Cybersecurity Awareness Month Training for Municipal Employees

Spruce was contracted by the administration of a major American West Coast city to put together a dynamic, multifaceted effort to promote cybersecurity awareness and best practices among city employees in conjunction with National Cybersecurity Awareness Month.

This major American city’s government sought to improve the cybersecurity of City agencies and the employees that worked within them. In conjunction with National Cybersecurity Awareness Month, the City contracted Spruce to create content for and provide services relating to bolstering cybersecurity in their ranks. Spruce then designed and implemented an educational program along with supporting content and a risk evaluation exercise to present to the city’s employees over the span of a month. At the end, Spruce presented the city with a report detailing observations and potential paths of action.

To better educate City employees on the best practices for maintaining a secure tech environment, Spruce prepared a four-week seminar; each week focused on a different element of cybersecurity. The first week focused on a general overview of corporate IT protection, the second week focused on phishing attacks, the third focused on safely navigating IT structures, and the fourth week discussed prioritizing cybersecurity and instilling safe browsing habits. These topics were presented to the city employees along with supplementary materials created by Spruce over the course of the engagement period.

After the conclusion of the engagement period, Spruce reviewed the results of the simulated phishing campaign and reviewed progress made by employees over the course of the four-week educational program. Spruce’s report featured specifics on the phishing campaign including the number of employees reached, number of clicks generated, and number of employees corrected and retrained. The report also gave statistics showing the overall rate of success for these simulated attacks and displayed the city employees’ performance compared to national and industry benchmarks. The report provided a comprehensive overview of the state of the city’s security flaws and issued recommendations for improving security in both an on-the-ground and a macro view.


The city commissioned Spruce to architect a comprehensive employee-focused cybersecurity education and evaluation program to better secure city infrastructure and prevent cybercrime. For this initiative, Spruce was asked to produce four separate deliverables: a one-month cybersecurity training and education course for city employees, weekly written intranet content to supplement the training course themes, a simulated Phishing campaign on every active city employee, and a summarized report of findings at the conclusion of the month. Spruce provided all listed deliverables in a timely manner and fulfilled all client requests on this project.


Over the course of six weeks, Spruce planned and executed a full-scale effort to assist the city in bolstering its cybersecurity protocols and practices. Spruce developed a four-week course in coordination with city’s Information Technology Department, with each week focusing on a different aspect of cybersecurity. To supplement this effort, Spruce prepared and made publicly available relevant and City specific information to support the theme. To help combat weaknesses in the system Spruce created and managed a simulated phishing effort to monitor employee responses. At the conclusion of these efforts, Spruce produced a written report detailing the findings and issuing recommendations.

Let’s work together