RUBRIK & LIVING SECURITY
Employees don’t become cybersecurity savvy overnight. It takes strategic education, commitment, creativity, and a team dedicated to the ongoing process of training to ensure companies follow best practices and employees are well-versed in risk mitigation.
When the time came for Vinitha Varadarajan, Head of Governance, Risk and Compliance at Rubrik, to choose a partner for their Cybersecurity Awareness Month (CSAM) training activities, she and the team were excited about the program offerings Living Security provided - especially for a company like Rubrik, who puts a great deal of energy into ongoing education and training for its employees.
Vinitha Varadarajan, Head of Governance, Risk and Compliance at Rubrik
ALIGNING SECURITY CULTURE WITH EDUCATION
Rubrik’s culture has a strong focus on innovation, and Vinitha knew there were unique micro-cultures within the company that view cybersecurity from a different lens. Teams have different backgrounds and levels of experience and expertise with regards to cybersecurity - one size does not fit all. What she knew was that in order to make Cybersecurity Awareness Month as successful as possible was to make it as customized, memorable, and as impactful as possible.
INNOVATION THROUGH CUSTOMIZATION
Rubrik’s security education program, including CSAM, is focused on three key tenets:
- Positive reinforcement - rewards and recognition for good behavior and decisions by users
- Gamification - how to incentivize participation and drive engagement
- Interactive, "in the moment" learning based on user actions.
Rubrik’s corporate security leadership created a security culture and education program that focuses on learning experiences with positive outcomes, which matched what Living Security offered. Vinitha and the team found that most security awareness programs were focused on how to scare or punish employees through check-the-compliance-box trainings, and they knew that Rubrik needed something different, something better.
Living Security’s CSAM solution offered something new, with interactive, fun, memorable trainings and sessions with company-wide leaderboards for gamification.
CULTURE AND MICRO-CULTURE
Some key learnings presented themselves through the CSAM activities. The CyberEscape room participants had varied experience levels and backgrounds which led to different content being focused on and discussed after the sessions. What the Rubrik team found was that engineers who were more tech-savvy discussed social engineering tactics through their escape room and afterward, and were more competitive in chasing the best leaderboard times. The other groups with employees with less technical experience were not as competitive in chasing the lowest completion times, but engaged differently with the content and puzzles, bringing up discussions while actively learning more about how cybersecurity applied to them personally and in their roles.
TAKEAWAYS FROM LEARNING, NOT JUST 'CHECK THE BOX'
One of the favorite sessions, led by Chris Hadnagy, leading cybersecurity author and entrepreneur, talked about password managers. The discussions that spun off from the browser-based vs password manager debate amongst the Rubrik team were informative, lively, and focused on how even with some browser updates that made native browser-based password managers safer, they were not as secure as a true password manager. It helped employees dispel misconceptions and myths about what made for good cybersecurity practice and were directly applicable to their personal lives as well. Living Security’s Family First sessions, focused on providing resources to help keep kids safe online, were a huge hit with the employees as well and they appreciated having cybersecurity practices that they could take back to their family life.
NEXT STEPS FOR INNOVATION AND IMPROVEMENT
One of the key items that Vinitha and the team were excited about was how this year’s CSAM helped kick off a new chapter in the cybersecurity training and awareness program for Rubrik. This was a culture change event and helped dispel the misconceptions about cybersecurity. The improv sessions were among the favorites and participation and engagement from the executive team in these really helped reduce apprehension about security education, while showing that everyone plays a part in helping Rubrik improve their security posture and security culture.
Want to see how Living Security can help you deliver proven, lasting change to your security culture and cybersecurity posture? Check out these valuable, free resources: