Back to blog
It SecurityAwareness

What we learned launching SnappinQuiz

Building an LMS for security awareness taught us things about adult learning, enterprise sales, and product design that we did not expect.

May 18, 2026·5 min read

What we learned launching SnappinQuiz

Building a security awareness training platform is an unusual product challenge. Your users do not want your product — they have been told to take it. Your buyers (security and HR teams) care deeply about it. Your end users (employees) often do not.

Lesson 1: Engagement is not optional

Our early prototype used a format familiar from other LMS products: text, then quiz, then certificate. Completion rates were fine. Retention was not. We ran phishing simulations two weeks after modules and saw near-zero retention improvement. The format was the problem.

We rebuilt around scenario-first learning. Every lesson now opens with a situation — not a definition. Questions are embedded throughout, not bolted on at the end. This created friction in development but produced measurable retention improvements in beta testing.

Lesson 2: Enterprise buyers want flexibility, employees want brevity

Security teams wanted customizable content, configurable pass thresholds, role-based assignments, and audit trails. Employees wanted the whole thing to take under 10 minutes. Both requirements are valid and non-negotiable. The architecture had to serve both simultaneously.

Lesson 3: Gamification works when it is subtle

Leaderboards create competition that some employees love and some deeply resent. Streak counters and XP accumulation are less polarising — they create forward momentum without peer comparison. We landed on a points-and-levels system that celebrates individual progress without ranking colleagues against each other.

What is next

We are building toward adaptive learning paths — shorter for employees who demonstrate knowledge, more intensive for those who need it. The phishing simulation integration is close. And we keep returning to the same core question: does this module make an employee meaningfully harder to attack? If not, it does not ship.

More security writing →

Browse the rest of the catalog.