Prior to Riot, I was the co-founder and CTO of a fintech company operating hundred of millions of euros of transactions every year. We were under attack continuously. I was doing an hour-long security training once a year, but was always curious if my team was really ready for an attack. In fact, it kept me up at night thinking we were spending a lot of money on protecting our app, but none on preparing the employees for social engineering.
So I started a side project at that previous company to test this out. On the first run, 9% of all the employees got scammed. I was pissed, but it convinced me we needed a better way to train employees for cybersecurity attacks. This is what grew into Riot.
For now we are only training for phishing, but our intention is to grow this into a tool that will continuously prepare your team for good practices (don't reuse passwords for example) and upcoming attacks (CEO fraud is next), in a smart way.
Your questions, feedback, and ideas are most welcome. Would love to hear your war stories on phishing scams, and how you train your teams!
I say this because I ended up reporting the phishing email I received from you guys to Mailgun, and I believe accidentally got your account disabled. Sorry about that.
I called them just right after that, and I have to say they've been great so far. We agreed I would pay for a dedicated IP, and they now fully support Riot. And having a dedicated IP is actually better, because you can now remove the unexpected warning on Gmail.