This is a hot area, but there are already huge competitors. How do you differentiate?
replies(1):
Prior to Riot, I was the co-founder and CTO of a fintech company operating hundred of millions of euros of transactions every year. We were under attack continuously. I was doing an hour-long security training once a year, but was always curious if my team was really ready for an attack. In fact, it kept me up at night thinking we were spending a lot of money on protecting our app, but none on preparing the employees for social engineering.
So I started a side project at that previous company to test this out. On the first run, 9% of all the employees got scammed. I was pissed, but it convinced me we needed a better way to train employees for cybersecurity attacks. This is what grew into Riot.
For now we are only training for phishing, but our intention is to grow this into a tool that will continuously prepare your team for good practices (don't reuse passwords for example) and upcoming attacks (CEO fraud is next), in a smart way.
Your questions, feedback, and ideas are most welcome. Would love to hear your war stories on phishing scams, and how you train your teams!
1. From Gophish: you need to be technical and you need at least a week off to prepare the attacks. With Riot, you can be sending attacks in a matter of minutes.
2. From Knowbe4, …: those are products made for enterprise companies, that are trying somehow to adapt to smaller companies. Riot is doing the opposite: it was built with smaller companies in mind.
Overall, I think there's a huge need today for product-centric cybersecurity companies, where most of the big players are sales-centric companies.
Totally agreed, and I love this. High five from a Techstars 2020 company doing a similar product-first approach to cyber security program planning and implementation for small businesses. We use Webroot as a vendor to supply phishing right now but would love to talk. brian@havocshield.com