Most people don’t remember the last cybersecurity awareness video they watched. Not because it was bad, but because it was forgettable. Which is also bad, but it sounds less malevolent. A beige slideshow with a monotone voiceover. Someone getting phished because they clicked a link that might as well have said “click here to have your identity and money stolen”.

There’s the problem. Too much training feels like homework - boring, easy homework at that (basically busy work) - which means end users don’t remember it. And if they don’t remember it, their behaviour doesn’t change. Which is supposed to be the whole point of cybersecurity awareness training in the first place, rather than keeping insurance companies and regulators happy.

For MSPs, this becomes even more painful. You’re judged on your ability to reduce risk for dozens of clients at once. If the content is dull, you get the angry phone call when Kevin clicks on a fake invoice that looks like it has been designed in Microsoft Paint.

So, the challenge is simple. Training must be engaging enough that users actually take part and short enough that they don’t fight it. It has to create learning moments rather than frustration and brain fog.

You want training that makes people say “We’re loving Phin and the set-it-and-forget-it nature of the platform. Our end-users really enjoy the training content.” Or, you know, something like that. That was a direct quote from Steve Sherwood of Lucidity, a Phin partner since 2023 - Hi, Steve!

Compliance is important. Cyber insurance requirements are important. Auditors who raise their eyebrows as they sigh at you over their clipboards are important, in their own way.

But compliance is only one layer of protection. The real metric that matters is whether users behave differently after training. Do they slow down before clicking? Do they spot the weird grammar in a phishing email? Do they question the CEO who suddenly messages them about gift cards or an urgent job?

Behavioral change is the key. You get there with content that teaches something useful in a way that sticks.

6 Security Awareness Training Content Providers that will Change User Behavior

That brings us to the six providers who supply all training inside Phin. Oh yeah, we don’t make all our own content - we curate the best content from the best providers. You can see them here. They are different in style, topic, and general *vibes*, but all share one thing. They care about helping users learn something, not punishing them with a 45-minute lecture on passwords.

Here is the lineup. No particular order; if anyone from the below organizations is reading this, we’ll happily put you top in exchange for a box of donuts to Phin HQ.

1. NINJIO

Fast paced, dramatic, and built for people with the attention span of a heavily caffeinated baboon.

Ninjio tells cybersecurity stories using high quality animation with a new episode every month. Think mini episodes that feel like something you might accidentally binge until Netflix shames you by asking whether you’re still watching for the fifth time.

What they cover: Phishing, social media, information security, passwords, remote working, device security, and more.

Why users like it: Episodes are short and engaging. You learn something without feeling lectured. The story sticks in your head, which means the lesson does too. Like Sesame Street for grown ups.

2. SocialProof Security

People focused, behaviourally smart, and built on real psychology.

Co-founded by white-hat hacker/educator Rachel Tobac, SocialProof Security specializes in social engineering and human risk. Their videos use real world stories to show how attackers manipulate trust, emotion and urgency. They also teach through talks and workshops. And the best part? You’ll be taught by talent from Hamilton, MTV, American Idol, and TikTok.

What they cover: Social engineering (this is their main focus), phishing, ransomware/malware, passwords, social media, social engineering, MFA.

Why users like it: It feels modern, real and believable. The content - and subsequently the lesson - sticks because it’s based on how people actually behave rather than abstract textbook theory.

3. Goldphish

Bright, animated and perfect for global teams.

Goldphish is NCSC-accredited and uses friendly animated characters (like you might see in webcomics like Cyanide and Happiness) and bite-sized lessons that simplify complex topics. It is especially strong for teams who prefer visual storytelling and need multiple formats, like video, interactive scroll throughs, and micro modules.

What they cover: Passwords, phishing, malware, data privacy, secure browsing, physical security, USB risks, and plenty of other fundamentals.

Why users like it: Easy to grasp and easy to remember. Nothing feels intimidating. It strikes the balance between helpful and fun - which, obviously, we at Phin wholeheartedly approve of. Fun, helpful bunch that we are.

4. CFISA

Straightforward, clear, and ideal for policy based organizations.

CFISA’s content is clean and direct. No fluff or theatrics. Simple guidance that helps end users understand what to do and why. This is especially good for organizations that want to reinforce compliance with company rules and it’s certified to meet NIST-800 53 standards by the State of Texas.

What they cover: Compliance, privacy, data protection, security fundamentals, phishing awareness and incident reporting.

Why users like it: It feels practical and reassuring. It is great for users who want calm, structured training that gets straight to the point.

5. OWASP

Developer heavy, deeply technical, and essential for anyone touching code.

OWASP brings technical accuracy to topics that developers, software teams and product engineers deal with daily. These lessons dig into vulnerabilities and secure coding practices in a way that normal training often avoids. Like a cybersecurity Wikipedia, OWASP Foundation relies on volunteers and is available to all. There’s a LOT of content, so Phin’s job is to give you and your clients the best, most applicable stuff.

What they cover: What don’t they cover?! There are units on the top 10 vulnerabilities including API security, secure coding, injection attacks, access control failures, and other engineering focused elements.

Why users like it: It is clear, authoritative and respects the audience’s technical skill. Developers get the depth they actually need, not a high level summary.

6. Habitu8

Real people, real stories, and real humor.

Part of Arctic Wolf since 2021, Habitu8 blends live action and animation into short, relatable training moments with high production values - they compare themselves to the big boys of film and television in terms of production quality, and it’s easy to see why.

What they cover: Password hygiene, phishing, physical security, device security, mobile threats, secure browsing.

Why users like it: It feels modern and fast. Users come away thinking about the concept rather than the video itself, which is the ideal result.

What all six providers have in common

High-value training, created by experts in their own lane.

Each provider has its own production style. Animation. Live action. Real stories. Technical depth. Behavioral science. Whatever the style, the goal stays the same. Help users recognize threats quickly and act safely.

This variety is why Phin doesn’t create content in-house. There’s no point trying to out-animate Ninjio or out-psychology SocialProof Security. Instead, Phin curates the best from multiple partners so MSPs can deliver consistent training that evolves with the threat landscape and ensures that there really is something to suit any clients you might get. Whatever their initial level of understanding, their preferred method of learning, or their sense of humor - Phin has content that’s fit for purpose.

6 Reasons MSP’s Love Training with Phin Security

1. Content variety without the burden of managing content

Most cybersecurity awareness tools give you a small library that loops every year. End users groan because they have seen it before. MSPs groan because they have to manage it. Compliance teams groan because it is the same old stuff. We groan because we know we could make it so much better for everyone involved.

Phin solves this with scale and automation.

2. No repeated content for 15 years

Between six providers, dozens of topics, and constant new releases, you can train every month for more than a decade without repeating anything (although you might want to repeat a few bits, there’s some great stuff).

3. Short training by default

Ninety percent of the entire library takes five minutes or less. Users actually complete it. MSPs get higher compliance rates. No one complains about losing half their morning to a video.

4. Built to change behavior, not tick a box

The variety of tone, format, style, and approach means every user finds something that resonates, because different brains latch onto different things. Want an example of this leading to actual behavioral change?

One of our MSP partners, Simplex IT, had a client who handled credit card information. So, naturally Simplex IT ticked that box in the onboarding process. Phin’s automated campaigns provided PCI DSS training, and after completing the training, the company immediately reached out to their bank to find a solution for collecting credit card information in a more secure manner. They immediately implemented a new payment process. A big win for Simplex IT, and all they had to do was tick a box.

5. Aligned with cyber insurance requirements

Short training delivered monthly helps users stay aware and helps you demonstrate continuous education. That matters for insurers who want to see proof that you’re actively reducing human risk.

6. Designed for MSPs

Auto enrollment. Auto resetting. Auto reporting. Auto everything. When you don’t have to manage campaigns manually, you save hours every month and reduce human error. As Integris put it - “Phin has saved us 70 hours monthly on SAT deployment and management.” They’ve been partners since 2022, so that is a huge amount of time saved so far.

Next Steps for your MSP

Want a deeper dive into Phin’s content library? Start a free trial or book a call! You will see why MSPs stick with Phin for the long haul.