Exclusive Interview: Living Security CEO, Ashley Rose
In November of 2018, the Proven Data team had the opportunity to participate in the Living Security Escape Room challenge at the Infosecurity North America conference in New York City. The focus of their security training program is to have employees engage in data security challenges that help spotlight awareness via learning experiences. Fundamentals of the challenge require problem solving and teamwork to work through the obstacles and collect clues. The program highlights various security incidents businesses can face such as phishing, password compromises, and data breaches. It is such an informative and entertaining event that must be experienced to truly enjoy!
After having a positive experience with the challenge, we’ve decided to collaborate with our colleague Ashley Rose, CEO & Co-Founder at Living Security, to explore into this emerging security training experience! Here is our exclusive interview:
When did Living Security come to life, and why do you feel such a strong connection to security awareness experiences?
“Our team is made up of security practitioners, subject matter experts, entrepreneurs and builders. The idea stemmed from having first hand experience with the problem while Drew was the security program owner at multiple organizations throughout his career. When searching for a better solution and a way to engage his users with cybersecurity, his passion for people and fun led him to building a program that was focused on the person instead of just meeting compliance. It’s proven that people learn and retain information when they are engaged and active in learning. This left an opportunity for us to meet a huge need in the market and make an impact on not only the enterprise, but people’s lives.”
How is your team researching & developing new training exercises as cyber threats continue to evolve and change?
“Short-answer: by being observant storytellers. Our intelligence team uses automated open-source intelligence (OSINT) feeds to collect information on emerging threats, vulnerabilities and technologies. Then, we apply the appropriate content tags, analyze the information to produce intelligence, break the intelligence down into its constituent parts and develop a story. Each one of our training exercises is a patchwork of intelligence stories woven together, influenced by each client’s unique cultural fabric. Said another way, we turn tradecraft knowledge into the kind of story our audience will appreciate and understand. Intelligence drives everything we do.”
What are the different responses you get from clients and security professionals after they complete the challenges?
“We asked our clients to describe Living Security in three words, and overwhelmingly the response was, “Engaging” “Immersive” and “Fun”! Both our in person escape room and online Cyber Escape platform, bring cybersecurity to life in a way that has never been done before. This quote from our client describes the way we form parallels between what the users are interacting with and the risks and threats they face in real life: It’s a fun way to raise cybersecurity awareness, and to demonstrate how cyber criminals use different types of methods to mislead you into giving up sensitive information. You see the red flags that indicate a phishing email with malicious intent and players were reminded how important it is to protect their passwords.
Just as important as our client feedback, the users, the ones we are working so hard to reach to truly make an impact reducing risk for our clients, give us the same positive response. 96% surveyed say they want to take our training again, and a survey sent out by our client received 100% responding that if our program was offered as an optional training, they would sign up. When’s the last time you heard of employees signing up to take additional cybersecurity training?!”
What can we expect from your team in 2019?
“We knew when we launched Living Security that we needed to solve two gaps in the market in order to create the most effective program. We have been very successful at creating immersive cybersecurity training that gets users engaged. In 2019 we are focusing in diving in the the data. Our program has been designed in a way where we are capturing industry first data points on risk, susceptibility and security culture. By combining these metrics with behavior data we are generating unique insight to help program owners refine their program and train the right people on the concepts and threats that will make the most impact on risk reduction and take their security program to the next level.”
Thank you to Ashley Rose and the Living Security Team!