In an effort to overhaul traditional security awareness training (SAT), cybersecurity firm Huntress has introduced Threat Simulator, a new feature of its Managed Security Awareness Training (SAT) platform, designed to immerse users in the tactics, techniques, and mindset of cyber attackers.
Old-school SAT methods are falling short, according to Huntress, which cites passive, oversimplified video content and one-size-fits-all programs as key contributors to ineffective training. The new Threat Simulator flips the script by offering short, game-like simulations that allow users to carry out mock attacks, thereby better understanding how cybercriminals operate and how to defend against them.
“Traditional security awareness training often fails to prepare users,” said Dima Kumets, Principal Product Manager at Huntress. “With Threat Simulator, we’re changing that. We’ve designed it in collaboration with our security researchers to push beyond basic phishing simulations and immerse users in real-world, hands-on scenarios that emulate hacker tradecraft. By teaching users to adopt the perspective of an attacker, we empower them to recognise and report hacker tradecraft while protecting themselves from becoming victims. This not only sharpens individual cybersecurity awareness but also helps organisations build a more proactive and resilient security culture.”
The launch comes at a time when the human element remains a leading factor in data breaches. In 2024, human error was a contributing factor in 60% of all breaches, with phishing attacks, business email compromise (BEC) scams, and accidental malware installations remaining prevalent. Huntress argues that most SAT programs have not evolved to match modern threats, often lacking the technical depth and actionable insights necessary to address these threats effectively.
Threat Simulator seeks to address these shortcomings by supporting experiential learning styles. It covers a wide range of hacker methods, from spear phishing to open-source intelligence (OSINT) gathering. It encourages users to think critically, problem-solve, and anticipate attacker moves in real-world scenarios developed by Huntress’ internal security experts.
“Threat Simulator is a gamechanger. The OSINT training gave my staff and our employees a clear understanding of how hackers can gather seemingly innocent information off the web to create a profile for Social Engineering Attacks,” said Eric Nush, Director of Technology, CETL, Homer School District 33Ct. “It made us think twice about the types of information we make publicly available on our website. This not only increased our awareness of the possible risks we have but also inspired us to take several actions – like starting discussions about new procedures for limiting public website content or encouraging data-sensitive positions (HR, Payroll, Business, etc.) to double-check their social media for information that can be leveraged by hackers.”
Since its early access release in April, Threat Simulator has been widely adopted, with early usage data indicating strong engagement. Users typically spend between 7.5 and 12 minutes running through simulations, even though each simulation lasts only five minutes. A survey of 2,000 early adopters found that 90% gained new knowledge about cyber threats.
Zvonimir Petric, Director of Managed Services at Campfire Technology Inc., shared his perspective: “Threat Simulator is engaging, focused, and actually fun. I suspect the users who engage in this will outperform their peers.”
Huntress is encouraging organisations to try Threat Simulator and learn how hands-on tradecraft simulations can bolster internal security posture. A dedicated webinar titled “Breaking Down Barriers in SAT: Introducing the Brand-New Threat Simulator!” will be held on June 24, 2025, to showcase how the tool can transform security awareness strategies.
