Training your Culture to Prevent Cyber Security Risks

Calavista Conversations

Content provided by Calavista and Sloan Foster. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Calavista and Sloan Foster or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

6y ago 13:21

MP3•Episode home

Sloan Foster interviews Co-Founder and CEO of Living Security, Ashley Rose to discuss the value of making training part of company culture to mitigate cyber risk. Living Security has created a gamification platform to train organizations to be more aware of ways companies can be hacked from phishing expeditions to simple password policies. Living Security specializes in metric driven and engaging security awareness solutions that reduce risk by increasing security culture and changing employee behavior.

Learn more about Living Security here
Follow Living Security on Twitter
Follow Living Security on Linkedin

Podcast Transcript as follows:

Sloan Foster: 00:32
Hello and welcome to Calavista Conversations with Living Security. Today we have Ashley Rose, Founder, and CEO of Living Security. Ashley is a serial entrepreneur. She was the former Founder of Bella Bear Wear swimwear for girls that she successfully launched through Kickstarter. She has experience in product design, development and launch marketing, sales and social media engagement. She moved to Austin in 2014 and launched her career in technology, gaining experience and technical project management, quality assurance, and the agile development process. She holds a Bachelor's of Business Administration from the University of Michigan. Her passions or family, health and personal development through new experiences. I might also add, she's a mom of three. Welcome, Ashley. Thanks for joining us today. So I'm happy to be here. So tell us a little bit about Living Security. What problem are you trying to solve?

Ashley Rose: 01:24
Cybercrime is expected to cost the world over 6 trillion by 2021. And what many people don't know is that a majority, some statistics say as much as 95%, of these breaches, are caused by human error. People making mistakes. Doing something that they should not be doing that then they shouldn't be doing or doing something that they shouldn't be doing. And historically, the way companies have tried to solve this problem is through an annual compliance training done for seminars or one-size-fits-all PowerPoint training. And what we know is that this type of training does not change behavior because breaches are still occurring. So Living Security was launched, we use immersive and gamified learning techniques to engage employees with the concepts to increase retention of the material and positively reinforce good security behaviors and just as important as providing a more effective training program to the employees are also solving the gap of insight into the human risks for the organization. Our platform is built on a foundation of metrics that looks human risk across multiple facets. We knew this was important to not only provide an ROI for our product, for our customers but to allow them to target training in the areas that needed it most.

Sloan Foster: 02:35
Well, that certainly sounds exciting. So tell me a little bit more about what led you to this idea and the genesis of it. It seems like a very complicated field, one where a lot of people are trying to solve problems in it. We know problems continually exists. So why did you decide now's the time for this?

Ashley Rose: 02:53
So I can't really take credit for the ideation of Living Security. Drew, my husband and my Co-Founder, he's been in IT and security for the last 10 years. The gap between training and behavior change was really first noticed during the time he spent in the Army. He was actually firing people for making mistakes when he really felt that there needed to be a greater investment in the training for the people. So when he moved into the private sector and had the opportunity to build his own program, he took an unscalable approach to training. He actually created board games and started playing them with employees really to form the relationship with the security team and to make them better, to help them to better understand the difficult security concepts.

Sloan Foster: 03:35
So your MVP at the end of the day was a board game that now you're taking into an immersive platform. How many people have you trained first on that board game and the Living Security Escape Room?

Ashley Rose: 03:47
The board game really launched us into this idea of the Living Security Escape Room, which is what we took to market originally. We take cybersecurity concepts and we immerse them into a highly engaging training experience that you can play as a team. We've trained thousands of people through this in-person training exercise. And the Escape Room was really our way to test out our hypotheses and prove out product-market fit. So we run the Escape Room on-site for clients and at security conferences all over the country and everyone loves it. And then, like you said, we're launching our platform Cyber Escape in August, which will scale the immersion engagement insight to thousands of organizations and hopefully millions of people.

Sloan Foster: 04:26
Ashley, where was the point that you decided you needed to scale those from a physical Escape Room to a platform or software product that you can take to the masses?

Ashley Rose: 04:36
So we even knew before launching the Escape Room that we were going to need to do something at some point to scale this to more employees. The Escape Room we were able to again test out our hypotheses. Find product [and] market fit and validation that all of our clients are loving this. Their biggest complaint is, "hey, we've got tens of thousands, 50,000 employees and we can't train them all through this Escape Room." And so through that experience, we were able to work with these customers and clients and figure out what is the best way to scale the same immersive experience that they were able to give these small group of employees through the Escape Room into something that could be larger.

Sloan Foster: 05:13
Great. So you realized during that process that while you and Drew understood cybersecurity and cybersecurity risk and prevention well. You may not know how to implement the actual technology platform, which is why you enlisted Calavista. Is that a fair assessment? And in that process, what made you decide Calavista over some of the other development teams out there?

Ashley Rose: 05:38
Yeah, because we were already working with some really important clients. October is actually Cybersecurity Awareness Month. We knew that that could be a really high value add to these clients by getting them something like our cybersecurity platform in October. So time-to-market and of course releasing a quality were really critical for us. And those were also the two biggest factors and reasons we chose Calavista. You know, we talked to you guys initially and your industry high success rate of on-time and on-budget really stuck out, and then you guys also came really highly referred from another customer that's in the cybersecurity space.

Sloan Foster: 06:15
Which is Cybernance who we also have a podcast with. You can check that out, that's podcast number two. Just for those keeping track at home. So how are you on track right now for product development, launch? I know you just got back from RSA and some other big conferences. So tell me a little bit about what your, where you are right now and where you expect to be.

Ashley Rose: 06:38
Yeah, so we're, we're on time, on target for launch this August. Again, October is really critical for us being national Cybersecurity Awareness Month. A lot of organizations that we're working with make a big push for their security awareness program and so we already have a lot of companies that are signed up to pilot this, though this platform in that month. And so yeah, everything's been going extremely well. We're really happy with our choice of Calavista and really excited that we're going to be able to offer them this valuable product on-time.

Sloan Foster: 07:07
And when you launch in October, what do you expect the splash to be? I know you've had quite a bit of traction and a lot of people excited about this product.

Ashley Rose: 07:17
Yeah. So we already have close to 45 companies signed up to pilot this. We have a couple customers that are pre-paying for the platform. So we're looking at between 20-30,000 users on our platform come October.

Sloan Foster: 07:31
Those represent companies that understand this need, where their human element has impacted their corporate cyber risk at some level. And understand that you can help solve that through this immersive training program for their employees, right?

Ashley Rose: 07:45
Yes, absolutely.

Sloan Foster: 07:47
So, this is not your first rodeo. You've been a serial entrepreneur. I like to say if you've done more than one and you're considered that. Some other people might have a different definition, but nonetheless, you've been down this road before at some level. What advice would you have for other founders who have an idea and want to bring something to market?

Ashley Rose: 08:08
Yeah. So get out and start talking to your potential customers as soon as possible. The more you know about your market and their pain-points the better you will be able to address them through your product. So we were fortunate we were able to work with some really awesome customers as design partners and the product certainly helped us mitigate a lot of risks.

Sloan Foster: 08:26
Great. And what do you think are the critical components for a successful launch of your platform?

Ashley Rose: 08:32
So we already talked about some of the big ones already. Time-to-market and delivering a quality product. We were able to find a product-market fit with an immersive training experience at the Escape Room and ensuring that we can digitize that to scale without losing the experience is critical. So our design partners and user testing are helping us to ensure that that is a success. And then lastly, I would say the execution of our go-to-market strategy. So we have a highly capital efficient strategy right now taking the Escape Room to conferences as a way of getting new clients and that's proven out to be really successful with our first product. And so we're going to continue to assess and adapt during and after the launch of our platform.

Sloan Foster: 09:12
Great. So I'm going to ask you a couple of more detailed questions about the platform because I don't think we've given enough for people to be kind of wet their appetite, but not giving them a full meal here. So what is your platform going to be in Phase One? What's the capability of doing? How are you going to address some of the issues going on in the market? As you said, 95% of problems are due to human error. So what do you ultimately, what's the detail or nugget that you're actually solving to help mitigate some of that?

Ashley Rose: 09:40
Yeah, so the first version of the platform is going to really be addressing the all-around critical security awareness issues. I'm talking about password security, IoT device, and default credentials and of course phishing links, and the way that we're differentiating ourselves from our competition is through these really highly immersive storylines. So people are actually taking part in the experience and they're part of solving the problem. We've also integrated some different many challenges and puzzles and to them to keep that engagement going, and also incorporating the gamification factor of developing points and being able to play as a team and then keeping score through a leaderboard to keep motivating them to progress through the story.

Sloan Foster: 10:25
How many companies are you hoping to scale those to? You want to touch every major company. What's your sweet spot of companies that would actually use this platform?

Ashley Rose: 10:34
We're really targeting the high compliance regulated industries. The ones that are most greatly affected by breaches, so people on the financial services, government, retail, manufacturing and education, the ones that have the most to lose by the risk of a data breach.

Sloan Foster: 10:53
The way that you're actually, you're business model is an actual software-as-a-service where it's a monthly fee, monthly recurring fee for you to be able to go, your employees be able to go in and engage on a real-time, continuous basis at this level and continue the education throughout the year. Not just at one time when they get given a test or something like that.

Ashley Rose: 11:13
Yeah. The first launch of our series will be set up as a four-week campaign. But, what we're really hoping to do is get people actively engaged with security awareness on a continuous approach as you mentioned. There's also some other areas of the business that we can implement our program into. Like HR on-boarding training so that people actually interact with security awareness when they first get into the company and really just help them build that strong culture from the ground up. In Phase Two and then onward, building out the role-based training and be able to really touch on other important areas like privacy. I'm looking at different compliance like PCI and HIPPA. And then, of course, the, insight and our human risk dashboard is going to be our next big push. Being able to start quantifying the risk and looking at different metrics that we can integrate with different technology systems.

Sloan Foster: 12:04
Great. So today if someone wants to get in touch with you and learn more about one, either the physical Escape Room, which I've actually done, I've done it at Innotech Austin last year and loved it. I'm not a techie. I just play one on tv, or the radio in this case and really enjoyed the interaction part of it and the team building. But so I wanted to learn about that and then also learn more about your platform. Where can they learn more?

Ashley Rose: 12:29
Yep. So we have a website, www.livingsecurity.com. Also, please feel free to email me. It's ashley.rose@livingsecurity.com.

Sloan Foster: 12:39
All right, Ashley. Thank you so much for joining us today and we're happy to be working with you and see great success with your product and excited to be a part of it. So thank you very much.

Ashley Rose: 12:49
Thank you, Sloan.

5 episodes

#Tech #Business #Technology #Software Development #Software Testing #Java #Agile #Continuous Development #Austin #Sloan Foster #Calavista #Startup #DevOps