Unlocking HootScore: Your Ultimate Guide to Mastering User Scoring

Welcome to your go-to resource for understanding and leveraging the HootScore system. This guide will walk you through the ins and outs of user scoring, helping you configure and monitor it like a pro for your organization.

What is HootScore?

The HootScore is a powerful metric, ranging from 0 to 100, that reflects a user’s engagement with their assigned security training. It combines multiple training components into a single, easy-to-understand score. This allows you to quickly identify top performers and those who might need a little extra help.

Breaking Down the Score Components

The HootScore system includes up to four main components, plus an adjustment for real-world phishing failures. Each component corresponds to a specific type of training activity:

Phishing: Simulated phishing tests assigned to the user.
Video: Security awareness training videos that the user must watch and complete.
Policy: Required company policies that the user must read and acknowledge.
Optional: Additional or supplemental training modules that you may choose to assign, which the end user is not required to complete.
AttackPhish: An adjustment factor based on whether the user has failed real phishing tests recently.

Enabling Components

The components included in scoring depend on your account and settings configuration.

For Autopilot Users:

You can enable or disable components for each customer:

Video: Enabled by activating the Video Power-Up.
Phishing: Enabled by activating the HootPhish Power-Up.
AttackPhish: Enabled by activating the AttackPhish Power-Up.

Note: Optional or policy assignments are not currently available in Power-Up and will not be included in the user’s HootScore.

For Power Users:

All components are included by default. Scores are only affected by the components that are used.

Calculating Scores

The system calculates scores through a series of steps:

Identify Enabled Components: The system checks which modules are active for each customer.
Gather User Data: For each active module, it counts assignments, checks completions and timeliness, counts attempts, and calculates an average score. Late submissions and extra attempts slightly lower the component score, and real phishing failures lower the AttackPhish adjustment.
Apply Component Weights: The final HootScore combines the components using default weights that adjust automatically depending on which components are enabled.
Adjust for Real Phishing Failures: If AttackPhish is active, recent failures reduce the final score by up to 10%. Older failures have a lesser impact or none at all.
Cap at 100: The final calculated score is always limited to a maximum of 100.

Data Available to Administrators

When you check a user’s score, you will see detailed information including:

HootScore: Overall score (0–100).
Phishing Score: Score for phishing training.
Video Score: Score for videos.
Policy Score: Score for policy acknowledgments.
Optional Score: Score for extra training.
AttackPhish Score: Score for real phishing failures.
Completed Assignments: Total number of assignments completed.
Num Attempts: Total attempts the user made across all assignments.
AttackPhish Failures: Number of phishing test failures.
Late Submissions: Number of late submissions.

Making the Most of the Information

Use the HootScore to quickly spot users who need reminders or additional help. Users can see their HootScores and rankings in the ‘My Cyber Rank’ tab on their assignments dashboard. Here, they can compare their scores against other users in their company and view detailed scoring history with recommendations for improvement.

Autopilot administrators can see user rankings and HootScore details by viewing the ‘HootRanks’ page, found in the ‘Next?’ section under a customer’s users. Review which components are enabled for each customer to ensure your training program fits your needs and adjust Power-Ups as needed to include or exclude specific modules.

For further assistance, contact our support team if you have questions about configuring Power-Ups, enabling or disabling components, or interpreting scores.