Cybersecurity training is one of those things that everyone has to do but not something everyone necessarily looks forward to.
Living Security is an Austin-based startup out to change cybersecurity training something you look forward to, not dread. And the company has just closed on a $14 million Series B to continue its expansion beyond cybersecurity awareness training into human risk management.
Washington, D.C. based-Updata Partners led the financing, which also included participation from existing backers previous investors Silverton Partners, Active Capital, Rain Capital and SaaS Venture Partners. The investment comes after $5 million series A, led by Austin-based Silverton, raised last April.
Husband and wife Drew and Ashley Rose founded Living Security out of their house in June 2017 with the mission of making cybersecurity training less boring and more effective via gamified learning with live action immersive storylines, role-based micro modules and reporting.
Living Security launched with its flagship product — Cyber Escape Room. When the pandemic hit, the startup brought its in-person training sessions online through the launch of CyberEscape Online.
With more people working remotely, the need for the type of offering Living Security provides has become even more paramount, considering how many people use personal devices for professional reasons, among other things. Employees are more vulnerable than ever to inadvertently providing entry points into the networks of the enterprises where they work — whether through social engineering, phishing or other methods.
Today, Living Security works with over 100 large enterprises to train their global workforces to better protect sensitive data and secure their organizations. The startup’s customer list is impressive, and includes large enterprises such as CVS Health, Mastercard, Verizon, MassMutual, Biogen, AmerisourceBergen, Hewlett Packard, JPMorgan and Target.
So it’s not a big surprise that in 2020, Living Security tripled its revenue and employee headcount and more than doubled its customer count. The company declined to provide hard revenue figures, saying only that ARR grew nearly 200% last year.
“We have seen a significant increase in account growth and expansion in existing accounts..largely in part due to the scalability of our digital solution,” CEO Ashley Rose said.
With the success of its escape rooms and gamified training, Living Security’s team then asked themselves how they could make their efforts “more predictable.”
“We added risk management and scoring so program and security owners could become more targeted and focused on the delivery of their training,” Rose said.
So now Living Security aims to use behavioral data and analytics to measure and manage human risk. It plans to take that data and provide “predictive interventions” to employees.
“We’re focused on ‘How do we turn people from our greatest risk, to our greatest assets in cybersecurity?” Rose said. “That’s our big vision for the company.”
With its “Unify” human risk management platform, Living Security wants to provide an even more scalable solution. The company also plans to use its new capital toward expanding its geographic reach and scaling both direct and channel sales efforts.
Currently, Living Security has 55 employees with the goal of having 90 by year’s end.
Deb Walter, director of information security training and awareness at AmerisourceBergen, said she first engaged with Living Security in 2017 when she requested its CyberSecurity Card game.
“I wanted to gamify how I presented training,” she recalls.
Introducing episodic gamification and its “bingeable” content into her training program was a big hit with employees, according to Walter.
“Their new platform is enabling us to deploy an ‘Information security academy’ to encourage associates and contractors to use several modes of training to earn points and track themselves on a leaderboard,” she said.
Updata General Partner Jon Seeber, who is taking a seat on Living Security’s board with the funding, said his firm saw “breakout potential” in the startup’s platform.
“It comes as close as you can to closing the loop between people and the systems on which they’re operating,” he said.
Plus, he said, it does it in a way that avoids the compliance-focused, “check-the-box” mindset that so often dominates employee-focused cybersecurity solutions.