Request dates

First Step · 3-month program

Your company’s biggest security risk gets emails every day.

Most incidents don’t start with technology — they start with a click. First Step turns your team into the first line of defense: practical training, real-world practice and measured results, in 90 days.

Day 1Day 45Day 90
Kick-offHigh-impact, in-person session
Real practiceSimulations and reinforcement day to day
ProofMeasurement and a leadership report

The problem

Technology doesn’t click links. People do.

You can have the best antivirus, firewall and MFA everywhere — one employee convinced by a well-written email opens the door. And with AI, those fake emails, calls and videos keep getting better.

Phishing & email fraud

Fake payment requests, altered invoices, compromised mailboxes — aimed at your people, using your company’s name.

Deepfakes & cloned voices

AI-generated calls and videos impersonating executives and suppliers. No longer fiction — the fastest-growing scheme.

Data leaking via ChatGPT

Employees pasting client and company information into AI tools, with no rules and no sense of the risk.

The program

90 days to change behaviour — not a lecture forgotten by Friday.

One-off training builds awareness for a week. First Step is a program: it starts strong, trains in practice and ends with proof of progress.

Month 1

Kick-off — the session nobody sleeps through

A practical, in-person session with your team. Real cases, live phishing and deepfake demonstrations, and simple rules anyone can apply the next day.

  • Tailored to your sector and your tools
  • Support materials for every participant
  • Clear rules for safe AI use at work
Month 2

Real practice — tested in the daily flow

Theory only counts when the suspicious email actually arrives. We test the team in real context, without blaming anyone — those who fall, learn; those who report, get recognised.

  • Realistic, progressive phishing simulations
  • Short, practical reinforcements over the weeks
  • A simple channel to report suspicions
Month 3

Proof — results you can show

At the end you know exactly where you stand: what improved, who needs reinforcement and what to do next. In numbers, not impressions.

  • Executive report for leadership
  • Training evidence for customers, audits and insurers
  • Practical recommendations for next steps

What stays with your company

On day 90, this is yours.

Investment

Clear pricing. No small print.

First Step Program · 3 months

The final value depends on team size and session format. You receive a fixed proposal before deciding — and the price you accept is the price you pay.

  • No hidden costs
  • No auto-renewals
  • No commitment beyond the 90 days
  • Fixed scope, in writing
From
€950
+ VAT · full 3-month program
Request a proposal

Who delivers

Training by people who do security — not people who read slides.

XKONSULTING is a boutique cybersecurity firm with 27 years of experience across enterprise, government and military environments, operating in Portugal and the US. The person in front of the room is the one who responds to real incidents — and it shows.

Frequently asked questions

Before you ask — answered.

Our team is small. Is it still worth it?

Yes — the program was designed for SMBs. The “from €950” price is precisely for smaller teams; the proposal is adjusted to your real size.

How much of my employees’ time does it take?

The kick-off takes part of a day. After that, practice happens in the normal flow of work — simulations and short reinforcements, without stopping the operation.

Won’t the simulations create bad feelings?

No, because nobody gets exposed. Individual results are used to help, not punish — and reporting is recognised. A reporting culture only works without fear.

Does this count as evidence for audits or customers?

Yes. You receive documentation of the training delivered and measured progress — usable in audits, customer security questionnaires and insurance processes.

What happens after the 90 days?

You decide with data. The final report includes recommendations; if it makes sense to continue — annual program, role-based reinforcement or other areas — we present options. No auto-renewal, no pressure.

Request dates

Tell us about the team. We’ll handle the rest.

We’ll reply with available dates and a fixed proposal — you decide with everything on the table.

Thank you — your message has been sent. We’ll get back to you shortly.

The next phishing email has already been sent. The question is who opens it.

Talk to us for 15 minutes. We’ll explain the program, listen to your context and send a fixed proposal.

Request dates for my team