The vulnerability of users to social engineering is well known, however very few techniques have been developed to successfully mitigate the threats users unwittingly expose our infrastructure to. Annual training and awareness campaigns have done little keep users vigilant against the many forms social engineering, especially phishing emails. Phishing is regarded as one of the most effective social engineering attacks. In this paper we describe an effort to increase the awareness of users through a campaign of training, policies, and assessment.