How this fast-growing FinTech company creates a fun culture of security
Stash is a leading subscription platform empowering middle-class Americans to invest and build wealth. The company now counts 300+ employees and more than six million users*. When it came time to select a vendor for employee security awareness training, they wanted to do something different instead of just meeting compliance requirements. In this case study, learn firsthand from Stash’s leadership team about…- Why their security team chose to do something better for employee training beyond checking the box
- How IT and People Operations teams work together to intentionally scale their company culture around cybersecurity
- The importance of having a CEO who will encourage everyone to participate in their training

My job is serious enough—my background is in defense and financial services. As such, it’s always exciting to stretch my creative muscles, and Curricula is a fun, positive way to talk about the important risks that could drastically impact our business.
Rallying the Whole Organization Around Cybersecurity
As a growing company, the leadership team at Stash recognizes that building a culture of security is equally important as building a culture for the whole organization. So when it comes to employee security training, the leadership team is heavily involved to rally the whole company around recognizing the danger of these very real cyber threats. “We’ve found it to be more successful for employees to have positive reinforcement for training,” Gavin said. “Ultimately, that approach is what helps to build a security culture.” One way Stash leverages positivity in creating a culture of security is by integrating Curricula’s cast of characters as part of their company culture. At Stash, we’re making sure everyone knows DeeDee.”
“The first time we used Curricula, DeeDee stuck.”To date, Stash has been using Curricula for security training for two years. The entire company has gone through several training sessions, including watching episodes on phishing, social engineering, passwords, multi-factor authentication, secure browsing, and many more (check out Curricula’s training library here). The infosec team has also used Curricula’s LMS content authoring tool to create their own training modules on AppSec and InfoSec. “We like to use the same eLearning tool that our folks are already familiar with,” Gavin said.
Having Leadership Support Security Training
One secret to Stash’s success with employee training is to have multiple departments involved. Alison Turen is in charge of “all the fun stuff for company morale” and working in tandem with IT and people operations helps to reinforce the importance of security but in a positive way. “We all love DeeDee, and when our CEO started talking her up, everyone wanted to participate,” Alison said. As part of the employee onboarding experience, Stash puts their new hires through an assignment of three (3) training episodes with an intro to cybersecurity, phishing, and social engineering — all starring DeeDee. “DeeDee is a big hit around here—especially for newer team members who just went through the Curricula training during their onboarding,” Steve explained.