Glory Okwata, Mohammad A. Razzaque
Cybersecurity awareness training has historically adopted a one-size-fits-all approach, despite established individual differences in how users process and retain security information. Personality has been proposed as one axis along which training content might be tailored; yet no prior study has implemented and empirically evaluated a complete personality-conditional system end-to-end. This paper reports the design, implementation, and quasi-experimental evaluation of \emph{TailoredSec}, a mobile cybersecurity awareness application that routes training content based on a user's dominant Five-Factor Model (FFM) personality trait, as measured by the ten-item Big Five Inventory (BFI-10). Seventy-four UK-based adults were allocated to a traditional video-training condition ($n = 40$) or a personality-conditional condition ($n = 34$). Both groups completed a four-item scenario-based pre-assessment (scored 0--40), a single training session, and an equivalent post-assessment. The personality-conditional group additionally completed the BFI-10 (Big Five Inventory-10) and was routed to one of four training modules covering five FFM traits (Conscientiousness and Neuroticism share a module). Pre-assessment scores did not differ between groups ($t(69.1) = 0.43$, $p = .67$), confirming baseline equivalence. The personality-conditional group scored significantly higher on the post-assessment ($M = 35.88$, $SD = 5.00$ vs $M = 30.75$, $SD = 10.23$; Welch's $t(58.5) = 2.81$, $p = .007$; Cohen's $d = 0.62$; 95\% CI $[1.47, 8.79]$ marks), with a pass-rate of 100\% versus 77.5\% (Fisher's exact $p < .01$). These results offer preliminary support for personality-conditional content routing as a feasible design principle for cybersecurity awareness training.