Warning
Work in Progress: This page is currently under construction. Content may be incomplete or subject to change. To contribute, see the contribution guide.
Security Awareness
Security awareness programme for all Patria Investments employees and contractors.
Objectives
- Ensure all staff can identify and report common threats (phishing, social engineering, credential theft)
- Build a security-conscious culture across the Technology team
- Meet LGPD and ISO 27001 training requirements
Training programme
| Training | Audience | Frequency | Platform |
|---|---|---|---|
| Security awareness basics | All employees | Annual + on onboarding | HR LMS |
| Phishing simulation | All employees | Quarterly | Automated campaign |
| LGPD & Data Privacy | All tech staff | Annual | HR LMS |
| Secure development (OWASP Top 10) | Developers | Annual | Internal workshop |
| Incident response drill | Tech team | Semi-annual | Tabletop exercise |
Phishing simulations
The Security team runs quarterly simulated phishing campaigns. The goals are to:
- Measure click rates and identify users who need additional training
- Provide immediate learning to users who interact with a simulated phishing email
- Track improvement over time
Results are reported to team leads in aggregate (not individually).
Reporting suspicious activity
If you receive a suspicious email, message, or observe unusual system behaviour:
- Do not click links or open attachments
- Report via ServiceNow — category Security Incident — or forward the email to the Security team
- For urgent situations, contact Security on-call directly — see Contacts
Tip
When in doubt, report it: No report is too small. The Security team would rather investigate a false positive than miss a real threat.