Cybersecurity has become a corporate board-level concern, and with good reason: the frequency and sophistication of cyber-attacks are increasing dramatically and many organizations are unprepared. In a recent study, half of the CEOs surveyed reported their companies are not ready to respond to a hacking incident or data breach. Compounding this challenge, the cybersecurity field faces a global talent shortage of 2 million professionals.
To fill the talent gap, enterprises have responded with advanced technologies and improved processes. They’re leveraging automation, big data, artificial intelligence, orchestration, and “secure by design” or embedded security architectures to make their teams more productive. However, these productivity improvements are not enough to gain an advantage over the attackers. Ultimately, cyber professionals need to be better equipped to effectively use these tools, make effective decisions to defend their organizations, and keep pace with the threat landscape.
The talent shortage creates a vicious circle for organizations―low supply creates a competitive job market, cyber staff are often poached by other firms, organizations continually lose institutional knowledge, and cyber teams are perpetually under-resourced, leading to poor oversight. In this environment, talent development and training often fall by the wayside and there has been little innovation in this space. Organizations typically rely on expensive, infrequent, high-touch training certification programs which cost up to $10,000 per person, or they leverage generic training videos which can be offered to more people but lack dynamic learning.
Immersive Labs, with more than 200 employees and headquarters in Bristol, UK, and Boston, is addressing the global problem of cybersecurity readiness. Its training platform empowers organizations to exercise, evidence, and equip human capabilities across the entire workforce. Individuals and teams can learn everything from how particular malware operates to how to recover from a ransomware attack. Multiple training modules can be combined to create learning pathways relevant to specific roles and a gamified approach helps drive mastery.
Immersive’s training modules also provide its customers with much-needed metrics and transparency. Organizations typically have zero visibility into the cyber knowledge, skills, and judgment of everyone from malware analysts to executive teams, either initially as a baseline or on an ongoing basis. Yet understanding this is a crucial part of using these skills more strategically.
Immersive allows managers to measure and evaluate these skills across the entire workforce. They can then map these skill sets to the security risks facing the organization and use them to inform resource allocation. They’re also able to evaluate their team’s performance over time and appropriately reward high performers.
Immersive is led by founder and CEO James Hadley, who has highly relevant experience in this space, with previous roles as a cybersecurity instructor and researcher at one of the UK’s intelligence organizations. As a result, he’s exceptionally knowledgeable about organizations’ security needs, has first-hand experience training analysts, and possesses a deep understanding of how to engage people in ways that promote learning.
This experience has won Immersive an impressive client roster, which includes the leading vacation rental company, a global healthcare company, and a multinational investment bank. Immersive’s traction helped us validate its highly interactive, gamified, metrics-driven product.
The company continues to expand the scope of its vision to embed cyber skills deeper across the organization, helping enable an important trend: organizations shifting security reviews earlier into the software development lifecycle. By developing security skills across the engineering team, Immersive enables developers to code securely in a project’s earliest phases. Aware of developers’ growing importance within organizations, Immersive is helping organizations “shift left” in a way which doesn’t put the typical drag on security team resources. They also seek to empower executives with live simulations of cyber attacks, so they can test and practice coordinated responses.
Immersive’s demonstrated success, unique leadership, and potential for the future drives our enthusiasm about the company and decision to invest in its Series C round, alongside Insight Partners, Menlo Ventures, and Goldman Sachs.