How this fast-growing FinTech company creates a fun culture of security
Stash is a leading subscription platform empowering middle-class Americans to invest and build wealth. The company now counts 300+ employees and more than six million users*. When it came time to select a vendor for employee security awareness training, they wanted to do something different instead of just meeting compliance requirements. In this case study, learn firsthand from Stash’s leadership team about…- Why their security team chose to do something better for employee training beyond checking the box
- How IT and People Operations teams work together to intentionally scale their company culture around cybersecurity
- The importance of having a CEO who will encourage everyone to participate in their training
My job is serious enough—my background is in defense and financial services. As such, it’s always exciting to stretch my creative muscles, and Curricula is a fun, positive way to talk about the important risks that could drastically impact our business.
Rallying the Whole Organization Around Cybersecurity
As a growing company, the leadership team at Stash recognizes that building a culture of security is equally important as building a culture for the whole organization. So when it comes to employee security training, the leadership team is heavily involved to rally the whole company around recognizing the danger of these very real cyber threats. “We’ve found it to be more successful for employees to have positive reinforcement for training,” Gavin said. “Ultimately, that approach is what helps to build a security culture.” One way Stash leverages positivity in creating a culture of security is by integrating Curricula’s cast of characters as part of their company culture. At Stash, we’re making sure everyone knows DeeDee.” DeeDee is Curricula’s villain hacker who appears in the majority of Curricula’s training episodes, and she’s also the AI behind Curricula’s phishing simulator attempting to phish employees to see who is most likely to give up their credentials. Even the team in charge of security gets excited about employee training. “I’m just an everyday engineer so it’s fun to do this stuff,” said Steve Weintraub, Engineering Lead at Stash.“The first time we used Curricula, DeeDee stuck.”To date, Stash has been using Curricula for security training for two years. The entire company has gone through several training sessions, including watching episodes on phishing, social engineering, passwords, multi-factor authentication, secure browsing, and many more (check out Curricula’s training library here). The infosec team has also used Curricula’s LMS content authoring tool to create their own training modules on AppSec and InfoSec. “We like to use the same eLearning tool that our folks are already familiar with,” Gavin said.