APEX

APEX Program

From your most vulnerable employee to your strongest line of defence.

APEX is PeopleShield's advanced cybersecurity awareness and phishing program — built for organisations that understand the difference between a workforce that has completed training and one that is genuinely prepared.

Book an Introductory Discussion See how it works ↓
38%
of cyber incidents start with a phishing attack on a person
6+
interconnected principles that no automated platform can replicate
Every tier
High-risk, standard, and low-risk employees each receive a program designed specifically for them
One goal
A measurable, continuously improving human security culture — not just a compliance certificate
The market problem

Automated platforms produce compliance. Not change.

The security awareness training market is crowded with AI-powered platforms competing on automation, volume, and price. Organisations can complete thousands of simulations, tick the compliance box, and still suffer breaches — because the platform never changed how their people actually think.

Every employee treated identically

Regardless of role, risk level, or learning history — the same simulation goes to everyone.

Failure triggers more of the same

Research shows repeated automated failure increases anxiety and reduces engagement — it does not produce change.

Generic, templated content

Lures and scenarios recycled from a static library — not built from real threats facing your sector right now.

No human support for high-risk individuals

The system cannot distinguish between low digital literacy, high workload, and disengagement. It just sends more training.

Dashboard data, not governance narrative

Click rates and completion percentages tell you what happened — not what it means or what to do about it.

Adversarial culture

Employees feel surveilled and tested. Programs deployed without preparation generate resentment, not engagement.

Educational science is clear: knowledge acquisition alone does not produce lasting behaviour change in high-stakes environments. Behaviour change requires motivation, confidence, opportunity, and reinforcement — none of which an automated platform can reliably deliver for every individual.

How APEX works

Six interconnected principles. Built as one program.

APEX is not a platform with a consultant bolted on. It is a fundamentally different model — six principles working together to produce what no automated alternative can deliver: measurable, lasting behaviour change across your entire workforce.

01

Intelligence-driven curriculum

Training content is built from live threat intelligence specific to your sector — sector feeds, government advisories, global threat reports, client-provided telemetry, and identity exposure datasets. Your people are trained on what is being used against organisations like yours right now.

02

Risk-tiered human security model

Every employee is assessed and placed into one of three dynamic risk tiers — updated continuously as behaviour changes. The program responds to each individual's actual profile, not a fixed assumption about where they should be.

03

Adaptive training delivery

High-risk employees receive human-led coaching and targeted intervention. Standard-risk employees receive relevant, current reinforcement. Low-risk employees are challenged with advanced scenarios — not left to quietly coast on past performance.

04

Phishing simulations as diagnostic tools

APEX simulations are not traps. They are diagnostic instruments with two purposes: measuring behaviour and reinforcing learning. Difficulty is calibrated to each employee's risk tier. Post-simulation moments are immediate, contextual, and constructive.

05

Culture & Readiness Assessment

Before a single simulation is designed, we invest in understanding the human environment we are entering — psychological safety, communication norms, existing security posture, leadership appetite. A program built on this foundation lands entirely differently to one deployed without it.

06

Advisory overlay & executive reporting

APEX includes a governance layer designed for boards and risk committees — policy alignment recommendations, regulatory-ready reporting, and a quarterly Security Culture Scorecard that translates behavioural data into business language your board can act on.

Our most important differentiator

The Supported Growth Pathway

When an employee repeatedly struggles with security awareness training, most automated platforms respond by sending more of the same. APEX takes the opposite approach.

The Supported Growth Pathway is a structured, human-led intervention model for employees who emerge as high-risk. It is non-punitive, confidential, and evidence-based — and it is the single most important thing that separates APEX from every automated alternative on the market.

01
Identification
Behavioural indicators flag the individual — silently, with no shame trigger
02
Root Cause Diagnostic
A private 15–20 min conversation to understand the actual barrier
03
Micro-Intervention
One of three tailored support tracks activated based on root cause
04
Graduated Re-engagement
Simulations restart at reduced complexity — building confidence, not shame
05
Transition & Recognition
Successful completions celebrated in the Security Culture Scorecard
Stage 02 in depth

The Root Cause Diagnostic

This 15–20 minute private conversation — conducted by a PeopleShield consultant or trained internal champion — explores whether the barrier is awareness, confidence, workload, digital anxiety, or something else entirely. It is a learning diagnostic, not a performance review. It also provides the organisation with documented evidence of due diligence that no automated platform can produce.

Stage 03 in depth

Three intervention tracks

Low awareness: Role-specific scenario walkthroughs, 1:1 or small group, drawn from live sector intelligence.

Low confidence or digital anxiety: Simplified confidence-building content, buddy system with a trained security champion.

High workload or cognitive pressure: Micro-bursts of 3–5 minute content, adjusted timing, optional manager awareness.

When the pathway isn't enough: the Peer Guide intervention

For a small cohort of persistent non-improvers, more modules and more simulations will not fix the problem. What the research consistently shows is that for this group, the most powerful force for change is not a program — it is a person.

APEX activates a Peer Guide pairing — a colleague who has demonstrated strong security behaviours, matched with the individual as an informal guide and role model. The pairing is voluntary, confidential, low-burden, and supported by PeopleShield. The Peer Guide's role is not to teach. It is to normalise.

Evidence-based — grounded in behavioural science
The risk-tier model

Not everyone needs the same training. APEX knows the difference.

Every employee is assessed and placed into one of three dynamic risk tiers at program outset — and moved automatically between tiers as their behaviour evolves. The program is always responding to the person, not the calendar.

High risk

Investment, not attrition

Repeated failures, low engagement, or credential exposure indicators. These employees are not a problem to be processed — they are an organisation's greatest untapped security opportunity.

  • Human-led root cause diagnostic
  • Personalised micro-intervention
  • Graduated re-engagement arc
  • Supported Growth Pathway activation
  • Peer Guide pairing if needed
Standard risk

Consistent, relevant, current

Moderate performance and consistent engagement. The goal here is sustained reinforcement without fatigue — keeping awareness active without overwhelming people who are already performing adequately.

  • Structured reinforcement campaigns
  • Sector-relevant simulations
  • Threat-pattern aligned refreshers
  • Positive reporting reinforcement
  • Automatic tier adjustment if performance changes
Low risk

Challenged, not forgotten

Strong performance and active reporting behaviour. Most programs leave high performers alone. APEX resists this — low-risk employees are also the natural pool for internal security champions.

  • Advanced, higher-complexity simulations
  • Multi-stage social engineering scenarios
  • Security champion pathway
  • Automatic tier adjustment if performance deteriorates
Risk classification is not a static score. It is a dynamic behavioural profile — updated continuously throughout the program. No employee quietly slides backward without the program responding.
Where the content comes from

Training built from real intelligence. Not last year's templates.

Every simulation, every scenario, every learning moment in APEX is informed by a live intelligence pipeline — not drawn from a static content library that every competing platform also uses.

This is what makes APEX simulations feel real to your employees — because the lures, tactics, and manipulation techniques they encounter are the ones actually being used against organisations in their sector right now. The intelligence pipeline is refreshed continuously, ensuring your program never goes stale.

Sector-specific threat intelligence Current threat patterns, attack campaigns, and adversary tactics relevant to your industry and operational context.
Government advisories & alerts Emerging campaign alerts and official guidance from national cybersecurity authorities, incorporated as they are published.
Global threat intelligence reports Research and reporting from leading cybersecurity firms translated into practical, human-relevant training scenarios.
Client-provided telemetry Your own SIEM outputs, firewall alerts, and incident trends — incorporated where available to create scenarios rooted in your actual environment.
Identity exposure datasets Publicly disclosed credential breaches and identity exposure data, used to identify and target the highest-risk individuals in your organisation.
What APEX delivers

Measurable outcomes. Not compliance metrics.

APEX is designed to produce outcomes that are tangible, reportable, and commercially meaningful — evidence your board, your risk committee, and your regulators can review with confidence.

Sustained behaviour change

Reduction in high-risk employee cohort size over time, with documented improvement trajectories for pathway participants.

Improved simulation performance

Measurable improvement in phishing detection rates, calibrated by sector, role, and risk tier.

Active reporting culture

Increased use of phishing reporting tools — a workforce that acts on threats rather than ignoring them.

Governance readiness

Board and risk committee reporting that demonstrates due diligence and regulatory alignment.

Reduced credential exposure risk

Identity monitoring integration and targeted intervention that directly addresses the credential compromise vector.

A measurable security culture

A quarterly trend metric that shows culture improving, stable, or deteriorating — something no automated platform produces.

The Security Culture Scorecard

A quarterly narrative report designed to be tabled at board and risk committee meetings. It translates behavioural data into the business language that executives and directors can actually act on — not a dashboard of click rates.

Included in every APEX engagement

A typical scorecard includes

  • Overall human risk posture rating and trend
  • High-risk cohort size and movement over the quarter
  • Simulation performance by business unit and role
  • Pathway activation and completion metrics
  • Threat intelligence summary for the quarter
  • Recommended focus areas for next quarter
  • Regulatory alignment notes where applicable
Why PeopleShield

A program that invests in every single person in your organisation.

APEX is not a program that fixes the weakest and ignores the rest. Every employee receives a program designed specifically for where they are — high-risk individuals receive structured human intervention, your broader workforce receives relevant and current reinforcement, and your strongest performers are developed into internal security champions who extend the culture of APEX long after the formal program ends. The technology platform scales this efficiently. The human layer concentrates where it creates the most value. Neither replaces the other.

Threat intelligence as curriculum input Your people are trained on real threats, not last year's templates. Content is refreshed continuously from a live intelligence pipeline.
Human-led support for high-risk individuals Your most vulnerable employees receive genuine intervention — not repeated automated failure and more of the same training.
Culture before content We read your organisation before we train it — so the program lands with genuine engagement rather than quiet resentment.
Governance-ready reporting Your board has the narrative it needs to demonstrate due diligence — not a dashboard of click rates that nobody can act on.
Premium technology platform APEX is powered by a premium simulation and training platform — giving you enterprise-grade technology without enterprise-grade complexity.
Australia-based, globally deployed Built in Australia with a deep understanding of the local regulatory and threat environment — delivered to organisations wherever they operate.
The pricing advantage

Most organisations assume a human-led program costs more than an automated platform.

In most cases, APEX costs less than the leading fully-automated programs — and delivers measurably more. The combination of a premium technology platform and a right-sized human layer means you are not paying for overhead you do not need. Ask us to walk you through a direct comparison.

Request a pricing comparison
No obligation — 30 minutes
Get started

APEX is not deployed from a template. It starts with a conversation.

Every engagement begins with an Introductory Discussion — a 30-minute, no-obligation conversation that covers your organisation's current security posture, your sector exposure, and what APEX looks like for you specifically.

Book an Introductory Discussion

What the discussion covers

  • Your current security awareness posture and any existing programs
  • The specific threat exposure and regulatory context relevant to your sector
  • How APEX would be structured for your organisation's size and maturity
  • A direct pricing comparison against the automated alternatives you may already be using
  • A proposed timeline and onboarding approach