Everything You Wanted to Know About Cyber Escape - From Its Creators

Cyber Escape.png

Living Security had a great month running Cyber Escape training games with companies of all sizes! The interactive security training platform is up and running and people are already saying they want to do more training like this. But for those who haven’t had a chance to try Cyber Escape yet, what is it? And how does it make a difference? Ashley and Drew Rose, creators of Cyber Escape, sat down and answered these questions and more...

So, let’s start out with the basics. In your words, what is Cyber Escape?

Cyber Escape is a gamified security awareness training platform. It was created with the trainee in mind: keeping them engaged with a fictional, live-action training series produced with the highest standards of quality. Our training platform keeps people motivated by using behavioral science and bleeding-edge game design, which increases retention of the material and reduces security risk for the organization.

What inspired you to create a gamified platform like this?

For 20 years, security awareness training has remained the same: ineffective and boring. It is a disservice to the trainee, and can actually increase risk by creating a negative security culture within the organization. Training should be fun, challenging, interactive, and memorable, leading to an increase in retention, a change in behavior, and ultimately, a reduction in risk.

Who did you have in mind when you were building Cyber Escape?

There are two parties we had in mind. First, we wanted to give the end user a training program they will WANT to participate in, not just have to participate in. Secondly, we wanted to give the security team metric-driven tools to use within their security awareness program.

What makes Cyber Escape different from other training programs?

Everything about it is exciting and different! Its engaging and interactive nature makes it unique. The motivation it drives for participation, and its lasting impact on retention and security culture make Cyber Escape a must have! When is the last time you heard of a training program being described as “delightful?”

What was the process like in building the Cyber Escape platform?

We started designing Cyber Escape by asking a million questions of our clients. We wanted to ensure that Cyber Escape would provide the value that security awareness program owners are looking for. We then brought in several industry visionaries as design partners, and included them in every major decision. From the script of the first series, to the puzzles the series is built on, to the content and even gameplay, the design partners were essential in helping to build the product as you see it today, and we are very grateful for their participation.

What was your biggest challenge in the process?

Everyone loves games. Designing games that need to intrigue, and capture the attention of everyone can be a very daunting task, but we were excited to accomplish this. We tried our best not to isolate any trainees through the storyline, the characters, the difficulty level of the puzzles, or the design of the platform. Engaging with an expert behavioral designer to make the game-flow simple to understand and work through was essential.  

What has been your biggest win, and what was the most rewarding aspect of the creation process?

We did a survey early on as we were about to launch the platform, and Over 95% of participants surveyed said they wanted to take the training again. This is a huge testament to meeting our goal of building a training platform people actually wanted to use.

What’s next for Cyber Escape?

We have two major value-driven focus areas: expanding our metrics and creating a feedback loop for more targeted role-based training. We believe in looking at human risk from a holistic perspective which includes many different areas of measurement. Through partnerships and integrations we are providing our clients with the ability to customize and automate their metric collection and analysis when it comes to human risk.

Next up in targeted role-based training is Secure Coding and what we call Gatekeeper training. These are the people that guard access to sensitive data, technology, and processes through their daily job functions, such as executives, executive assistants, data owners, program owners, super users, security and IT staff, and more.

Gatekeeper Training will focus on moving training from what threats are and how to properly defend against them, to identification of vulnerabilities and ways to mitigate them before incidents occur, rather than after. Think of it like threat-modeling for the end user.

Well, now that you know how Cyber Escape came to be, why not see it for yourself? Check out the trailer here.

Drew Rose