Rubrik - A Cybersecurity Awareness Month Success Story
The Client
Living Security's program for cybersecurity awareness month can be tailored to any organization or audience group. It has absolutely changed the way we reach out, train, and have created proven & lasting change at Rubrik.
Khushboo Kashyap
Senior Manager, Security Governance and Risk Management, Rubrik



The Solution
ALIGNING SECURITY CULTURE WITH EDUCATION
Rubrik’s culture has a strong focus on innovation, and Vinitha knew there were unique micro-cultures within the company that view cybersecurity from a different lens. Teams have different backgrounds and levels of experience and expertise with regards to cybersecurity - one size does not fit all. What she knew was that in order to make Cybersecurity Awareness Month as successful as possible was to make it as customized, memorable, and as impactful as possible.
INNOVATION THROUGH CUSTOMIZATION
Rubrik’s security education program, including CSAM, is focused on three key tenets:
- Positive reinforcement - rewards and recognition for good behavior and decisions by users
- Gamification - how to incentivize participation and drive engagement
- Interactive, "in the moment" learning based on user actions.
Rubrik’s corporate security leadership created a security culture and education program that focuses on learning experiences with positive outcomes, which matched what Living Security offered. Vinitha and the team found that most security awareness programs were focused on how to scare or punish employees through check-the-compliance-box trainings, and they knew that Rubrik needed something different, something better.
Living Security’s CSAM solution offered something new, with interactive, fun, memorable trainings and sessions with company-wide leaderboards for gamification.
CULTURE AND MICRO-CULTURE
Some key learnings presented themselves through the CSAM activities. The CyberEscape room participants had varied experience levels and backgrounds which led to different content being focused on and discussed after the sessions. What the Rubrik team found was that engineers who were more tech-savvy discussed social engineering tactics through their escape room and afterward, and were more competitive in chasing the best leaderboard times. The other groups with employees with less technical experience were not as competitive in chasing the lowest completion times, but engaged differently with the content and puzzles, bringing up discussions while actively learning more about how cybersecurity applied to them personally and in their roles.
TAKEAWAYS FROM LEARNING, NOT JUST 'CHECK THE BOX'
One of the favorite sessions talked about password managers. The discussions that spun off from the browser-based vs password manager debate amongst the Rubrik team were informative, lively, and focused on how even with some browser updates that made native browser-based password managers safer, they were not as secure as a true password manager. It helped employees dispel misconceptions and myths about what made for good cybersecurity practice and were directly applicable to their personal lives as well. Living Security’s Family First sessions, focused on providing resources to help keep kids safe online, were a huge hit with the employees as well and they appreciated having cybersecurity practices that they could take back to their family life.
The Experience
NEXT STEPS FOR INNOVATION AND IMPROVEMENT
One of the key items that Vinitha and the team were excited about was how this year’s CSAM helped kick off a new chapter in the cybersecurity training and awareness program for Rubrik. This was a culture change event and helped dispel the misconceptions about cybersecurity. The improv sessions were among the favorites and participation and engagement from the executive team in these really helped reduce apprehension about security education, while showing that everyone plays a part in helping Rubrik improve their security posture and security culture.
Want to see how Living Security can help you deliver proven, lasting change to your security culture and cybersecurity posture? Check out these valuable, free resources:
ABOUT LIVING SECURITY
Living Security is a cybersecurity training company, working to reduce cyber risk through impactful, human-focused training.
Living Security’s focal point is decreasing human error–the greatest cybersecurity risk enterprises face–through immersive and intelligence-driven training solutions. Their science-based approach drives user engagement and reinforces positive security behaviors, integrates threat intelligence to train on the most relevant user-facing threats and delivers metrics that enable companies to measure the effectiveness of the program.