Cybersecurity is arguably one of the hottest technology sectors today. Venture capital funds invest millions of dollars into startups while most companies tout the benefits of zero trust and secure application access. What often gets lost in these conversations is that most of the fallout from phishing and ransomware attacks is a direct result from human error.
That’s why I was particularly interested in speaking with Austin-based Living Security. Founded in my hometown by CEO Ashley Rose in 2017, the startup seeks to taking security compliance training to the next level. She and I recently discussed Living Security’s approach of using human risk management to complement an organization’s security infrastructure. Today I would like to share what I find most compelling about the platform.
Moving from compliance to behavioral change
Before jumping into our conversation, it might be helpful to provide some background on Living Security’s origin. Rose’s husband and company cofounder Drew Rose held high-level security access while working with the U.S. federal government on cybersecurity-related endeavors. It quickly became apparent to the couple that it ultimately falls to individuals and groups to ensure effective security endpoint solutions and appliances. Traditionally, this effort was accomplished through computer-based training modules focused on compliance. What the Roses discovered was an opportunity to level up security awareness and drive behavioral change.
Living Security aims to deliver a more targeted, data-centric approach—one that drives a lasting change in human behavior, or “security hygiene.” In the early days of the company’s existence, this involved physical escape room-styled training sessions. Over time, it has transitioned to a Software-as-a-Service platform that offers a wide variety of content, playbooks and campaigns tailored to a customer’s specific needs. All of this is easily accessible via an intuitive dashboard.
The pandemic pivot
Like many other companies during the height of the pandemic, Living Security needed to redefine its go-to-market approach. The company invested heavily in digital capabilities, creating a new virtualized escape room experience in a matter of a few months. The company also launched a phishing simulation service that uses benign employee-directed email to gauge a company’s vulnerability. Phishing is still one of the most challenging scams for IT departments to thwart in corporate environments given the lateral movement of the threat through corporate networks.
Currently waitlisted, Living Security’s Unify platform promises to bring its current teams, training and phishing simulation together to measure and quantify human risk, identify the most significant risks, determine appropriate action and ensure ongoing risk mitigation. The data-centric architecture aims to integrate with some of the largest security endpoint providers via application program interface (API). Today, Unify’s roughly nine integration points include Microsoft and VMware Carbon Black, but many more are purportedly in the works. In my opinion, too many cybersecurity companies take a walled garden approach. There is a reluctance to expose APIs because these companies also want to sell adjacent solutions. Living Security, however, is taking a more open approach, hoping to improve the resiliency of the security infrastructure and SecOps efforts.
Living Security’s vision is to measure, predict and be proactive concerning human security risk management. I am impressed with the company’s progression over its four-year journey and customer wins with companies such as Charles Schwab, CVS, Sony, Target, T-Mobile and others. Ultimate success will lie in the Living Security integrations with security solution providers. If it can overcome that hurdle, it will be a compelling offering that compliments the deployment and management of security infrastructure.