Newstex publishers' stories: Craig Taylor of CyberHoot

An interview with Craig Taylor.

Table of Contents

The basics

Can you start by introducing yourself and your company?

Craig Taylor of CyberHoot: Sure. I'm Craig Taylor, co-founder of CyberHoot. We teach people cyber literacy. It's the easiest way to understand what we do. You all have heard of computer literacy, the ability to operate a keyboard, a mouse, a calendar, and email. But can you do those things securely, safely, and confidently? That's where we find a lot of people aren't as comfortable as they need to be. We use literacy very carefully because it's not good to be illiterate with reading. For example, it's no good to be illiterate with cyber. You can put yourself personally and your company at grave risk just by clicking on a wrong email link or something that you're not aware of. And so our company is designed to bring a positive educational, fun experience to learning cyber literacy.

That's great, teaching people that probably don't know a lot about cybersecurity or technology or stuff like that in an easy way.

Craig Taylor: Many of our competitors out there are doing the same thing, teaching cyber literacy. But the big difference between us and them is the positive reinforcement approach that we use. Too often, companies are using attack emails that trick their users into clicking on links they shouldn't, and they're punished with a slap of the wrist and off they go to more training videos. We don't believe in that negative reinforcement approach at all. My background, 28 years ago, was a degree in psychology, and I've been in cybersecurity ever since. But 10 years ago, I founded CyberHoot to bring the psychology of how people learn best–operant conditioning, positive reinforcement theories–to the industry of cyber literacy. We find, you know, our videos are very highly rated, and our phishing exercises are likewise highly rated. And so end users aren't punished on our platform. They're actually rewarded for completing assignments. They get certificates of completion. They have an avatar owl that they grow in more and more defensive postures as they complete assignments. We've tried our very best to make it fun, enjoyable, short, because people don't have much time to do these things. And we're very successful. I think we have 45,000 users in the system now. It's growing like crazy.

Marketing strategies

Could you please tell us about your marketing strategies and how content production fits in here?

Craig Taylor: Yes, we have self-funded our company at CyberHoot. We don't have deep pockets from venture capitalists, so we have to do things ourselves, and that includes marketing and sales. A long time ago, we realized that if we give knowledge to the public through a blog article, through a newsletter, or through our infographics (which are free off of our website), we create this awareness and knowledge for free. It's a win-win scenario for the end user who learns something. But maybe they bring us to their corporate IT department or to their managed service provider. And they say “this is a really interesting company.” They have this positive reinforcement model. It's free for anyone to try for 30 days. There's no contract requirement. So by giving this knowledge, these blog articles to Newstex to syndicate, we're getting our message out there to the internet community and hopefully, you know, what goes out there comes back around and helps with sign-ups to our company.

How long ago did you launch your blog? And can you tell us a little bit about the challenges when launching this CyberHoot blog?

Craig Taylor: Yes, we launched our blog probably seven years ago. We've been blogging once a week ever since, and we blog about emerging threats. So, for example, over a year ago, we started talking about artificial intelligence in our blog. What is it? Is it safe to use? What should I be worried about when I'm using ChatGPT or some other product? How can I best leverage it without putting my company at risk? How might hackers use artificial intelligence against us? And there are many, many I could go into detail, but you can go visit the CyberHoot blog at cyberhoot.com/blog or read it through Newstex.

Do you remember any challenges in building the blog? For example, how were you going to find writers? 

Craig Taylor: We hired an intern who had a degree in criminology of all things, not cybersecurity. And we would, I remember to this day we would get together twice a week, once to pick an article topic to write about, and then once to review the article the intern wrote. You see, this individual really wanted to get into cybersecurity, and as part of his education, we would pick topics that covered critical topics in cybersecurity, either emerging threats or foundational ideas about the internet. It could be email security, it could be DNS or domain name service security. But we would cover a large portion of different topics, and he would have to research and write the blog articles. Fortunately, we were founded by a developer company, and they could produce all of the infrastructure for WordPress to write the articles, to review the articles, to make sure we had short sentences and all of the things that lead to good SEO. But that was a very difficult process too. There's ratings for how readable your blog article is, and we were constantly [rated] red. And we're like, “how is this not readable?” It makes sense to us, but it doesn't follow the SEO of short sentences, the proper level of education, and the words that we're using–things of that nature. So there was a very difficult and long process to get better at writing. Today, we just published an article an hour ago about the SaaS Kill Chain, which probably doesn't mean anything to most people. But it's a topic in cybersecurity for IT professionals to know about because attacks are changing from on-premise attack kill chains to in-the-cloud kill chains. How hackers hack us. And by reading an article, you will learn different strategies to protect your company from these things. But our first attempt was [rated] green on our readability scores. So we've come a long, long way.

And do you still have the same intern writing the articles?

Craig Taylor: No, we don't. What's funny is he became a full-time employee and he lasted about two years. And then another company that is much bigger with deeper pockets snapped him up from us and we let him go because it was a great opportunity for him. We are here to make everyone better one way or another. And we were able to educate this individual and then release him from the nest. To quote our CyberHoot, you know, he flew from the nest and off he went, and he's now very successful in what he does. But we have more interns now helping us write articles, and we're teaching them along the way. It's a great exercise. So, yeah, that's been our blog adventure for the last seven years is teaching people different topics and sharing that knowledge and research with the world.

Do you pick the topics based on what is trending right now?

Craig Taylor: Yes, but in terms of cybersecurity, there are new attacks, new ways that hackers are trying to circumvent security, to steal our data, to break into our computers, our networks, and our applications, and what we should be doing as companies to prevent that. What's funny though, is the more we study this problem, the more we realize the attacks remain mostly the same. Back in 2008, 20 years ago almost, the attacks were phishing emails and weak passwords, and today it's the same phishing emails and weak passwords or no multi-factor authentication into the computers, networks, and applications we use now. It used to be that the applications were in our offices on servers that our IT department managed. Now they live in the cloud. It used to be that we had long passwords that were eight or nine characters long. Now the passwords are 14-15 characters in length and they need to be stored in a password manager. So some of the methods of protecting and using things have changed, and the attacks, they just become more and more prevalent, more damaging, and more impactful when they're successful.

The beautiful part of cybersecurity is, it's not rocket science. There are very simple things you need to learn. And by the way, CyberHoot gives our best training videos and a phishing simulation for free to individuals. All you have to do is go cyberhoot.com/individuals and you will be able to sign up for free for our basic program.

Choosing syndication

Was syndicating your company a strategy you ever thought of before hearing from Newstex?

Craig: It wasn't. I didn't know that you could do this. I was really excited to find out that a company like Newstex was available because we had this message and we had this educational solution that we would put out every week almost without fail. Like the post office, you know, wind, rain, snow, we did not stop. We always published once a week, but we didn't have a lot of listeners or people that would watch or read the article. And so having an ability to syndicate it through Newstex was a wonderful opportunity for us to earn a little bit of income on the side. But also to share our message and hopefully bring people for the free training, but also the risk-free trials of our product. So it's been a win-win for everyone, a win for the end person reading the blog, a win for Newstex to have good content in the cybersecurity space, and a win for CyberHoot to have our message shared with the world.

Illustration of colorful books on a shelf against a dark background.