Jelle Wieringa : "We don’t want to force anyone to do cybersecurity training, we want to enable them and motivate them to do it themselves!"
November 2022 by Yelena Jangwa-Nedelec, Global Security Mag
At it-sa 2022, we met with Jelle Wieringa, Security Awareness Advocate at KnowBe4. He talked about how flexible trainings allow anyone, from absolute beginners to cybersecurity experts, to learn how, when and where they want. He emphasized the importance of focusing on understanding the human side of cybersecurity.
Global Security Mag : Can you tell us who KnowBe4 is?
Jelle Wieringa: What we do at KnowBe4 is very simple. We focus on the human aspect in cybersecurity and we’ve been doing it for 12 years. We help users make smarter security decisions, that’s the marketing gap. Our perspective is that, you can buy technology, you can get processes in place but everybody forgets about the human there. Everybody forgets that it’s not the technology that makes the mistake of taking on the email, but it’s the user. And the reason the user does this is because he doesn’t know better, he doesn’t recognize the risk, he’s too busy, he can’t control his own emotions.
We are different to most companies here. We’re not a tech company because for most of our products, we do use technology as a platform to provide the training and to provide the simulated phishing to test that training but we’re far more of a training and psychology company because we combat the manipulation of people. Social engineering is the act of manipulating people. And it’s not binary. Most people think that you’ve got a machine, you switch it on, program it, you’re done. But I can’t program you guys, it doesn’t work that way. So we need a different approach to securing. That is why we added psychology into our products as well.
So we are a training company and as a primary product we have the Kevin Mitnick Security Awareness Training (created by Kevin Mitnick, world renowned author, hacker, computer security consultant and the Chief Hacking Officer of KnowBe4). We create tools to alleviate the pressure on the security team and we do trainings with simulated phishing emails. We try to make people aware of what’s going on in the big world out there and then test their knowledge to see if they can actually apply what they’ve learned in real life. Because it’s no good just teaching you something if don’t really use it. But it’s not the only products we have, we also focus on the human side of compliance, on SOAR (Security Orchestration, Automation, and Response), to help the SOC.
GSM: What is your solution and what are you presenting at it-sa?
Jelle Wieringa:Our platform is a Saas platform. We’ve got a huge library of training. And the thing with training is, it is boring so we try to make it fun, we use a lot of humor, we use a lot of relevancy because in your job, you have different aspects that he does, or me and on top of that, we are also trained in different ways. Maybe you like to play a game to learn something, maybe you like to watch a video. I personally listen to a lot of podcasts, I’m very audio focused so hey, please don’t send me a video to learn, give me some audio to learn and I can listen to it in the car, on my way to work or in my case an airplane, which I spend a lot of time in.
We want to enable people to train when they want, where they want and how they want.
Individualizing that training capability and giving people the power to choose themselves how they want to be trained. We also have different levels going from beginner or basic to very advanced, because even if you’re an expert in cybersecurity, a developer or a programer and you know all about security, you still need to learn too.
We also believe in micro training, that is why we have 5 minutes trainings, or even less than 5 minutes most of the time, to make sure people stay motivated and learn. We try to change the way people see cybersecurity training. We created our own television show, the inside man. It’s with cliffhangers and different storylines and it’s about motivating people to take part in cybersecurity.
GSM: Would you say this motivational approach and this people approach is the strength of KnowBe4?
Jelle Wieringa:It’s definitely one of the strengths. But I think it’s understanding the human and how to deal with humans in cybersecurity. That’s the part that we focus on and then translating that into the training content and onto the platform and in the way we approach security in the organization. Because it’s also about culture, right? We need to build a good security culture in an organization where people are intrinsically motivated to take part in the security. It’s like, if you walk into a hallway and you see some paper on the ground, are you motivated to pick it up without anyone around you? That is the intrasec motivation that we’re looking for. We don’t want to force anyone to do cybersecurity training, we want to enable them and motivate them to do it themselves, that’s what we strive to do as a company.
We focus on enabling users to detect, recognize and mitigate social engineering disguise. We want them to understand when they are at risk and have the right secure behavior afterwards.
GSM: And finally, what is your message for the CISOS and/or our readers?
Jelle Wieringa:I think people understand the value of the human aspect of cybersecurity. But, especially to CISOS, keep at it, it is an important aspect and don’t let yourself be beat down by C level telling you you don’t get budget, keep working at it because it is important.
- Joerg Vollmer, Qualys: it is essential that senior executives can provide the CISO with a clear view of the challenges to be faced
- Ramon Mörl CEO of itWatch: our partnership with Gatewatcher will contribute to the Franco-German agreement in the field of Cybersecurity
- Jean-Noël de GALZAIN, Wallix: autonomy and sovereignty should be integral to cybersecurity choices
- Mike Polatsek, CybeReady: Companies should adopt an APT approach, Advanced Persistent Training
- Hanspeter Karl, Pentera: To mitigate cyberattacks, Pentest is now a must to have !
- Dominique Meurisse, Gatewatcher: European cyber security is no longer a myth and is becoming a reality
- Mirko Bulles, Armis: visibility is the key to security
- SailPoint : "You can only make smart decisions about things you can see."