Awareness · Domain 02/10

Security Awareness & Training

Change human behaviour at scale. A genuine unfair advantage if you already make TikToks.

No code required⏱ 6–12 monthsRemote Media transfer

01 · A realistic Tuesday

What the day actually looks like.

Change human behaviour so people don't click bad links or DM passwords. Tuesday: review last week's phishing-simulation results in KnowBe4 / Hoxhunt; record a 90-second TikTok-style explainer on MFA fatigue and post to Slack; script next month's onboarding video; design a phishing campaign for AP staff; build the quarterly metrics deck (click rate, report rate, time-to-report).

02 · Who hires

Where the work lives.

KnowBe4ProofpointHoxhuntCofenseLiving SecurityHook SecurityCybSafeMimecastInfosec Institute

03 · Skills

What you actually need.

Technical

Awareness platforms (KnowBe4 most common)
Phishing simulation metrics
NIST SP 800-50 Rev. 1 / ISO 27001 Annex A.7.2.2
Basic LMS (Workday Learning, Cornerstone, Docebo)transferable
Same muscle as managing a YouTube channel.

Soft

Microlearning video creationtransferable
TikTok content creation, retitled with budget.
Editing (CapCut / Premiere)transferable
All training content is edited content.
E-learning module scriptingtransferable
YouTube scripting — same instincts.
Programme managementtransferable
You're producing again, this time in compliance.
Audience analyticstransferable
Click-rate and report-rate are your retention curve.

04 · Career ladder

The shape of the journey.

1
Awareness Coordinator0–1 yr
2
Awareness Specialist1–3 yr
3
Senior Specialist / Human Risk Analyst3–6 yr
4
Awareness Manager5–9 yr
5
Head of Security Culture8–14 yr
6
CISO track12–20 yr

6–12 monthsto break in

36121824

Note. Times reflect typical paths for someone with strong communication and 10–15 hrs/week of focused study.

05 · Salary explorer

What it pays.

Ranges are directional. Currency: USD · annual. Last updated: 2025.

06 · Certifications

The cert sequence that won't bankrupt you.

ISC2 CC

ISC2

Free via 1MCC. Cyber vocabulary baseline.

Free starter

Free

Security+

CompTIA

Often a hiring screen even for non-technical roles.

Recommended

$425 · ₦638k

SANS LDR433 / SSAP

SANS

Gold standard. Get via SANS Work-Study or CyberSafe CyberGirls+ — never self-fund.

Eventually needed

$7500 · ₦11250k

ATD Master Trainer or Coursera Instructional Design

ATD / Coursera

Adult-learning credentials carry weight if you're new to training.

Nice-to-have

$200 · ₦300k

CISM

ISACA

Take at manager level.

Nice-to-have

$760 · ₦1140k

07 · Remote-friendliness

Working from Lagos, Abuja, or anywhere.

5/5

Awareness vendors actively want diverse global content creators. KnowBe4, Hoxhunt, and CybSafe regularly hire EMEA-based remote staff.

08 · Trade-offs

The good, the gritty, and who this suits.

Pros

+Extreme overlap with creative skills.
+Lower cert barrier than most cyber roles.
+Visible portfolio work — every campaign is a piece of your CV.

Cons

−Salaries plateau lower than technical specialisations.
−Can be ROI-questioned in downturns — measure everything.

Personality fit

If you can hold attention for 90 seconds about anything, you can teach 5,000 employees not to click the link.

09 · Watch this

Three to five hours that beat any cert.

Managing Human Risk

SANS Institute

Why watch. Lance Spitzner — the field's clearest thinker on changing behaviour at scale.

Managing Human Cyber Risk

ITSPmagazine

Why watch. Long-form Spitzner conversation on the redefining cybersecurity podcast.

Security Awareness Metrics — Measuring Change in Human Behavior

SANS

Why watch. How to prove the programme works, in numbers.

How to Become Security Awareness and Training Specialist

Career Crucible

Why watch. Realistic entry path.

10 · Next step for this path

Do this by Friday.

This week: post a 60-second explainer of MFA fatigue on TikTok or LinkedIn. Tag KnowBe4, Hoxhunt, and CybSafe in the caption. That's one line on your CV by Friday.