← All Builds DAY 5 OF 30

CyberSavi Academy

Cyber Security / MSP — Training & Awareness · Next.js 14 · AWS App Runner · DynamoDB · Claude Sonnet 4.5 via Bedrock · S3 + CloudFront video · SCORM 1.2 + xAPI · Cognito · Stripe · 70h build
LIVE https://cybersaviacademy.com

Day 5 of 30

Day 5 of the CyberSavi family arc. CyberSavi Academy — cybersaviacademy.com — is live. Training layer of the stack.

The MSP runs the SecureStackScan assessment. CompliancePulse closes the technical gaps. CyberSavi Academy handles the gaps that aren’t technical — the ones that walk in through the front door and click on a phishing link.

What it does

CyberSavi Academy is a multi-tenant security awareness training platform built for the MSP channel. Every end-client gets a branded learning environment under the MSP’s domain, scoped to that client’s industry and risk profile. The training catalog covers the standard awareness fare (phishing, password hygiene, social engineering, mobile device security) plus role-specific modules (executives get business-email-compromise training, clinicians get HIPAA-handling, finance staff get wire-fraud and ACH-takeover).

Three things make this a real product instead of compliance theater:

1. The training is dynamic, not pre-recorded. Modules are assembled on the fly using Claude Sonnet 4.5 against the latest threat intelligence — when a new phishing campaign hits the wild, the training reflects it within 48 hours. Not “we updated the deck quarterly.”

2. It integrates with CompliancePulse. When the compliance engine flags an MFA failure for a specific user, that user gets assigned the MFA training module the same day. Training is a remediation action, not a calendar event.

3. The reporting is auditor-grade. SCORM 1.2 + xAPI on the back end, completion certificates with cryptographic signatures, evidence packages that drop directly into the auditor’s review folder. CyberSavi Academy proves the training happened, who took it, when, and what they got right.

The product is in production, used inside the CyberSavi family of MSPs.

Why Day 5

The CyberSavi family week is structured so that each day adds one layer to the stack: assess, secure egress, run continuous compliance, train. Day 5 is the human layer.

Cybersecurity people often dismiss training as the “people are the weakest link” cliché. The reality is more interesting: when training is an automated remediation step tied to actual control failures, the click-through rate on simulated phishing drops 40-60% inside three months. That’s not awareness theater. That’s a measurable risk-reduction control.

CyberSavi Academy exists to make that measurable risk-reduction the default behavior of any MSP running the CyberSavi stack.

The Velocity Process notes

What Claude Code handled: the entire Academy engine (multi-tenant module assignment, progress tracking, certificate issuance), the SCORM 1.2 + xAPI compliance (these standards are 20+ years old and the spec is dense — Claude Code consumed it and produced clean implementations), the auto-assignment hooks from CompliancePulse, the dynamic-module generation pipeline against fresh threat intel, the AWS App Runner deployment via VelocityStack.

What required human judgement: the choice to support SCORM 1.2 specifically (and not SCORM 2004 — SCORM 1.2 is what actual MSPs and their auditor toolchains expect, even though 2004 is technically newer), the decision to ship dynamic training modules instead of a pre-recorded library (more risk operationally, but the only honest answer to “is this content current”), and the call to make completion certificates cryptographically signed (most LMS platforms ship plaintext PDFs that auditors stopped trusting around 2018).

What broke: UGH…scaling SES on AWS. breaking out of the sandbox is still a process and we missed an initial validation email which put this project and sibling projects in the penalty box. Lesson learned: make sure you have an overall admin email to catch all CC: emails on critical notifications.

The CyberSavi family arc continues

  • Day 1: SecureStackScan — find the gaps.
  • Day 4: CompliancePulse — close and monitor them continuously.
  • Day 5 (today): CyberSavi Academy — train the people the gaps walk through.
  • Day 6: CyberSavIQ — personal/reputation layer.
  • Day 8: GovernAI — AI governance overlay for the EU AI Act moment.

What’s next this week

  • Day 6 (Wed May 6): CyberSavIQ — Internet Dossier + LLM Perception Report.
  • Day 7 (Thu May 7): Theme essay — EU AI Act 2026.
  • Day 8 (Fri May 8): GovernAI — closes the cluster.

Want to talk

If you run an MSP / vCISO / fractional CISO and need a training layer that isn’t compliance theater — book 30 minutes. CyberSavi Academy is in production and onboarding new MSP partners now.

Live Product →