Transforming Security Culture with a Fully Managed Training Program

By Nitzan Gursky
image February 27, 2022 image 4 MIN READ

CybeReady has attained the number one rank on PeerSpot for security awareness training providers. According to Dmitriy S., PeerSpot member and VP and CSO/CISO at Avid, a US-based technology and multimedia company, the autonomous platform creates an engaging learning experience for employees and enables organizations to run successful and frictionless training. In his PeerSpot review, he reveals why CybeReady is rightfully ranked as the best security awareness training provider.

Dmitriy’s Use Cases

Dmitriy utilizes CybeReady for simulation of phishing campaigns against employees and for built-in micro-training, based on user response. His team also uses CybeReady for telemetry collection to figure out which employees, teams, or locations are riskier than others. “That way, we can deliver some additional human training for those employees or teams, and potentially deploy some mitigating controls in addition to what we normally do,” he commented.

security awareness training providers

Improved Resilience and Security Culture

Since his company started using CybeReady two-plus years ago, the frequency with which employees click on phishing links dropped from 15 or 16 percent – the industry average – to below 7 percent. Dmitriy is also pleased to report the number of high-risk users has gone down by 300 percent.

He explained, “CybeReady has a metric for resiliency, or how many attacks it takes before a user clicks on a phishing-campaign message, on average. Our resiliency has grown from under two campaigns to something above six or seven of them. We’ve improved in triple-digit percentages across the board.”

“The program has definitely changed employee behavior towards cyberattacks,” said Dmitriy. “By any measurement, they’ve drastically improved our cyber resiliency and improved user awareness of the attacks that are out there.” He believes that getting people to think about risk and become more risk-aware is key, as the more people who are aware and the more time they are aware, the safer the company will be.

As he put it, “CybeReady has been very effective in increasing the number of people who think about information security and, for those people, the amount of time they think about it. We haven’t had a single phishing-based incident in the past two and a half years. That’s a testament to something that we’re doing right in that area.”

He also appreciates that people are not only thinking, but conversing about the organization’s security culture. In his view, “The more people talk and think about these things, the more opportunities there are to discuss what should happen, how it should happen, as well as to laugh together at the alerts that people sometimes click on.” 

change employee behavior towards cyberattacks

Simulations that Help Reduce Employee Risk

Dmitriy values CybeReady’s BLAST simulations, which are refreshed on a monthly basis according to what’s going on in the world. He explained, “CybeReady has this uncanny ability to fit its simulations to reality. Every month, they create about 20 different simulations, based on what they see in real-world attacks. That means that these simulated attacks are spot-on for what’s happening in the world.”

He went on to say, “They could be news-related or related to COVID or elections. They might be related to the time of the year, such as taxes or bonus payments. They could be seasonal, like at Christmas when a lot of deliveries are happening and a simulation might be, ‘You have a package coming.’”

The simulations could also be based on threat intelligence. “For example,” he said, “if there are well-known campaigns from bad guys, such as the impersonation of members of the executive team, the simulated attacks are adjusted to start using real names of our executives to attempt to pretend to be them. Their campaigns evolve and they closely match what we do see from real bad guys out there. It might be a bad comparison, but it’s like a virus. It’s evolving to what it’s seeing out there, but in a good way.”

best security awareness training provider

ROI from Week One

Dmitriy saw an almost immediate increase in employees’ security resilience with little effort on the part of his team to make that happen. Dmitriy remarked, “My team dedicates maybe four hours a quarter to maintaining this. The rest of it is done by the tool. We call it ‘automagically.’ There is very little effort on our part, but with a lot of results. All we do at the end, really, is just collect the numbers.”

He continued, “It’s all about ROI [return on investment]. We have seen ROI since week one. It was almost immediate. There is very little effort on our part, but with a lot of results. All we do at the end, really, is just collect the numbers, that’s huge, it’s all about ROI.”

From his perspective, “If we don’t have to spend any time, or very little time, tracking a solution that gives us this kind of a drop, that’s a huge improvement. If we didn’t have this kind of automation and had to do these by hand, it would involve several weeks of prep, as well as continuous tracking.”

Dmitriy’s company wasn’t doing cybersecurity awareness training very much before they started to use CybeReady. However, he does know others who are doing phishing simulations internally, not using a tool, and it requires at least a quarter to half a full-time employee (FTE) to run things. “Using CybeReady results in empirically drastic time savings,” he proclaimed.

ROI from Week One

Dmitriy’s experience is just one of many on PeerSpot that underscore why CybeReady attained the number one ranking on the site. To learn more about what PeerSpot members think about CybeReady, visit >