DON'T TAKE THE BAIT
Created by The Project Cheesecake Team
on behalf of
Insightful Phish is a web-based cybersecurity awareness and training platform that helps individual trainees and organisations learn how to recognise and respond to common cyber threats, especially phishing attacks.
The platform vision combines realistic attack simulations with interactive training to create a practical learning experience. In later demos, organisation admins should be able to build campaign-based training from reusable simulated inboxes, training documents, quizzes, and richer simulation components. The system can then track trainee interactions safely and provide feedback to help trainees improve.
In addition to simulations, the platform uses training material and quizzes to teach trainees how to identify suspicious behaviour, avoid common mistakes, and build better security habits.
To support organisations, Insightful Phish is intended to provide future reporting and insights that highlight trainee progress, campaign completion, quiz results, risky behaviour, and organisation-level risk. These reporting dashboards are later-demo direction, not part of the current Demo 1 trainee flow.
By focusing on human behaviour, the most common source of security breaches, the platform helps individuals and organisations reduce risk and build a stronger security culture.
DON'T TAKE THE BAIT. LEARN TO SPOT IT.
Demo 1 is an early local prototype of the trainee journey. It is not a complete final SRS or full-year platform implementation.
- View and open seeded simulated inbox emails
- View seeded training material
- Complete a simple quiz flow and view results
- Login, logout, and register
- Form (login and register) and payload validation
- Basic theme, navigation (sidebar), and trainee-facing feedback states (e.g., training material or quizzes started, not stated, etc.)
Future platform direction includes organisation admin campaign builders, trainee/user management, reporting dashboards, real email delivery to actual inboxes, AI-assisted content generation, and advanced simulations such as fake login pages, richer link/attachment interactions, calls, or password-checker activities. Real email delivery must be opt-in and ethically constrained. AI-assisted generation remains future-facing and would require controlled schemas, prepared context, and review; training a custom model is undecided and is not promised.
Demo 1 runs locally. Deployment to Southern Cross infrastructure is a later target.
- Project Board: https://developer.insightfulphish.co.za/repository/project-board
- Project Issues: https://developer.insightfulphish.co.za/repository/issues
- Project Pull Requests: https://developer.insightfulphish.co.za/repository/pull-requests
- Functional Requirements (SRS): docs/demo1/SRS.md
- API Contracts: docs/demo1/API.md
- Architecture: docs/demo1/architecture.md
- Traceability: docs/demo1/traceability.md
- Testing Plan: docs/demo1/testing.md
- Design Specification: docs/demo1/DESIGN.md
- Diagrams: docs/demo1/diagrams/README.md
- Wireframes: docs/demo1/wireframes/README.md
- Demo 1 Video: YouTube
This repository is organised as a pnpm workspace monorepo:
apps/frontend: React, Vite, and TypeScript trainee-facing frontendapps/backend: Express, TypeScript, Prisma, and PostgreSQL backendpackages/shared: Shared TypeScript types and validation contracts
The project uses a lightweight feature-branch workflow with dev as the integration branch and main as the stable branch. Developers create short-lived feature/*, fix/*, chore/*, or docs/* branches from dev, open pull requests back into dev, and promote stable milestone work from dev to main.
|
|||
|
|||
|
|||
|
|||
|
While roles are clearly defined, the team will work collaboratively across different areas of the system. Members will support one another where needed, ensuring flexibility and consistent progress throughout the project.
teamcontact@projectcheesecake.co.za








