Strengthen your team's security reflexes:

The Imposter Challenge Exercise

A real-world simulation led by our professional social engineers to help employees practice identifying and challenging security threats.

  • Engage with scenarios that mirror real cyber security threats
  • Benefit from the expertise of a professional social engineering team.
  • Gain valuable insights into your organisation's security posture.

Challenging risks isn't easy.

Constructively challenging our peers when things around us don’t seem right is the culmination of all critical security behaviours and is fundamental to keeping ourselves, the organisation and each other safe. ​

However, these behaviours don’t come naturally to everybody. When challenging we can’t be sure that people will respond positively and we’re not always sure we’re “allowed” to challenge the risky behaviours of others…and when we do get the chance to practice, it tends to be in a live situation that comes with even greater pressures. ​

Challenging others comes with social pressures. For some, this is enough to stop them from doing it – practice is the best way to overcome this potential barrier. 

Give staff the practice they need.

Our Imposter Challenge Exercise gives your employees the practice they need to challenge threats, making them feel empowered to protect your organisation. Fear not, however, this is NOT a social engineering penetration test and the Imposter poses no real threat to your organisation. They are there to improve challenge behaviours, not catch people out. ​​

In this exercise, we operate in accordance with leading psychological theory to ensure your people are equipped and inspired to challenge the things that pose a threat to your organisation, while doing so in a psychologically safe way.​

Uniquely, the story is delivered from the perspective of the attacker, rather than the defender. This means that those involved see how certain behaviours, which tend to be seen as small or lower priority, are leveraged by attackers. This helps to fill in the grey area between organisational security expectations and the real world of cyber-crime.

How it works:

Imposter enters your site

Engages employees

Coaches to a challenge

Rewards, debriefs, reinforces

Repeats until complete

Recyber’s trained professional social engineers pay a special visit to your site. Dressed literally as identifiable risks to your organisation, the Imposter engages with members of staff, asking them to do things that, if conducted, could create a security incident:

  • Can I use your laptop please?
  • Can I borrow you phone for a second?
  • Do you mind if I charge my phone off your laptop please?


As well as passive actions such as shoulder surfing, or checking lockers. Whilst these requests are designed to simulate risk, they are tightly controlled to avoid any real complications.

The Imposter leads every interaction made to the point of being challenged. This ensures that your employees will always end up doing the right thing, no matter now much coaching it takes – they will always challenge the Imposter on their request, presence or behaviour. 

In doing so they develop a mental script for challenging, grow the confidence to do so in reality, and gain an understanding of how their behaviour drives security. Even those who simply witness the engagement benefit through the social effect of the exercise – seeing their peers do the right thing and raise a challenge, lets them know that is also ok to do so. 

The exercise then repeats, giving all members of staff the chance to engage with the Imposter in one form or another. 

Central Themes

Our service is built around key themes that prioritize psychological safety, engaging learning experiences, and actionable insights.

  • Positivity towards security challenges
  • Psychologically safety
  • Improving security behaviours
  • Fun, novel engagement

Platform Integrated

Our workshops and exercises don’t stand alone – they’re tightly integrated with our behavioral change software, Republic. Delivered as complementary components of our managed security awareness service, our products tackle low motivation and overcome resistance to secure practices. Imposter challenge participants are awarded in-game currency for challenges and can win virtual rewards based on their level of engagement.

Schedule an Imposter Challenge Exercise

Please let us know what's on your mind. Have a question for us? Ask away.