The Inside Man is security training like no other. Now in its sixth season, KnowBe4’s Netflix-style security awareness video series boasts a compelling storyline, memorable characters, and, most noticeably, a budget other training providers could only dream of. But does it actually improve customer security postures? KnowBe4 seems to think so.
So, What’s it All About?
The series follows Mark Shepherd, a cybercriminal gone legit, and his friends, colleagues, and love interests as they embark on various cybersecurity-related adventures.
Previous seasons have seen the ‘Good Shepherd Cybersecurity’ team take on a penetration testing job for an international bank, combat a ransomware attack on a global energy company (no prizes for guessing what this one was inspired by), and defend a social media platform from a mysterious threat.
Season 6 is the most ambitious yet, with Mark and his team working to thwart criminal mastermind, Cyrus, in his efforts to harness the power of AI and exert his malevolent influence over global politics. Featuring visual effects, action sequences, and moments of high personal drama, it’s easy to forget you’re watching a cybersecurity awareness training video.
How Does it Educate Users?
For the series creators, The Inside Man’s Value lies less in its focus on specific learning moments, and more in its ability to promote broad themes of cybersecurity awareness.
“As the series has grown,” said Rob McCollum, series writer, “the specific learning issues have become less important than telling the story, but we still try to communicate the overarching idea of not always being able to trust what you see.”
According to Jim Shields, series director, the show has changed how employees view security awareness training. Typically, security teams have to chase staff to complete their training, but, with The Inside Man, employees chase IT teams for the next episode.
“Because fans care about the characters, they want to do security training, instead of avoiding it. That’s a really rare thing. I’ve spoken to CISOs and other administrators who say that, before The Inside Man, they’d never had staff ask for the next training video,” he said.
This increased engagement has apparently paid dividends: according to Sarah Duford, VP of Publisher Support and Courseware PMO at KnowBe4, 20,000 customers have viewed an episode or more and the series as a whole boasts over 20 million completions.
That said, The Inside Man is, at its core, security awareness training, and each episode has a focused brief and is supplemented with learning moments to ensure viewers digest the intended lessons.
“In each episode, a character makes a mistake that leaves them vulnerable. At the end of each episode, the training pauses to highlight this mistake and ensure viewers learn a valuable lesson about cybersecurity,” said McCollum.
Moreover, Rich Leveton, series editor, argues that while the rest of KnowBe4’s training portfolio educates staff on ‘what’ they need to do to protect themselves from cybercrime, The Inside Man series shows them ‘why’ they need to do it.
“[The Inside Man] gives a real visceral insight into what can happen if employees neglect basic cyber hygiene. Obviously, this is on the extreme end of it, but we spoke to our evangelists, our security experts in the company, and it’s all within the realm of possibility.”
KnowBe4 has even expanded on the series, using the “AJ” character, who is a cybersecurity influencer, as a focal point for a cybersecurity awareness campaign.
Where Can You Find It?
The Inside Man is available as part of KnowBe4’s security awareness training offering. For fans of the show, there is also behind the scenes footage, in a series called “Inside The Inside Man.” You can find everything you need to know about the series here.
Josh is a Content writer at Bora. He graduated with a degree in Journalism in 2021 and has a background in cybersecurity PR. He's written on a wide range of topics, from AI to Zero Trust, and is particularly interested in the impacts of cybersecurity on the wider economy.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.