it's ready. We don't sell your email to third parties.

    Every situation is anchored to a specific public signal we cite. Dimensions we can't see from outside (helpdesk protocols, MFA coverage) are marked 'Needs validation' rather than scored. This is a strong starting point, not a substitute for an internal risk assessment.

    Public ones only: your domain's email authentication records, your public website, your LinkedIn company page, public news, and public job posts. Nothing internal, nothing scraped beyond what is already publicly indexed.

    NIST CSF 2.0 (PR.AT category), CIS Control 14, and ISO/IEC 27002:2022 Control 6.3. Citations are at the subcontrol level and tied to specific weeks of the calendar. This is alignment, not certification.

    Yes. Every report has a public share link you can send to your board, auditor, or CFO.