Cybersecurity is a never-ending threat, but the biggest risk to an organization can also sprout from its most trusted asset — the employees. 

BrightWise, a new company born out of collaboration between West Des Moines-based Affiliates Management Co. and Montana-based LMG Security, is meant to mitigate those risks. CEO Sherri Davidoff, who is also CEO of LMG Security, and COO Corey Skadburg, formerly of Affiliates Management, focus BrightWise on producing creative, short online training courses that can accommodate cybersecurity training at all company levels.

After recently presenting at the Monetery Tech Summit in May, Davidoff spoke to innovationIOWA about the challenges that cybersecurity training presents. 

Can you tell us about BrightWise? 

The concept of BrightWise — the short little training videos to educate people about cybersecurity — that has been in the works for many years. Over the past two decades criminals have gotten very savvy, and they’ve learned that they can target individuals in order to get a foothold inside your organization. That was a big shift over the past couple decades that we saw. As a cybersecurity professional, I can tell you that we’ve seen best practices really mature and evolve in terms of how to lock down your organization. But it still remains that the human is the weakest link, so we’ve just had tons of training requests over the years. 

We were partners with the Iowa Credit Union League to help serve the credit unions, and of course training was a big issue that kept coming up. So first we talked to them about maybe producing a white paper together. Then we thought, you know, how can we bring even more value to our local community? And we realized that we could spin up a portal and offer these training videos through the portal, and that would bring far more value than a simple paper or other written document that would go out. That’s the goal, is to protect our organizations — everything from small to midsized to large organizations, and help them to resist cyberattacks that target individuals. 

Are small and midsized organizations prepared to hand threats? 

I feel that they often are left out of cybersecurity offerings, because so many other [cybersecurity] companies are just looking for that big payout. We are very community-focused. … LMG has a lot in common with the Iowa communities that we serve. We’re very focused on people. You know, we’re based out of Missoula, Mont., and we recognize that our small businesses and our midsized businesses really make up the backbone of our communities. We certainly don’t intend to overlook the large ones, but we want to be sure to serve the small and midsized ones. 

What are the training needs for these organizations? How much experience do staff at smaller organizations tend to have with cybersecurity? 

Cybersecurity is a specialty, so large organizations are able to spin up a dedicated cybersecurity team. But without that, businesses can struggle, and that’s where you really need to outsource. Our goal with the training is to make it accessible to businesses and nonprofits and government agencies of all sizes, because everybody needs training. We also can provide customization, so that it fits the needs of … these different types of organizations. 

I think the on-demand online format makes it very, very accessible. We studied adult education best practices. We find that this is best absorbed in small, bite-sized pieces. So you can watch a five-minute video at lunch or while you’re on the go, take your little quiz, and you’re done and you’re educated. 

Making it really convenient is perhaps the most important thing for us. Ten years ago, to provide cybersecurity training you’d have to get everybody all in the room at the same time. … In the modern world, you have to be able to provide training on the go in these short, easy snippets. 

We need to innovate. The cybercriminals are innovating, and so we need to innovate our responses. So we’re always coming out with new videos, and we need to be able to update our communities. Small businesses do not have the time to be spinning up all this training by themselves; they really need to rely on an outside provider and an outsourced provider. If we can do this all at once … then it really scales, and everybody wins. 

How are organizations getting hacked? 

Over and over again, people are getting hacked in the same ways. They’re getting hacked because someone’s clicking on a link in a phishing email. They’re getting hacked because somebody has a weak password. … It comes down to training the individuals in order to reduce your risk of a cybersecurity incident or data breach. 

How was LMG connected with Affiliates Management Co.? 

We started working with Policy Works, which is a branch of Affiliates Management Co., several years ago. We jointly worked together to serve the needs of Iowa credit unions, and then as our partnership grew … we again saw that there was a lot of cultural similarity, and ultimately felt that BrightWise and the training videos were a really great way to bring value to Iowa credit unions.

So much more has grown out of it because BrightWise is available not just for Iowa credit unions, but for organizations all over the country now. 

How does your background and COO Corey Skadburg’s background serve BrightWise at the start of this company? 

Corey and I have very complementary skills. I’m obviously a geek and I have to do a lot of speaking and presenting, and I bring the cybersecurity specialization to our company, because that’s what I do. Then Corey comes to us from the financial sector. He has a lot of experience in operations and day-to-day management. So he’s ensuring that the i’s are dotted and the t’s are crossed, and that things are getting done, so it’s really been a great collaboration. 

I have loved working in Iowa; I feel like we have a lot of cultural similarities. Iowa is very supportive of small businesses and community-focused organizations. I believe in the mission of so many organizations that we work with, so that’s nice to have been able to build those relationships. Iowa also has a very strong cybersecurity program at Iowa State [University], and a very active cybersecurity community. … I have been really impressed to learn about how much high-tech innovation there is in the state right now. I feel like we just fit right in, and it’s been a pleasure to work with the community.