CIO Bulletin

NINJIO is a cybersecurity solution that changes people’s behavior through engaging, emotionally-driven storytelling and data analysis.

Cybercrime is rising, and the cost of data breaches is increasing with it. The threat has become part of modern business, pushing cybersecurity as a top priority for organizations of any size and across any industry. According to ConnectWise, the US is the most prominent target market. Every business sector and company size experiences cyberattacks, from manufacturing and transportation to finance and retail.

In four of every five data breaches, cybercriminals exploit the human element to gain system access. And they have every motivation to continue to use tried-and-true techniques to compromise people while embracing new technologies to increase the efficiency and effectiveness of their attacks.

It is crucial to equip your staff with the tools they need to recognize cyberattacks that seek to steal sensitive data and harm your business.

NINJIO provides an all-in-one cybersecurity awareness training and simulated phishing solution, enabling people and organizations to protect themselves from online threats better. By leveraging a library of engaging micro-learning videos focusing on attack vectors and behavioral vulnerabilities, they serve as the first line of defense against today’s increasingly sophisticated cybercriminals by educating businesses, employees, and families on how to avoid hacking.

Through compelling, emotionally charged storytelling crafted by Hollywood screenwriters, NINIJIO works with some of the world’s most sophisticated companies and has altered millions of people’s behavior. Their promise? There won’t be any more tedious lectures on cybersecurity awareness.

CIO Bulletin recently spoke with Dr. Shaun McAlmont, CEO of NINJIO Cybersecurity Awareness Training. The following are excerpts from that conversation.

Q. What is the history of the company, and why NINJIO?

NINJIO began in 2016 as the brainchild of its founder, Zack Schuler. Zack founded and ran an MSP business and found that his clients suffered data breaches, regardless of his team’s technical cybersecurity solutions. Generally, it happened because of human error. When looking for a relevant solution to curb risky behavior, he only found low-engagement options more geared to “checking a box” on a cybersecurity to-do list than engaging, educating, and changing user behavior.

After selling his MSP business, Zack decided to fix the problem by connecting with an old friend working as a scriptwriter

for shows including CSI: NY and Hawaii 5.0. They developed genuinely engaging stories to teach people about cybersecurity topics and partnered with an up-and-coming animator to create the first season of NINJIO.

NINJIO succeeded because it had a solid product-market fit, plugging a known cybersecurity awareness training (CSAT) ecosystem gap.

Zack grew the business and sold it to a private equity group that invests heavily in product and business growth. He’s still an equity partner and board member. I joined as CEO and President in 2022, bringing experience as a leader at the intersection of workplace education and technology.

Early in my tenure, NINJIO acquired Dcoya, a leading Israel-based simulated phishing company. By integrating their technology, NINJIO launched a new comprehensive CSAT solution in June 2023 that incorporates NINJIO’s flagship AWARE training with the new NINJIO PHISH3D simulated phishing platform and a never-before-seen training approach called NINJIO SENSE, which delivers personalized training based on the fundamental social engineering tactics hackers use to manipulate end users.

Q. How do you differentiate NINJIO AWARE from NINJIO SENSE?

NINJIO AWARE teaches people what a hack looks like. It features 3 to 4-minute episodes based on real breaches and developed and delivered monthly. The series uses Hollywood-style storytelling and animation to bring these latest hacks to life. These highly engaging episodes grab viewers’ attention and show how employees can avoid similar attempts.

NINJIO SENSE teaches people what a hack feels like. It consists of one-minute episodes that are also delivered monthly. The animated, character-driven episodes focus on one of seven core emotions hackers exploit during social engineering attacks. These core emotional vulnerabilities, such as curiosity, fear, urgency, obedience, opportunity, craving, and sociality, are brought to life through a commonly used attack vector to demonstrate how these emotions are weaponized. Users learn to stop and use critical thinking when feeling any of these emotions and build intuition around cybersecurity.

When used in tandem, NINJIO AWARE and NINJIO SENSE impart knowledge and intuition, fostering the development of secure behaviors and a culture of cybersecurity.

Q. What are you updating within your solution?

NINJIO just launched our all-in-one platform that manages all the AWARE and SENSE training, PHISH3D simulated phishing, ALERT suspected phish reporting, and administrative tools to understand how the program improves human-based cybersecurity. In addition to many features that make administering a simulated phishing campaign easy, the platform allows for the personalization of simulations based on understanding each person’s strengths in spotting, avoiding, and reporting suspected phishing emails and areas of personal susceptibility. Simulations based on the kind of attack vector, the emotional vulnerability used, and the skill of the person being tested combine to make everyone stronger regarding cybersecurity.

Our new NINJIO Risk Algorithm uses data from simulated phishing campaigns to provide individual assessments and prescribe NINJIO SENSE and other training to individual users. This level of personalization allows for more engagement and more substantial security outcomes.

The platform offers the sophisticated tools and ease of use requested by the industry.

Q. What response did you receive after releasing episodes on the latest threats and breaches?

Our episodes are always well received by our millions of end users. We commonly receive feedback on new episodes commenting on the attack vector, the professional voice actors (like Stacy Keech, Jon Lovitz, Robert Davi, Tea Leoni, Joey Lawrence, and many more), and the exciting animation.

One response that stands out is a recent episode about a novel hacking attempt involving QR code restaurant menus. When restaurants determined that limiting touch was an important defense against passing germs and began using QR code-based menus, enterprising hackers found ways to exploit this new approach.

Our episode “To Scan or Not to Scan” highlighted this recent attack vector and shocked many viewers. We continue receiving feedback like “I would NEVER have thought of that as a danger.” This kind of simple demonstration of why awareness is CSAT must be topical, and when it is, users engage with it and apply the lessons.

Q. NINJIO is the only solution to be named Customer’s Choice in Gartner Peer Insights’ “Voice of the Customer” for four years in a row. What do you think led to that achievement?

A core tenet of NINJIO is customer success because we are a 100% customer-focused business. We ask for feedback with every customer interaction and use that to build a more robust customer success program. When Gartner’s Peer Insights report first named us “Voice of the Customer” five years ago, we were thrilled to see that all our work was understood and appreciated. When we continued to be named “Customer’s Choice” year after year, it validated that the industry loved our products and process. We are very proud to be the only CSAT vendor named “Voice of the Customer” in the last four years.

For their CSAT program to be successful, we know that consistency of delivery is essential from the very first conversations through the exclusive partnership with our customers.

Q. How will the business landscape change in the coming years?

Unfortunately, we see breach opportunities in our sector growing. Professionalized and nation-state hacking enterprises are a fact of modern business. Their sophistication and the chance to extract payments from underprepared companies increase opportunity.

The ever-evolving nature of cyberattacks against people leaves traditional CSAT programs that are not based on the latest attack vectors and do not educate about core emotional manipulations lacking. CSAT companies that can pivot quickly to changing needs must adequately instruct and change behavior.

Filling the gaps in cybersecurity awareness with quality solutions

Dr. Shaun McAlmont is CEO and President of NINJIO Cybersecurity Awareness Training and is one of the nation’s leading education and training executives. Before NINJIO, he served as President of Career and Workforce Training at Stride, Inc. He had a decade-long tenure at Lincoln Educational Services, where he was President and CEO. He was CEO of Neumont College of Computer Science.

Early student development roles at Stanford and Brigham Young Universities support his workforce and ed tech experience. He is a former NCAA and international athlete and serves on the BorgWarner and Lee Enterprises boards of directors. He earned his doctoral degree in higher education with distinction from the University of Pennsylvania, a master’s degree from the University of San Francisco, and his bachelor’s degree from Brigham Young University.