Interactive Training Page Types in empowsec: Part 2

Reading about how to spot a phishing email is not the same as actually spotting one. Knowing that you should verify a sender's domain is not the same as clicking on every element of a suspicious message and identifying what is wrong with it. The gap between knowing and doing is where security awareness programs most often fall short - and it is the gap that empowsec's hands-on interactive page types are specifically designed to close. Part 1 of this series covered seven page types that range from passive info delivery to scenario-based decision-making. Part 2 covers the five remaining types, all of which put the learner in a position to practice the skill directly, not just read about it.
These page types share a common design philosophy: they simulate the experience of encountering a real security situation and require the learner to respond correctly. They are more demanding to complete than quiz questions, and they produce stronger retention because the learner's brain is doing more work. Like all empowsec page types, they support narration in English and German and carry per-language translations, so multilingual teams can benefit equally.
Click-to-Match: Building Associations Under Pressure
The click-to-match page type asks the learner to click a term or item on one side, then click its correct match on the other. Unlike drag-to-match, which uses a drag-and-drop gesture, click-to-match uses sequential taps or clicks - a subtle difference that makes it better suited to touch-screen and mobile contexts, and that changes the cognitive experience slightly. The learner selects a source item, then scans the target options to find the right one. This 'select then confirm' pattern more closely mirrors the decision-making process an employee might use when evaluating an email: 'I see this element - what does it mean?'
Click-to-match works particularly well for building taxonomies: attack type to description, red flag to category, security term to definition. Because the learner can only have one item selected at a time and must confirm each match before moving to the next, the exercise builds the associations one by one rather than presenting all the options simultaneously. This sequential structure can actually improve retention compared to a format where all items are visible and available at once, because it removes the option to use elimination strategies and requires genuine recall of each relationship.
Ordering: Sequence and Process Comprehension
The ordering page type presents a set of steps that the learner must arrange into the correct sequence. This is a format specifically suited to process learning - any topic where order matters. In security awareness training, ordering exercises can cover the correct steps for responding to a suspected phishing email: report first, do not click, do not forward, notify your manager. Or the stages of a social engineering attack: reconnaissance, pretexting, approach, extraction. Or the correct incident response procedure for a credential compromise.
The learning value of ordering exercises is high precisely because processes are easy to get partially right but harder to get exactly right. A learner might know all the steps in an incident response procedure but not know which step comes first. The ordering exercise targets this gap directly. It also reinforces that sequence is meaningful: the reason you report before you click is not arbitrary - there is a reason grounded in how reporting works and how clicking creates additional risk. When learners have to physically arrange the steps in the correct order, that reasoning becomes more concrete.
Ordering exercises also transfer naturally to compliance contexts. Procedures required by frameworks such as ISO 27001 or NIS2 often have specific mandated sequences. Training employees to execute these sequences correctly, not just to know they exist, is where ordering page types deliver practical value beyond awareness.
Fill in the Blanks: Active Recall of Key Terms
The fill in the blanks page type presents a passage with gaps that the learner must complete, either by choosing from a word bank or by typing free text. This is a classic active recall format. The learner cannot guess passively from context clues alone - they have to actively retrieve the correct term from memory. Research consistently shows that active retrieval produces stronger long-term retention than re-reading, even when the retrieval attempt fails, because the attempt itself strengthens the retrieval pathway.
The word-bank variant adds a useful constraint: the learner knows the correct term is among the provided options, which reduces the cognitive load to recognition and selection rather than pure free recall. This makes it more accessible for complex technical terminology where spelling accuracy should not be a barrier to demonstrating conceptual knowledge. The free-text variant is more demanding and appropriate for terms the learner is expected to know precisely - for example, the name of the company's incident reporting tool, or the exact format of a phishing report submission.
Fill-in-the-blanks works well at the end of a section to confirm that the learner retained the specific terminology introduced in the preceding content. It pairs naturally with info pages: the info page introduces the terms; the fill-in exercise confirms they were absorbed. This combination is a building block that authors can use repeatedly across a module to create a rhythm of introduction and confirmation.
Email Red-Flag Finder: Simulating the Real Experience
The email red-flag finder - called email_sim in empowsec - is one of the most powerful page types in the platform. It presents the learner with a realistic simulated email and asks them to click the suspicious elements they can identify. The clickable areas correspond to seven parts of an email: sender name, sender address, subject, date, body text, links, and attachment. This maps directly to the actual structure of a real phishing investigation - the same elements an employee should examine when deciding whether an email is legitimate.
This format closes the gap between knowledge and practice more directly than any quiz question. A quiz can ask 'What is a lookalike domain?' and test whether the learner knows the definition. The email_sim asks them to find the lookalike domain in an actual email header - to do the thing they would have to do in reality. This distinction is significant: it is the difference between knowing that a map legend uses blue for water and being able to read a map. The email_sim builds the reading skill, not just the legend knowledge.
Chat Simulation: Practicing Real-Time Decisions
The chat simulation page type presents a realistic messaging conversation with decision points that the learner must answer well to complete. This format addresses a growing threat vector: social engineering that arrives not through email but through collaboration tools, messaging platforms, and SMS. An employee who is well-trained on email red flags may still be caught off guard by a chat message from someone impersonating a manager, a colleague, or an IT system.
In the chat simulation, the learner sees a conversation unfold - a message arrives, they choose how to respond, and the conversation continues based on their choice. Decision points require the learner to select the right response from a set of options. The simulation must be navigated correctly to complete - the learner cannot just click through arbitrary responses and mark the page done. If they respond incorrectly, the conversation may reveal the consequences of that choice, adding realistic feedback to the learning experience.
Chat simulations are effective for training employees to recognize impersonation attempts in real-time conversations, where the social pressure of appearing responsive or cooperative can override the learner's knowledge of security principles. The interactive format recreates that social pressure in a safe training environment, giving the learner practice at applying their knowledge even when the conversation is flowing and there is an implicit expectation to respond quickly. This is a level of practice that no quiz question can provide.
What This Means for Your Team
- Click-to-match builds associations one at a time, making it well suited to touch-screen delivery and to forming taxonomies of security concepts.
- Ordering exercises teach that process sequence matters - critical for incident response procedures and compliance-mandated workflows.
- Fill in the blanks forces active retrieval of specific terms, producing stronger retention than re-reading or recognition alone.
- Email red-flag finder (email_sim) is the closest practice analog to what employees actually do when they evaluate a suspicious email - it trains the skill, not just the knowledge.
- Chat simulation prepares employees for social engineering in messaging contexts, where real-time social pressure can override security awareness that works well in calmer settings.
- All five types, like those in Part 1, support narration and per-language translation - the same lesson serves English and German learners without rebuilding the content structure.


