RSA Conference 2024 | Stu Sjouwerman | KnowBe4 & Tony Pepper | Egress

Clips
News
More from RSA Conference 2024

Stu Sjouwerman

CEO

KnowBe4

Tony Pepper

CEO & Co-founder

Egress Software Technologies

How KnowBe4 prevents phishing through advanced training and AI

Effectively managing the ongoing challenge of social engineering involves implementing security awareness, training, compliance testing and fake phishing to identify vulnerabilities.KnowBe4 Inc. addresses human error in cybersecurity through phishing prevention and implementing security awareness, according to Stu Sjouwerman (pictured, left), founder and chief executive officer of KnowBe4.KnowBe4’s Stu Sjouwerman and Egress Software’s Tony Pepper talk to theCUBE about phishing prevention.“We now have this platform with almost 70,000 customers and 60,000 users,” he said. “We did find that advanced threat actors make it through the old security email gateways that make it through the filters

RSA Conference 2024 goes beyond AI-powered security to securing AI itself

The past week’s RSA Conference 2024 was crowded, buzzy, vibrant and chaotic, underscoring the very nature of the cybersecurity industry.This market has a kind of self-propelling energy with a dynamic that blends tons of money, an ever-present and capable adversary, technical innovation, public policy, geopolitics and a smashing together of the digital and physical worlds. Despite a logical need to consolidate tooling and simplify, organizations find themselves constantly searching for answers to new problems that they face every day, week, month and year

play_circle_outline Addressing the problem of human error in cybersecurity breaches

play_circle_outline Enhancing Security Awareness: Training, Compliance, and Fake Phishing as Catalysts in the Industry, Fueled by KnowBe4's Acquisition of Egress

play_circle_outline The role of AI in detecting and mitigating behavioral-based threats

play_circle_outline The potential of AI to train individuals to recognize and defend against new cyber attacks

Info

Stu Sjouwerman | KnowBe4 & Tony Pepper | Egress

Stu Sjouwerman

CEO KnowBe4

Tony Pepper

CEO & Co-founder Egress Software Technologies

search

>> Welcome back to RSAC 2024. You're watching theCUBE's Continuous Coverage. My name's Dave Vellante. Shelly Kramer is here, as is David Lenticum. We got a really interesting story to share with you. It's a company called KnowBe4. You may have heard of him. Stu Sjouwerman is here. He is the CEO and Tony Pepper is the CEO of Egress, a company that KnowBe4 just recently acquired. KnowBe4 in late 2022, it was announced Vista... They exited the Vista about 4.6 billion. I think it was closed in early 2023. And the premise behind it is the vast majority, let's call it 80% of breaches are based on human error. And so rather than just throwing technology at the problem, KnowBe4 has a really interesting story here. Guys, welcome to theCUBE. Thank you very much-

>> Good to see, Dave.

>> For coming on. So what's the founding premise? You started to tell a story, share that with us. It was fascinating.

>> Just before me was the CTO of CrowdStrike

>> and I was like, "Wow! " We kind of did that similar. I'm an InfoSec guy. We built an AV engine from scratch and we had a couple of million endpoints out there and a whole floor full of tech support people and constant trouble tickets with infected workstations. So I was going, "What on earth is happening? " We did the ask-why-five-times, the Lean Six Sigma approach and ultimately, the root cause of all those penetrations was social engineering. Is the end user letting a bad actor in, clicking on a link, opening up an infected attachment? And so then I looked, "Well, who is doing something about that? " And practically, no one, a few small players way up in the Global 2000. And I said, "Okay, this is a problem that nobody really has been managing. " I don't call it the solution because if you stop doing this, the problem comes back. So this is a great way to manage the ongoing problem of social engineering.

>> Yeah, this being the way you take what I call security awareness and you bring in training, compliance, testing, you do fake phishing to try to fake people out. I know Lena Smart from Mongo does some of this stuff. I don't know if you know Lena.

>> I've heard of her.

>> She's the C-server of Mongo. She says to me, "That's easy.

>> Just don't ever click on a link. " I go, "Well, wait a minute. What if I send you? " She goes, "Well, if I know you, but I still think about it. " And then the other thing that she shares is she takes... You're an InfoSec guy. She takes deep InfoSec people and pairs them up with business people that don't have a clue on cyber and say, "Talk to each other. " And so through that process, both sides get educated. The hardcore InfoSec guys can communicate better instead of in mumbo jumbo acronyms, and then they can also see how uneducated the average business person is and then good things happen. But you have an extremely novel way of humanizing security and you've just made an awesome business out of it. Congratulations.

>> Thank you so much. And it's only the beginning because we now have this platform with almost 70,000 customers and 60,000 users. But we did find that advanced threat actors make it through the old security email gateways that make it through the filters. And you need an ICES, and this is where Tony comes in, that lives and catches those very super sophisticated phishing attacks so you can provide a whole platform and decrease your vendors. This is a recurring theme and I'm sure that Tony can tell you a little bit more about that.

>> Yeah. Tell us about Egress, what the company's founding premise was all about and what the fit is with KnowBe4.

>> Well, the fit's perfect, right, Dave? Every customer we spoke to, every analyst we spoke to, they say the same story. It's not often you see M&A where it's the perfect fit, where you are looking at one of the largest, the largest training company in the world that helps educate, assess, really help build that security culture within an organization. But then when you couple that with a business that is obsessed about ultimately detecting behavioral based threats, and that could be inbound or outbound, and email is still one of those challenges where actually, fundamentally, that's what the threat actors are using. There are other channels, but ultimately, email's really the number one threat that is a real concern. But the threat landscape's changed and now what we see in the world, and you talked about it a second ago, David, the world is struggling with behavioral based threats. The old days of payload-based attacks, they're kind of gone. It's all using highly sophisticated models. Crime as a service is now an industry which you can fire up incredibly sophisticated attacks at low cost and serve them up to the world. So I think we need to move on to a new approach. When you think about combining a platform that uses AI to look for behavioral-based attacks or threats, and when you combine that with a business that's been training more employees in business than anyone in the world and understands how you resonate, how you can connect with an employee business and serve up relevant content, you can build something different that can then personalize that training and couple it with real time threats. Why would I train you, Dave, on something that isn't a threat that you normally see? Why don't we train you on something you received today or yesterday or the week before? I think we've got a personalized content. We've got a personalized training based on real life threat telemetry, but you can't do that if you don't see those attacks. It really is a combination that Stu and I are phenomenally excited about.

>> It's so true what you're saying, Tony.

>> I've said many times, any knucklehead today can be a ransomwarest. I can go in the dark web, ransomware as a service, and if I want to commit a crime, it's not that hard to do. I can get very sophisticated access to very sophisticated techniques, tools, and technology

>> For $50 a month.

>> Yeah, it's so true. This is scary. Okay,

>> so email, obviously, big problem. Now they're going after our text. That's the other same humanizing security, whether it's text, like you said, other channels. Is that a TAM expansion for you?

>> Yeah, of course it is. I mean, this is just the beginning.

>> The advantage of email is if you understand an organization's email and communication patterns, you really have a deep understanding of who you normally communicate to, who's relevant in your universe. It's a key channel, but it's one of many channels. So for us, it's about building out a platform with AI at its core that you can then detect threats, you can mitigate risk, and then you can ultimately join up the dots and actually bring people along with that journey through that security culture that Stu's been so passionate about. And that's the thing that connects us. It's about not demonizing employees in business. It's about taking them on a journey so they're part of that security ecosystem.

>> You want to build a strong security culture and that only gets accomplished by almost real time or near time, this is happening, you get relevant training and you help these people understand what truly is risky behavior, which also helps them stay safe at the house. Very often, after they go through a module, the first thing that comes out of their mouth is, "How do I share this with my family?"

>> Yeah, yeah. I was just thinking the same thing. I want a family culture that's security aware.

>> Yes. Yeah, yeah. Absolutely. Well, we have modules for that.

>> Yeah. Okay.

>> I would love to do a phishing exercise with the family. I'd be embarrassed and afraid to take it, but I do kind of do want to take it because I'm sure you can fake me out.

>> We could. How sophisticated do you go? The trick is to slowly build it up. That is the individualized approach. You started a one-star and you migrate up to two, three, four, five- star level difficulty phishing tests.

>> My face is out there. I do a lot of content and I have some "fans" and sometimes I'll get emails from them saying how much they love the program and they like my weekly analysis and they'll put a link in and I'm like, "Whoa, wait a minute. I'm not touching that. I don't know this person."

>> No.

>> Also, you can be deep faked-

>> Big time.

>> In two minutes. - Speaking of deep fakes,

>> obviously, we should be very concerned about it, more concerned than ever. We had John Chambers on here last year. He was saying he has a startup that's doing detecting voice fake, which I think is pretty good. What are your thoughts on that and the state of fakes these days and how to combat them?

>> Obviously, the same thing is true of any new technology. You can use it for good or for bad. You can use AI to detect deep fakes, but it's the old game of chess; bad actors move first and then you have to counter. It just brings up the whole battle on a whole new level. It's AI against AI, ultimately.

>> I presume you're able to compress that move speed chess. You play speed chess, yes?

>> Yes, we do. With 16 boards.

>> Yeah. Okay.

>> So you had said you're just getting started when we talked earlier.

>> Yeah. I like to just, this is more a fun observation,

>> but walk around in any city in the United States over here, wherever, one to 10 people gets trained by KnowBe4.

>> Really? - Nationwide.

>> There's still nine to go.

>> Yeah, yeah. Okay.

>> You got to look at that, Dave, from a data perspective. If you've got that level of data in the world and you can use that data to train a model to then understand how you detect and prevent some of those advanced attacks. They often say about AI it's like garbage in, garbage out. It's the classic adage. But to be able to deliver something at scale that's truly something different, you need scale data. And that's what's super interesting about, ultimately, a KnowBe4 customer, is if you can take that data, that information you have on how they react to phishing campaigns, how they report, ultimately, the KnowBe4 is the most downloadable Outlook plugin in the Microsoft store. So when you've got that data and you can plug that into a whole series of models, and then you can use that to flip it on its head to then build better detection, which, of course, then is self-trained, then you've got something really different.

>> Yeah, because the attacker's technique is not your customer's IP. Your customer doesn't care if you're sharing that technique to make their competitors even more safe.

>> No, that's all metadata. And we do see huge amounts of attacks coming in. That little button that was just mentioned is indeed the number one installed button in Outlook globally. Most people don't know that either, but Tony was right. Tens of millions of people report those attacks. We see all that and we have a global block list that just filters out that stuff from the get-go, but there's always delays. That's why you need the kind of AI, the adaptive systems that live in the ICS. This is a new term I only recently learned. The internet...

>> Integrated cloud email security.

>> That's a email protocol, right?

>> Integrated cloud

>> email security, but specifically for the three-sixty-fives of this world.

>> Who? - The integrated cloud email security.

>> And that's an open standard?

>> Yeah. Gartner ultimately came up with

>> that in the market guide prior to the Magic Quadrant

>> that's actually imminently due to be announced, bringing back the email security quadrant, which was retired in 2017.

>> Really? - And I think that tells you a story. Back in

>> 2017, ultimately,

>> Gartner retired the secure email gateway quadrant because it felt it was a little bit old hat, had the same old players. Those same players existed for several years after, but it was deemed so mature and not interesting that it was actually retired. Several years ago. They brought back the market guide because lots of new players were starting to come into the market taking a different approach. Imminently, you'll now see a new Gartner market guide for email security, which tells you itself, it's back with a vengeance now because customers are asking, "We've got real challenges, we've got stuff getting through the sec, getting through Microsoft, landing in people's inboxes. They're super complex and they're costing billions of dollars. How do we figure this behavioral-based problem out? " So email security's had a resurgence, I guess, really. And actually, this combination fully intends to capitalize on that.

>> Elon was speaking or being interviewed at the Milken Institute conference that's going on, and he said something to the effect, I forget the timeframe. Let's assume within five years, let's say. Easily, probably knowing Elon, he said next week, but within five years, only 1% of intelligence will be biological human intelligence. 99%'s going to be machine intelligence. So I was like, "Okay." As you guys help humans get more cyber aware, AI could come up with new creative attacks. Are we seeing that? We must be seeing that already.

>> Oh, yeah. - And it's just asymptotic

>> actually, exponential.

>> Exponential. - Yep.

>> Yeah. It is,

>> but the interesting thing is that you can use that same AI

>> to train the people to recognize those. The funny thing is we're coming out with a module, actually, this quarter where the program administrator can say, "I want to create a phishing email with this topic, and the tone needs to be aggressive and it needs to have a picture and two or three more pull downs," and we are generating a custom-made phishing template that they can then send out to their users simply to get those users aware of, "Oh, this is state-of-the-art. Okay."

>> When you started the company, you could have taken a different direction as an InfoSec person, a technologist. You could have said, "I'm going to invent some new technology, plug a hole, sell my company. " I'm really curious. This is such a novel thing. At the time, what was out there at the time? Was it consulting companies doing this type of training and then you created this platform? Or was nobody doing it?

>> In 2010, my startup number four got acquired by Insight Partners. I looked around for a week and I said, "Nobody is addressing this problem. " There were two small companies at that point. One was called Wombat, the other one was called PhishMe. Wombat sold itself to Proofpoint. PhishMe renamed itself to Cofense and is still out there. But what I decided was, if you really ask why five times and you have a correct root cause analysis, this human risk management had never really been addressed. And so we're still in the early stages because there's many millions of organizations out there that need to do this. And so us teaming up makes it much easier to pull that trigger.

>> Had you guys partnered before the acquisition?

>> We had integrated already for it.

>> So that made it really easy to get to market.

>> had really great integration.

>> Two-way, we see their data, they see our data. Well, we like to say it's better together and it's really true.

>> And it's just a line extension to the KnowBe4 platform?

>> Yeah, we fit.

>> Call it another product, but I really like to call it a platform because it all is truly integrated together.

>> Guys, congratulations on such an exciting and creating such an exciting business and getting to the next stage. I wish you the best. Last word, what's happening at RSA for you guys? What's the conversation like? The buzz is here.

>> Everyone is super excited about the

>> merge. Everybody loves it.

>> Yeah. Fantastic. Give you the last word.

>> Same. Every customer, every partner, they just want

>> to know when they can get their hands on it, when we can start getting through our regulatory approvals, which we need to get through. But yeah, the remainder of the year is going to be a real blast.

>> So when do you expect the deal to close?

>> It should be a quick close.

>> This year. - Oh, yeah.

>> For sure. - This year.

>> Lina Khan's not coming after you. Come on. That's not...

>> No. Regulatory, it's UK, it's other countries.

>> Yeah, right. Yeah.

>> Competition Committee has to make sure it's all good,

>> But we expect this to go right.

>> Yeah, yeah. This is all good for this community

>> and the world.

>> So thank you guys. Really appreciate your time.

>> Thanks so much. - Really a pleasure.

>> Thank you. - Okay.

>> All right. Okay. Keep it right there. We'll be back.

>> RSA Conference 2024. You're watching theCUBE.

Stu Sjouwerman | KnowBe4 & Tony Pepper | Egress

search

>> Welcome back to RSAC 2024. You're watching theCUBE's Continuous Coverage. My name's Dave Vellante. Shelly Kramer is here, as is David Lenticum. We got a really interesting story to share with you. It's a company called KnowBe4. You may have heard of him. Stu Sjouwerman is here. He is the CEO and Tony Pepper is the CEO of Egress, a company that KnowBe4 just recently acquired. KnowBe4 in late 2022, it was announced Vista... They exited the Vista about 4.6 billion. I think it was closed in early 2023. And the premise behind it is the vast majority, let's call it 80% of breaches are based on human error. And so rather than just throwing technology at the problem, KnowBe4 has a really interesting story here. Guys, welcome to theCUBE. Thank you very much-

>> Good to see, Dave.

>> For coming on. So what's the founding premise? You started to tell a story, share that with us. It was fascinating.

>> Just before me was the CTO of CrowdStrike

>> and I was like, "Wow! " We kind of did that similar. I'm an InfoSec guy. We built an AV engine from scratch and we had a couple of million endpoints out there and a whole floor full of tech support people and constant trouble tickets with infected workstations. So I was going, "What on earth is happening? " We did the ask-why-five-times, the Lean Six Sigma approach and ultimately, the root cause of all those penetrations was social engineering. Is the end user letting a bad actor in, clicking on a link, opening up an infected attachment? And so then I looked, "Well, who is doing something about that? " And practically, no one, a few small players way up in the Global 2000. And I said, "Okay, this is a problem that nobody really has been managing. " I don't call it the solution because if you stop doing this, the problem comes back. So this is a great way to manage the ongoing problem of social engineering.

>> Yeah, this being the way you take what I call security awareness and you bring in training, compliance, testing, you do fake phishing to try to fake people out. I know Lena Smart from Mongo does some of this stuff. I don't know if you know Lena.

>> I've heard of her.

>> She's the C-server of Mongo. She says to me, "That's easy.

>> Just don't ever click on a link. " I go, "Well, wait a minute. What if I send you? " She goes, "Well, if I know you, but I still think about it. " And then the other thing that she shares is she takes... You're an InfoSec guy. She takes deep InfoSec people and pairs them up with business people that don't have a clue on cyber and say, "Talk to each other. " And so through that process, both sides get educated. The hardcore InfoSec guys can communicate better instead of in mumbo jumbo acronyms, and then they can also see how uneducated the average business person is and then good things happen. But you have an extremely novel way of humanizing security and you've just made an awesome business out of it. Congratulations.

>> Thank you so much. And it's only the beginning because we now have this platform with almost 70,000 customers and 60,000 users. But we did find that advanced threat actors make it through the old security email gateways that make it through the filters. And you need an ICES, and this is where Tony comes in, that lives and catches those very super sophisticated phishing attacks so you can provide a whole platform and decrease your vendors. This is a recurring theme and I'm sure that Tony can tell you a little bit more about that.

>> Yeah. Tell us about Egress, what the company's founding premise was all about and what the fit is with KnowBe4.

>> Well, the fit's perfect, right, Dave? Every customer we spoke to, every analyst we spoke to, they say the same story. It's not often you see M&A where it's the perfect fit, where you are looking at one of the largest, the largest training company in the world that helps educate, assess, really help build that security culture within an organization. But then when you couple that with a business that is obsessed about ultimately detecting behavioral based threats, and that could be inbound or outbound, and email is still one of those challenges where actually, fundamentally, that's what the threat actors are using. There are other channels, but ultimately, email's really the number one threat that is a real concern. But the threat landscape's changed and now what we see in the world, and you talked about it a second ago, David, the world is struggling with behavioral based threats. The old days of payload-based attacks, they're kind of gone. It's all using highly sophisticated models. Crime as a service is now an industry which you can fire up incredibly sophisticated attacks at low cost and serve them up to the world. So I think we need to move on to a new approach. When you think about combining a platform that uses AI to look for behavioral-based attacks or threats, and when you combine that with a business that's been training more employees in business than anyone in the world and understands how you resonate, how you can connect with an employee business and serve up relevant content, you can build something different that can then personalize that training and couple it with real time threats. Why would I train you, Dave, on something that isn't a threat that you normally see? Why don't we train you on something you received today or yesterday or the week before? I think we've got a personalized content. We've got a personalized training based on real life threat telemetry, but you can't do that if you don't see those attacks. It really is a combination that Stu and I are phenomenally excited about.

>> It's so true what you're saying, Tony.

>> I've said many times, any knucklehead today can be a ransomwarest. I can go in the dark web, ransomware as a service, and if I want to commit a crime, it's not that hard to do. I can get very sophisticated access to very sophisticated techniques, tools, and technology

>> For $50 a month.

>> Yeah, it's so true. This is scary. Okay,

>> so email, obviously, big problem. Now they're going after our text. That's the other same humanizing security, whether it's text, like you said, other channels. Is that a TAM expansion for you?

>> Yeah, of course it is. I mean, this is just the beginning.

>> The advantage of email is if you understand an organization's email and communication patterns, you really have a deep understanding of who you normally communicate to, who's relevant in your universe. It's a key channel, but it's one of many channels. So for us, it's about building out a platform with AI at its core that you can then detect threats, you can mitigate risk, and then you can ultimately join up the dots and actually bring people along with that journey through that security culture that Stu's been so passionate about. And that's the thing that connects us. It's about not demonizing employees in business. It's about taking them on a journey so they're part of that security ecosystem.

>> You want to build a strong security culture and that only gets accomplished by almost real time or near time, this is happening, you get relevant training and you help these people understand what truly is risky behavior, which also helps them stay safe at the house. Very often, after they go through a module, the first thing that comes out of their mouth is, "How do I share this with my family?"

>> Yeah, yeah. I was just thinking the same thing. I want a family culture that's security aware.

>> Yes. Yeah, yeah. Absolutely. Well, we have modules for that.

>> Yeah. Okay.

>> I would love to do a phishing exercise with the family. I'd be embarrassed and afraid to take it, but I do kind of do want to take it because I'm sure you can fake me out.

>> We could. How sophisticated do you go? The trick is to slowly build it up. That is the individualized approach. You started a one-star and you migrate up to two, three, four, five- star level difficulty phishing tests.

>> My face is out there. I do a lot of content and I have some "fans" and sometimes I'll get emails from them saying how much they love the program and they like my weekly analysis and they'll put a link in and I'm like, "Whoa, wait a minute. I'm not touching that. I don't know this person."

>> No.

>> Also, you can be deep faked-

>> Big time.

>> In two minutes. - Speaking of deep fakes,

>> obviously, we should be very concerned about it, more concerned than ever. We had John Chambers on here last year. He was saying he has a startup that's doing detecting voice fake, which I think is pretty good. What are your thoughts on that and the state of fakes these days and how to combat them?

>> Obviously, the same thing is true of any new technology. You can use it for good or for bad. You can use AI to detect deep fakes, but it's the old game of chess; bad actors move first and then you have to counter. It just brings up the whole battle on a whole new level. It's AI against AI, ultimately.

>> I presume you're able to compress that move speed chess. You play speed chess, yes?

>> Yes, we do. With 16 boards.

>> Yeah. Okay.

>> So you had said you're just getting started when we talked earlier.

>> Yeah. I like to just, this is more a fun observation,

>> but walk around in any city in the United States over here, wherever, one to 10 people gets trained by KnowBe4.

>> Really? - Nationwide.

>> There's still nine to go.

>> Yeah, yeah. Okay.

>> You got to look at that, Dave, from a data perspective. If you've got that level of data in the world and you can use that data to train a model to then understand how you detect and prevent some of those advanced attacks. They often say about AI it's like garbage in, garbage out. It's the classic adage. But to be able to deliver something at scale that's truly something different, you need scale data. And that's what's super interesting about, ultimately, a KnowBe4 customer, is if you can take that data, that information you have on how they react to phishing campaigns, how they report, ultimately, the KnowBe4 is the most downloadable Outlook plugin in the Microsoft store. So when you've got that data and you can plug that into a whole series of models, and then you can use that to flip it on its head to then build better detection, which, of course, then is self-trained, then you've got something really different.

>> Yeah, because the attacker's technique is not your customer's IP. Your customer doesn't care if you're sharing that technique to make their competitors even more safe.

>> No, that's all metadata. And we do see huge amounts of attacks coming in. That little button that was just mentioned is indeed the number one installed button in Outlook globally. Most people don't know that either, but Tony was right. Tens of millions of people report those attacks. We see all that and we have a global block list that just filters out that stuff from the get-go, but there's always delays. That's why you need the kind of AI, the adaptive systems that live in the ICS. This is a new term I only recently learned. The internet...

>> Integrated cloud email security.

>> That's a email protocol, right?

>> Integrated cloud

>> email security, but specifically for the three-sixty-fives of this world.

>> Who? - The integrated cloud email security.

>> And that's an open standard?

>> Yeah. Gartner ultimately came up with

>> that in the market guide prior to the Magic Quadrant

>> that's actually imminently due to be announced, bringing back the email security quadrant, which was retired in 2017.

>> Really? - And I think that tells you a story. Back in

>> 2017, ultimately,

>> Gartner retired the secure email gateway quadrant because it felt it was a little bit old hat, had the same old players. Those same players existed for several years after, but it was deemed so mature and not interesting that it was actually retired. Several years ago. They brought back the market guide because lots of new players were starting to come into the market taking a different approach. Imminently, you'll now see a new Gartner market guide for email security, which tells you itself, it's back with a vengeance now because customers are asking, "We've got real challenges, we've got stuff getting through the sec, getting through Microsoft, landing in people's inboxes. They're super complex and they're costing billions of dollars. How do we figure this behavioral-based problem out? " So email security's had a resurgence, I guess, really. And actually, this combination fully intends to capitalize on that.

>> Elon was speaking or being interviewed at the Milken Institute conference that's going on, and he said something to the effect, I forget the timeframe. Let's assume within five years, let's say. Easily, probably knowing Elon, he said next week, but within five years, only 1% of intelligence will be biological human intelligence. 99%'s going to be machine intelligence. So I was like, "Okay." As you guys help humans get more cyber aware, AI could come up with new creative attacks. Are we seeing that? We must be seeing that already.

>> Oh, yeah. - And it's just asymptotic

>> actually, exponential.

>> Exponential. - Yep.

>> Yeah. It is,

>> but the interesting thing is that you can use that same AI

>> to train the people to recognize those. The funny thing is we're coming out with a module, actually, this quarter where the program administrator can say, "I want to create a phishing email with this topic, and the tone needs to be aggressive and it needs to have a picture and two or three more pull downs," and we are generating a custom-made phishing template that they can then send out to their users simply to get those users aware of, "Oh, this is state-of-the-art. Okay."

>> When you started the company, you could have taken a different direction as an InfoSec person, a technologist. You could have said, "I'm going to invent some new technology, plug a hole, sell my company. " I'm really curious. This is such a novel thing. At the time, what was out there at the time? Was it consulting companies doing this type of training and then you created this platform? Or was nobody doing it?

>> In 2010, my startup number four got acquired by Insight Partners. I looked around for a week and I said, "Nobody is addressing this problem. " There were two small companies at that point. One was called Wombat, the other one was called PhishMe. Wombat sold itself to Proofpoint. PhishMe renamed itself to Cofense and is still out there. But what I decided was, if you really ask why five times and you have a correct root cause analysis, this human risk management had never really been addressed. And so we're still in the early stages because there's many millions of organizations out there that need to do this. And so us teaming up makes it much easier to pull that trigger.

>> Had you guys partnered before the acquisition?

>> We had integrated already for it.

>> So that made it really easy to get to market.

>> had really great integration.

>> Two-way, we see their data, they see our data. Well, we like to say it's better together and it's really true.

>> And it's just a line extension to the KnowBe4 platform?

>> Yeah, we fit.

>> Call it another product, but I really like to call it a platform because it all is truly integrated together.

>> Guys, congratulations on such an exciting and creating such an exciting business and getting to the next stage. I wish you the best. Last word, what's happening at RSA for you guys? What's the conversation like? The buzz is here.

>> Everyone is super excited about the

>> merge. Everybody loves it.

>> Yeah. Fantastic. Give you the last word.

>> Same. Every customer, every partner, they just want

>> to know when they can get their hands on it, when we can start getting through our regulatory approvals, which we need to get through. But yeah, the remainder of the year is going to be a real blast.

>> So when do you expect the deal to close?

>> It should be a quick close.

>> This year. - Oh, yeah.

>> For sure. - This year.

>> Lina Khan's not coming after you. Come on. That's not...

>> No. Regulatory, it's UK, it's other countries.

>> Yeah, right. Yeah.

>> Competition Committee has to make sure it's all good,

>> But we expect this to go right.

>> Yeah, yeah. This is all good for this community

>> and the world.

>> So thank you guys. Really appreciate your time.

>> Thanks so much. - Really a pleasure.

>> Thank you. - Okay.

>> All right. Okay. Keep it right there. We'll be back.

>> RSA Conference 2024. You're watching theCUBE.