Operational Security Readiness
Drill delivers role-based security awareness training inside Slack. 5 minutes per employee. Compliance-ready audit trail. No new portals.
Free for teams up to 5 · No credit card · 2-min setup · Any Slack plan
An engineer finds AWS credentials committed to a public GitHub repo by a colleague. What is the correct immediate response?
The Problem
~35%
industry completion rate
Employees resent clicking through hour-long SCORM modules in a separate portal. The training gets skipped. The box gets checked. The risk stays.
3–6 wks
to prepare audit evidence
Compliance season means spreadsheets, chased emails, and incomplete evidence. Your auditor is waiting. Your team is buried.
58%
of breaches involve humans
The same phishing simulation from 2019 won't prepare your team for deepfake voice calls and AI-generated spear phishing.
How It Works
No IT setup. No procurement process. No training for admins. Just Slack.
01
One OAuth click. No configuration. No IT involvement. Works with any Slack plan — Free, Pro, Business+, Enterprise Grid.
Add to Slack → OAuth → Done02
Each member runs /start-drill. 10 questions in 5 minutes. Role detected automatically. Instant feedback after each answer.
/start-drill → 10 questions → score03
Run /drill-report and get a compliance-grade PDF with HMAC-SHA256 signed audit logs — ready for your auditor.
/drill-report → PDF → auditorCore Capabilities
track.detected: engineerscenario: supply-chain-attackcontent.refreshed: annuallyRole-Based Learning
Engineer track: secrets management, supply chain attacks, AI coding tool risks, API security. Non-tech track: phishing, social engineering, deepfakes, password hygiene.
source: real_incidents_2025reviewed.by: human_expertfreshness: never_repeatedReal Incident Grounding
Every scenario is drawn from real, recent security breaches — anonymized but accurate. Your team learns from incidents that happened in 2025, not hypotheticals from 2019.
log.signed: HMAC-SHA256soc2.mapping: CC9.9,CC1.4cmd: /drill-reportCompliance-Grade Reporting
PDF reports with timestamped completions, team score breakdowns, and HMAC-SHA256 signed audit logs. SOC 2 auditors accept them without follow-up questions.
scopes: commands,chat:write,users:readmessages.read: neverencryption: AES-256-CBCPrivacy-First Architecture
Three Slack scopes only. We never read messages, channels, or private conversations. AES-256 encryption at rest. Socket Mode — no public webhook endpoints.
View security disclosure →Sample Question
An engineer is using an AI coding assistant. The assistant generates a database migration script and suggests running it on production immediately. What should the engineer do?
Compliance Evidence
The /drill-report command generates a PDF with HMAC-SHA256 signed audit logs, timestamped completion records, and team score breakdowns — mapped to the compliance frameworks your auditors care about.
SOC 2 Type II
CC9.9, CC1.4
ISO 27001
A.6.3
GDPR
Article 39(1)(b)
HIPAA
45 CFR § 164.308(a)(5)
From the teams using Drill
"We went from 40% completion on our old LMS to 90%+ with Drill. Our SOC 2 auditor accepted the PDF report without any follow-up questions."
"I was skeptical engineers would do this voluntarily. They actually compete for the leaderboard position. Highest training engagement we've ever had."
"I used to spend 3 hours chasing people every compliance cycle. Now I run /drill-report and I'm done in 10 seconds."
Pricing
Start free. Upgrade when you grow. No per-module fees, no seat-based upsells.
Starter
$0
free forever
Up to 5 Slack members
Full security training. Zero cost. No credit card required.
Growth
$1
per user · per drill
Teams above 5 members · Unlimited
Pay only for what you run. No subscriptions. No minimums.
e.g. 10 users × 4 quarterly drills = $40/year
Need a custom plan? Email drill@sniffsec.com
Frequently Asked
What Slack permissions does Drill request?
Only three minimum scopes: commands (register slash commands), chat:write (send drill DMs to users who start a drill), and users:read (detect job function for role-based track assignment). We never request access to channels, message history, or file storage.
Does Drill read our Slack messages?
No. We do not have channels:history, groups:history, or im:history scopes. We cannot read any messages — public, private, or direct. The only messages we send are the ones your team explicitly triggers by running /start-drill.
How is employee data stored and encrypted?
Slack User IDs and email addresses are encrypted at rest using AES-256-CBC. We store drill scores, completion timestamps, and HMAC-signed audit logs. We do not store message content, file attachments, or any workspace data beyond what is needed for compliance reporting.
Can I use Drill for SOC 2 compliance evidence?
Yes. PDF reports include timestamped completion records, team and individual score breakdowns, and HMAC-SHA256 signed audit logs that are tamper-evident. Maps directly to SOC 2 Type II CC9.9 and CC1.4.
What happens to our data if we uninstall?
All workspace data — user records, drill scores, audit logs — is permanently deleted within 30 days of uninstalling. You can request immediate deletion by emailing drill@sniffsec.com.
How often is training content updated?
New drill modules are released annually, grounded in real security incidents. AI-generated questions are reviewed by a human security expert before release. Your team will never see the same question set twice.
Can we customize questions for our company?
Custom question modules are available on Growth. Add company-specific scenarios, internal tool references, or industry-specific threat vectors. Contact us to discuss requirements.
What's the difference between Starter and Growth?
Starter is completely free for teams up to 5 Slack members and includes all core features — role-based training, PDF reports, reminders, and audit logs. Growth supports unlimited members at $1 per user per drill (e.g., 10 users × 4 quarterly drills = $40/year).
Operational Security Readiness
Free for teams up to 5. No credit card. 2-minute setup. Compliance-ready from day one.