Skip to content

Services, Wiki-Artikel, Blog-Beiträge und Glossar-Einträge durchsuchen

↑↓NavigierenEnterÖffnenESCSchließen

Security Awareness

Escape Desk -
Information Security Through Play

Your team does not memorise a rulebook. It experiences information security live - as a puzzle, as a team challenge, as an experience that sticks. No training room. No projector. No click-through course.

Book Escape Desk for your team Quote within 24 h (business days) · On-site or remote · GDPR-compliant
Engagement Rate
Play Duration
Persons per Team
Scenarios

The Problem

Compliance training does not protect. Experience does.

Most organisations invest in mandatory training that nobody would do voluntarily. The result: high completion rates in the system, hardly any changed behaviour in practice. The reason is not a lack of motivation among your staff - it is the format.

Forgotten after 48 hours

Passively consumed training content is more than 70% gone after two days - that is not a failure of your employees, it is human cognition.

No emotional anchor

What creates no emotion does not change behaviour. Theoretical knowledge about phishing helps little when the email in the inbox looks convincing.

Missing team dynamics

Security is a team task - yet traditional training addresses individuals. Collaboratively solving problems embeds knowledge more deeply and creates shared responsibility.

Low acceptance within the organisation

HR managers know it, IT managers know it: security training has an image problem. The Escape Desk solves that - participants look forward to it.

The Solution

Escape Room - without the room

The Escape Desk brings the escape room concept directly to the workplace. No locked room, no external venue, no logistical effort. Teams of 3 to 5 people solve real security scenarios at their desks within 60 minutes - using physical materials we deliver in advance.

The scenarios are based on real attack techniques: forged emails, social engineering situations, physical vulnerabilities. Anyone who has solved a puzzle together remembers it - long after the session.

No training feel

No slides, no learning objectives on a flipchart. Teams play, solve, discuss - and learn without perceiving it as training.

Real-world scenarios

All puzzles are based on real attack techniques and common mistakes from office life - no theoretical constructs.

Any company size

Whether 10 or 500 employees - through parallel sets the Escape Desk scales to any team size without loss of quality.

Process

How the Escape Desk works

From booking to debriefing - straightforward, well-prepared and lastingly effective.

01

Briefing & Scheduling

You give us a brief overview of the occasion - team size, setting and desired focus areas. We recommend the right scenario and schedule the session.

02

Materials Delivery & Setup

We ship all materials in advance - including setup plans and a short introduction. No complex technical setup, no separate moderation room required.

03

Session & Moderation

Teams solve real security scenarios at their desks in 60 minutes - with professional moderation by our awareness experts.

04

Debriefing & Transfer

Structured closing discussion: What did teams learn? How can insights be applied directly to everyday work? Includes a handout for all participants.

Learning Content

What your team takes away

Each scenario addresses a real risk from everyday work - scalable to your industry and internal policies.

Phishing & Email Security

Teams identify and analyse realistic phishing emails, spoofed sender addresses and manipulated links - using real-world examples from actual incidents.

Social Engineering

Manipulation through trust: how do attackers persuade employees to reveal sensitive information? Teams develop recognition criteria and defence strategies.

Password Security

Weak passwords, password reuse and insecure storage - teams solve puzzles that reflect typical mistakes from everyday work.

Clean Desk Policy

Which information may be visible on a desk? Scenario-based exercises on physical information security in the office.

USB & Physical Media

Found USB drives, unsecured printers, abandoned workstations - teams learn to recognise physical attack vectors and respond correctly.

Data Protection & GDPR

Which data needs protecting? When does a data breach occur? Practical scenarios that make data protection responsibilities tangible in daily work.

Why Gamification

Play is not a distraction - it is the method

Learning by doing is not a pedagogical trend. It is what the brain does best. When information is linked to an emotion or a decision-making situation, it is stored in long-term memory - and not erased after 48 hours.

5x

Higher retention rate

Actively experienced content is remembered up to five times longer than passively consumed training materials.

90%

Engagement rate

Nine out of ten participants rate the Escape Desk as significantly more motivating than conventional awareness training.

+68%

Detection rate

Teams that have completed the Escape Desk identify significantly more attacks in subsequent phishing simulations.

Formats

On-site or digital - your choice

Recommended

On-Site

The classic Escape Desk with physical materials directly at your premises. Strongest impact through tactile experience - teams interact with real documents, artefacts and puzzles.

  • Physical materials delivered in advance
  • Moderated by AWARE7 experts
  • No external venue required
  • Parallel teams possible (incl. competition)
  • Incl. structured debriefing & handout

Remote / Digital

Online

The digital version of the Escape Desk - browser-based, no installation. Ideal for distributed teams, remote employees or international locations. Same game mechanics, same content.

  • Browser-based - no installation
  • Compatible with Zoom, Teams, WebEx
  • For distributed and international teams
  • Pre-session technical check included
  • Moderated by AWARE7 experts

Who benefits

Who benefits from the Escape Desk?

HR & People Development

A format employees voluntarily recommend - and that turns compliance obligations into real impact. Ideal for annual awareness plans.

IT Security Managers

Finally a measure that produces changed behaviour rather than just completion rates. Combinable with phishing simulation as a before-and-after measurement.

Management & Leaders

Sets a visible signal: information security is not an IT topic, it is corporate culture. Also suitable as an entry point for management workshops.

All Employees

From reception to accounting - no technical prerequisites required. The format is designed so that every person can join immediately.

New Joiners

Ideal as part of onboarding: security rules not as a document but as an experienced team event - building the right foundation from day one.

Critical Infrastructure & Regulated Industries

For organisations under NIS2, GDPR or ISO 27001: a verifiable, documentable awareness format for your compliance evidence.

Successful Awareness Projects

Live Hacking & Awareness

Gelsenwasser AG

Konzernweite Cyber Security Awareness Kampagne

1.500+

Mitarbeiterinnen und Mitarbeiter

6

Monate Kampagnendauer

Live Hacking & Awareness

PAYBACK GmbH

Remote Live Hacking Awareness Show für 150+ Mitarbeiterinnen und Mitarbeiter

150+

Teilnehmerinnen und Teilnehmer

90

Minuten Veranstaltungsdauer

Live Hacking & Awareness

EWE Aktiengesellschaft

Individuelle Live Hacking Session für Führungskräfte des EWE Konzerns in Oldenburg

90

Minuten pro Session

10.000

Mitarbeitende im Konzern

Why AWARE7 for Security Awareness

Was uns von anderen Anbietern unterscheidet

Reine Awareness-Plattformen testen keine Systeme. Reine Beratungskonzerne sind zu weit weg. AWARE7 verbindet beides: Wir hacken Ihre Infrastruktur und schulen Ihre Mitarbeiter — mittelstandsgerecht, persönlich, ohne Enterprise-Overhead.

Forschung und Lehre als Fundament

Rund 20% unseres Umsatzes stammen aus Forschungsprojekten für BSI und BMBF. Unsere Studien analysieren Millionen von Websites und Zehntausende Phishing-E-Mails — publiziert auf ACM- und Springer-Konferenzen. Zwei unserer Führungskräfte sind gleichzeitig Professoren an deutschen Hochschulen.

Digitale Souveränität - keine Kompromisse

Alle Daten werden ausschließlich in Deutschland gespeichert und verarbeitet - ohne US-Cloud-Anbieter. Keine Freelancer, keine Subunternehmer in der Wertschöpfung. Alle Mitarbeiter sind sozialversicherungspflichtig angestellt und einheitlich rechtlich verpflichtet. Auf Anfrage VS-NfD-konform.

Festpreis in 24h - planbare Projektzeiträume

Innerhalb von 24 Stunden erhalten Sie ein verbindliches Festpreisangebot - kein Stundensatz-Risiko, keine Nachforderungen, keine Überraschungen. Durch eingespieltes Team und standardisierte Prozesse erhalten Sie einen klaren Zeitplan mit definiertem Starttermin und Endtermin.

Ihr fester Ansprechpartner - jederzeit erreichbar

Ein persönlicher Projektleiter begleitet Sie vom Erstgespräch bis zum Re-Test. Sie buchen Termine direkt bei Ihrem Ansprechpartner - keine Ticket-Systeme, kein Callcenter, kein Wechsel zwischen wechselnden Beratern. Kontinuität schafft Vertrauen.

Für wen sind wir der richtige Partner?

Mittelstand mit 50–2.000 MA

Unternehmen, die echte Security brauchen — ohne einen DAX-Konzern-Dienstleister zu bezahlen. Festpreis, klarer Scope, ein Ansprechpartner.

IT-Verantwortliche & CISOs

Die intern überzeugend argumentieren müssen — und dafür einen Bericht mit Vorstandssprache brauchen, nicht nur technische Findings.

Regulierte Branchen

KRITIS, Gesundheitswesen, Finanzdienstleister: NIS-2, ISO 27001, DORA — wir kennen die Anforderungen und liefern Nachweise, die Auditoren akzeptieren.

Mitwirkung an Industriestandards

LLM

OWASP · 2023

OWASP Top 10 for Large Language Models

Prof. Dr. Matteo Große-Kampmann als Contributor im Core-Team des international anerkannten OWASP LLM-Sicherheitsstandards.

BSI

BSI · Allianz für Cyber-Sicherheit

Management von Cyber-Risiken

Prof. Dr. Matteo Große-Kampmann als Mitwirkender des offiziellen BSI-Handbuchs für die Unternehmensleitung (dt. Version).

Next Steps

Embedding awareness for the long term

The Escape Desk is a powerful starting point. For lasting behavioural change we recommend these complementary measures:

Live Hacking Show

Experience threats live - for a larger audience. Ideal before or after the Escape Desk as a kick-off for your awareness programme.

Book Live Hacking Show →

Phishing Simulation

Measure the impact of the Escape Desk with realistic phishing campaigns - as a before-and-after comparison or continuous programme.

Learn about Phishing Simulation →

Security Training

For teams who want to go deeper: certified training courses on IT security fundamentals, security awareness and penetration testing.

View training calendar →

Benefits & ROI

What the Escape Desk delivers for your organisation

Security awareness is not a compliance obligation - it is an investment. The Escape Desk delivers measurable results that you can demonstrate internally and to auditors.

For Management

  • Demonstrable reduction in risk from phishing and social engineering
  • Reduced liability exposure from data breaches through documented awareness measures
  • Strong signal to employees: security is corporate culture, not an IT task
  • Positive external perception for customers, partners and investors

For IT & Compliance

  • Measurable reduction in phishing click rate in subsequent simulations
  • Documented evidence for ISO 27001, NIST CSF and NIS2 audits
  • Increased reporting rate of suspicious incidents by sensitised employees
  • Greater effectiveness of technical controls through informed users

For HR & People Development

  • High acceptance: employees actively recommend the format
  • Team-building side effect: cross-departmental collaboration is promoted
  • Ideal for onboarding: new employees learn security culture from the start
  • Positive ratings in internal employee feedback and employer branding

Compared to Traditional Training

  • No separate training room or external venue required
  • Less time: 60 minutes instead of a half-day training block
  • Up to five times higher retention rate compared to passive e-learning
  • Scalable: same quality for 10 or 500 participants

Compliance & Evidence

Every session is audit-ready documentation

The Escape Desk does not just deliver impact - it delivers the evidence too. After each session you receive all documents you need for your next audit.

All documents are provided in digital form. On request we also provide a summary in English - for internationally oriented organisations or group audits.

Certificates of Participation

Individual certificates for each participant with date, topic and scope of the measure - ready for personnel files and audit documentation.

Process Documentation

Detailed execution report with scenario description, learning content and debriefing summary - suitable as an appendix for ISO 27001 and NIS2 audits.

Participant Handout

Structured take-away with the key insights, recommended actions and further resources - for all participants to take home.

Organisations that trust AWARE7

Your Moderators

Our awareness experts moderate the Escape Desk and ensure maximum learning impact.

Chris Wojzechowski
Chris Wojzechowski

Geschäftsführender Gesellschafter

E-Mail
PGP 465C26E1AF161AFA

Geschäftsführender Gesellschafter der AWARE7 GmbH mit langjähriger Expertise in Informationssicherheit, Penetrationstesting und IT-Risikomanagement. Absolvent des Masterstudiengangs Internet-Sicherheit an der Westfälischen Hochschule (if(is), Prof. Norbert Pohlmann). Bestseller-Autor im Wiley-VCH Verlag und Lehrbeauftragter der ASW-Akademie. Einschätzungen zu Cybersecurity und digitaler Souveränität erschienen u.a. in Welt am Sonntag, WDR, Deutschlandfunk und Handelsblatt.

IT-Grundschutz-Praktiker (TÜV) IT Risk Manager (DGI) § 8a BSIG Prüfverfahrenskompetenz Ausbilderprüfung (IHK)
Vollständiges Profil ansehen
Jan Hörnemann
Jan Hörnemann

Chief Operating Officer · Prokurist

E-Mail
PGP A3FD64BB96C888E2

M.Sc. Internet-Sicherheit (if(is), Westfälische Hochschule). COO und Prokurist mit Expertise in Informationssicherheitsberatung und Security Awareness. Nachwuchsprofessor für Cyber Security an der FOM Hochschule, CISO-Referent bei der isits AG und Promovend am Graduierteninstitut NRW.

ISO 27001 Lead Auditor (PECB/TÜV) T.I.S.P. (TeleTrusT) ITIL 4 (PeopleCert) BSI IT-Grundschutz-Praktiker (DGI) Ext. ISB (TÜV) BSI CyberRisikoCheck CEH (EC-Council)
Vollständiges Profil ansehen

Frequently Asked Questions

Your questions about the Escape Desk

The Escape Desk is a desk-based, gamified awareness format. Teams of 3 to 5 people solve real security scenarios directly at their desks within 60 minutes - no escape room, no complex technology. The format combines the excitement of an escape room with practical information security content.
Classic e-learning and classroom training conveys knowledge passively - the Escape Desk actively engages teams. Collaboratively solving puzzles creates emotional anchor points that demonstrably improve retention. Studies show that actively experienced content stays in memory up to five times longer than passively consumed information.
Each Escape Desk set accommodates 3 to 5 people. For larger groups we provide multiple sets that are played in parallel. Teams can compete against each other - an internal competition further boosts motivation. We have run events with over 100 simultaneous participants.
Yes. The digital version of the Escape Desk runs via a browser-based tool - no installation, no technical barriers. Participants receive an access link and play together via video conference. Moderation is provided by our experts, just as in the on-site format.
We offer over 12 scenarios on topics such as phishing, social engineering, password security, clean desk policy, USB security and data protection. On request we develop industry-specific or company-specific scenarios - for example incorporating your own internal policies or real attack patterns from your sector.
No. For the on-site version a normal desk and the materials we deliver in advance are sufficient. For the remote version participants only need a computer with an internet connection and a video conferencing tool. We conduct a brief technical check in advance.
Yes. On request we develop company-specific scenarios that reflect your own security policies, your industry context or current attack patterns from your risk landscape. We recommend this customised version in particular for critical infrastructure operators, banks, healthcare organisations and public authorities. Developing a bespoke scenario typically takes two to three weeks.
Yes. The Escape Desk is a verifiable, documentable awareness format that is recognised as part of an ISMS-compliant training programme. After each session we provide you with a certificate of participation and process documentation that you can use for your next audit. This satisfies the requirements of ISO/IEC 27001:2022, NIST CSF and NIS2 for documented employee security awareness.
For standard scenarios we can typically offer a date within two weeks. For customised scenarios we recommend a lead time of four to six weeks. You will receive a quote and date confirmation within 24 hours of your enquiry. For large events with more than 50 simultaneous participants please allow three to four weeks.

Aus dem Blog

Weiterführende Artikel

Make security awareness an experience that lasts.

Tell us briefly about your team and the occasion - we recommend the right scenario and create an individual quote within 24 hours. Free and non-binding.

Book Escape Desk for your team

Kostenlos · 30 Minuten · Unverbindlich

Cookielose Analyse via Matomo (selbst gehostet, kein Tracking-Cookie). Datenschutzerklärung