Safety Detectives had the pleasure to interview Craig Taylor, a Certified Information Systems Security Professional (CISSP) since 2001, and 25-year veteran of Cybersecurity.
During his career, he has led cybersecurity organizations in Web Hosting (CSC), Finance (JP Morgan Chase), and manufacturing (Vistaprint). Additionally, Craig leads a cybersecurity consultancy delivering virtual Chief Information Security Officer (vCISO) services to more than 30 companies (all sizes and industries). Craig is also a Toastmaster (public speaking), a Rotarian (Portsmouth, NH), and a philanthropist having raised 100k riding in the Pan Mass Challenge for 10+ years.
We talked about Cyberhoot, his co-founded cybersecurity training company, to learn how they help SMBs and MSPs learn cyber literacy since 2014, and the benefits that come with improved cybersecurity awareness for both businesses and individuals.
What is your story and how did you come up with the idea of this course?
After many years practicing cybersecurity in corporations, I saw a real need to help Small and Medium-size Businesses (SMBs) build cyber literacy in their people.
Enterprise solutions just don’t work for SMBs nor do they work for Managed Service Providers (MSPs). Enterprise solutions were too cumbersome, costly, and long. SMBs/MSPs needed friction free products that accomplished the mission for a lot less time, money, and speed bumps.
Enter CyberHoot, a password-less, open platform, delivering short, entertaining awareness training videos and innovative positive-reinforcement-based phish testing.
While the entire industry is using negative reinforcement phishing tests, we use positive reinforcement, educational, zero administration phish testing. This is what the people want. This is what the MSPs and SMBs want.
Automation, reporting, and high compliance are the hallmarks of CyberHoot’s training and testing platform. There are a myriad of other benefits too including Product Training, Dark Web monitoring and reporting, and even a governance policies module to adopt and deliver password policies, WISPs, or any PDF to your employees for a legally binding signature. In summary, CyberHoot is a Cybersecurity Program Development solution for SMBs and MSPs to adopt.
Who is this course for? (And who is it NOT for?)
CyberHoot is all about Cyber Literacy. Many if not most people are computer literate, meaning they can operate a mouse, keyboard, and email on a daily basis. However, few are Cyber Literate, meaning they know how to do these things safely, confidently, and securely. This puts individuals and businesses at enormous risk. Hackers attack us more often, with more sophisticated attacks, that do more damage, than ever before. Because it is so financially rewarding (just read the news about Ransomware payouts in millions of dollars), more and more hackers are getting involved. This means the cyber literacy skills CyberHoot teaches apply to anyone who operates a computer and owns an email address.
Becoming Cyber Literate means you will be more marketable, productive, and valuable to your employers. It means you will be more effective in your job with lower stress levels processing email confidently, efficiently, and most importantly, securely. Being able to pass phishing and cyber resiliency tests means you will not be a liability to yourself or your employer.
❌ Many employees balk at the 45 min. videos they have to watch in some typical cybersecurity training programs. Others grumble and get sick with anxiety about failing phishing tests and the consequences to their careers for doing so.
✅ CyberHoot alleviates these concerns through its positive reinforcement approach to teaching cyber literacy. Our videos and phishing tests are short (under 5 minutes) in duration. We use a minimum essential approach to teaching you the knowledge you need to stay safe online today.
Best of all, CyberHoot is free for individuals. Our 6 months bootcamp program teaches individuals the Cybersecurity 101 of modern cyber literacy. Companies and MSPs can enroll for a modest cost competitive with the industry. However, no other product has a patent pending phishing exercise that rewards employees with passing a test, provides close to 100% compliance metrics showing every last employee completed the exercise, and enhances rather than stresses the employee-IT relationship.
Cybersecurity threats are not going away. You cannot afford to ignore cyber literacy for yourself and your employees.
➡️ Enroll in CyberHoot today for a free 30-day trial
Begin your cyber literacy journey and you’ll be more efficient, confident, and secure!
What will people learn in this course?
Cyber Literacy focuses on building a better Human Firewall. With nearly 90% of breaches tied back to human errors, no amount of technology can protect individuals or companies from breaches. You must close the knowledge gap on cyber security threats you face. This is where CyberHoot helps.
CyberHoot teaches the following topics using multiple industry experts:
- Introduction to Hackers, their motivations, methods, and tools.
- How to spot and avoid Social Engineering attacks (phishing, smishing, vishing, and quishing)
- The importance of strong password hygiene and how to achieve it.
- The risks and benefits to Password Managers
- The importance of Multi-Factor Authentication.
- Wi-Fi Insecurities Explained.
To these foundational six topics above, we add various other topics such as Physical Security basics, insider threats, and the dangers of random USB keys you may find. Other topics are added to the curriculum as threats emerge in near real-time.
Cyber Literacy is much like physical fitness. If you try to get fit in a single day-long work-out once a year – what will happen? Best case, you’ll be sore as hell! Worst case, you’ll injure yourself.
Cyber Literacy is a marathon you build over time with monthly exercises that build muscle memory. CyberHoot delivers these topics in short 5 min. Videos and quarterly interactive, positive reinforcement-based phishing simulations. Fully 60% of surveyed CyberHooters have said they would miss the training and testing they go through if it went away! That’s a lot of happy people working out in the gym of cyber literacy.
The cost of not educating employees is quite serious. Cybersecurity Ventures estimates the global cost of cyber breaches will be $8 Trillion dollars in 2023 growing to $10.5 trillion by 2025. To an SMB or MSP, a ransomware event or business email compromise can lead to 10’s of thousands of dollars in costs, not to mention reputational damage, client departures, and downtime.
Ben Franklin, when speaking about Fire Prevention in the 1800’s said it best:
“An ounce of prevention is worth a pound of cure.”. Modernized, this statement applies to cybersecurity, literacy, and avoiding breaches.
A little up front effort to train and test your employees goes a long way to reducing risk of compromise.
How is the course structured?
CyberHoot has a time tested approach to teaching cyber literacy. Since we have eliminated passwords in favor of trainees clicking on a training link unique to them sent to their inbox, CyberHoot sends out a welcome email to each enrolled student. This announces the lack of a login, the requirement to click on a training link from a known training partner. We encourage company leadership to forward this message ahead of commencing training to all staff to avoid staff members from thinking the emailed link is itself a phishing or social engineering attack.
Following the onboarding welcome email’s delivery, training starts the next day with 6 foundational videos as outlined above followed by a monthly video topic. Many topics critical to cybersecurity are repeated around MFA, Password Hygiene, Social engineering, and phishing attacks.
A quarterly interactive phishing assignment is sent out to all enrolled. This teaches how to identify phishing indicators across the seven components of an email:
- Sender
- Subject
- Greeting
- Spelling, punctuation, and grammar
- Urgency or Emotionality
- External Links
- Attachments
These are pieces of a puzzle. Most people decide whether an email is a phishing attack with only 1 or 2 puzzle pieces. That is a very murky and difficult call. CyberHoot completes the puzzle providing each user a crystal clear picture of what could indicate a malicious phishing attack.
Once any test is complete, CyberHoot provides two additional resources. A summary of the quiz questions, responses, and some dialogue around the context or importance of each question in the quiz. Secondly, students can download a certificate of completion. For some employees, continuing education credits are required to maintain a certification, CyberHoot provides a small amount of continuing education credit to each assignment.
How to enroll and prices:
- The pricing model is quite cheap for individual students – it’s FREE!
- Companies can schedule a demo and receive pricing directly on our website.
- For MSPs and MSSPs and Partners, you can receive pricing for two unique platforms: Autopilot and Partner.
Students stories
“Thank you, I am no longer a basket case reading through my inbox worried sick about making a mistake and getting on the company’s naughty list for failing yet another phishing attack test.”
“CyberHoot’s quick videos and phishing simulations have made me more productive, confident, and obviously, secure! Thank you!”
Enrolling and completing the 5 min. monthly training assignments helps you become Cyber Literate. The old adage of not having to be faster than a bear chasing you just faster than the slowest person being chased applies to cybersecurity. Hackers often attack the easiest targets leaving cyber literate people and companies to themselves. However, when they do target you, and they will, they will fail because of your 21st century skill(z) you now have with CyberHoot.
As a small business we didn’t have the budget for our own Cyber Security advisor so when we found CyberHoot, we signed up immediately. With CyberHoot, we get regular training videos with questions to challenge what we learned. We learn something new every time. I would highly recommend CyberHoot to anyone looking for this type of training.
Heather Ashton – CPA Firm Owner
After 9 months of CyberHoot awareness training, a Financial Management firm with $4 Billion in assets was phish tested by the Fellsway Group. They had zero (0%) employees click on the phishing test. In contrast, the exact same phishing attack had a 30% click rate at another client that had not yet done CyberHoot training. The product really proves its worth!
John Mumford – Founder Fellsway Group
Managed Service Providers (MSP’s) are constantly bombarded with new vendors and products that either overlap with a product already in our line cards or is difficult to get client buy in. Cyberhoot brings a new product/service to the MSP space that is unique and compelling. CyberHoot allows MSP’s to shape the learning experiences of their clients resulting in powerful outcomes. I highly recommend you take a look at CyberHoot for your Learning Management System needs.
Chris Johnson, Founder & CEO | Pinpoint Solutions Inc
What else is needed to get the best out of what you teach in the course?
Cybersecurity and resiliency is only as strong as the weakest link – the humans in your organization. Many times CyberHoot witnesses a company embark on training their employees, but limiting the training to FTEs with an email address. They skip consultants, subcontractors, coaches, or administrators that have email addresses, and computers inside the company. This means the weakest links are those individuals not receiving training with access to your networks, computers, and data. Train everyone.
Another common mistake is overtraining and under-training employees. Some companies have a knee-jerk reaction to a breach or incident and start training employees daily or weekly. It quickly becomes overwhelming for the staff and compliance drops off. A smooth monthly cadence is the sweet spot for effectively changing your employees and culture toward cyber literacy. On the other hand, there are companies that want it done and over with once a year. This does not work; you will hurt your staff and your company. Train consistently over time (monthly).
With Cyber Literacy, slow and steady usage of positive outcome tools and assignments wins the race Every Time!