How HacWare’s Tiffany Ricks Uses AI to Keep Companies Secure
The Transparent Collective alum on transforming cyber security through automation and personalization
By Jessen O’Brien
The biggest cyber security vulnerability companies face isn’t an unpatched OS or poorly configured firewall. It’s their employees, who could unwittingly click on a link that lets a bad actor into their system.
This is the realization that led Tiffany Ricks to create HacWare, an AI-driven platform that trains employees to recognize these kinds of attacks by sending them highly personalized and realistic phishing simulations.
“We often hear from our partners that it’s not just their employees but also their security teams who can’t tell if our phishing simulations are real or fake,” says Tiffany. “The only way to tell is by putting the message in a sandbox so that they can safely click on the link and see who it’s from.”
We sat down with Tiffany to learn more about how HacWare helps strengthen security, what advice she has for other minority founders, and what drew to join Transparent Collective.
How did HacWare get started?
I was working with one of the Department of Defense’s largest defense contractors, L3 Technologies, and moved into doing ethical hacking for them. I was trying to understand how a hacker could break into their systems so that they could be better defended.
After I left, I decided to build a consultancy that would show companies how bad actors could get in. While working with companies of all sizes around the United States, I saw that it’s always people who make it easy to gain access to systems through phishing and social engineering.
I built a tool that could automate trying to hack into these systems through phishing emails. But then I realized it would be a great product to help companies really understand how their people could be targeted through phishing emails and train their employees to recognize those kinds of attacks.
What does HacWare do?
HacWare is an automated security awareness platform and training tool. Basically, we’re an AI-driven platform that learns from phishing threats that are currently happening and uses them to create simulations to train employees so that they won’t fall for phishing schemes.
What sets HacWare apart from its competitors?
With other platforms, you have to decide who’s going to get the test and when; then you have to build the test and decide what’s going to be said in each message.
Our platform requires 40% less labor time than any of our competitors. It takes only 10 minutes to deploy, then it starts automatically scheduling personalized training for employees. It’s also personalized. It sees who employees are connected to on their social media accounts so it can try to impersonate someone they know.
Another thing that sets HacWare apart is that our training is three minutes or less — versus our competitors’ videos, which are often 30 minutes to an hour long — and it isn’t boring. We have an animator who creates this content, which is often funny videos based off of real things that have happened.
The last thing that sets HacWare apart is that we have an API that can integrate with the other cyber security products. For example, it might get an alert that a user is transferring a lot of data outside of the organization. Without our platform, someone from a security team would have to review the data, reach out to the HR team, and ask them to contact the employee and train them on data privacy rules. But when our platform is connected with that solution, it can automatically send the user an email with the company policy and a video of best practices. We’re really trying to automate some of these cumbersome tasks and send training at the right time so it can be most effective.
Can you share a story that illustrates the impact HacWare has been able to have on the organizations that use it?
One of our partners is a large IT service provider in the Midwest with about $100M in revenue. They were using another product before which required a dedicated admin to spend 40 hours a week on it. After switching over to our platform, the admin only needs an hour a month to pull reports because the platform does everything else for them. That doesn’t just save the company labor time; it also means that the security team can tackle other tasks.
What impact has working with Transparent Collective had on HacWare?
I’m a serial entrepreneur. This is my fourth company, but the first one that is venture-backed. Every other one was bootstrapped because I didn’t understand how to fundraise.
Then a friend told me about Transparent Collective. Originally, I thought, ‘I don’t need another mentoring program. I need access to capital.’
But Transparent Collective isn’t a waste of time. In the short amount of time that you’re a part of it, you gain so much knowledge on how to position your business and meet so many founders who are rock stars and will give you advice that will help you grow and scale your business. It’s a fantastic community and great opportunity.
What difference does having that access to capital make to your company?
It’s amazing. When you’re bootstrapping, you have to move slower because your revenu determines whether or not you can invest back in the company. Can you keep someone employed for 12 months? Can you pay for benefits?
When you’re backed by investors, you can decide to focus on growth instead of being revenue positive — so you can go ahead and hire the people you need to get a product done faster which will unlock a new pipeline that allows you to become a revenue positive company. So it’s a path to faster growth.
Why do you believe that Transparent Collective’s mission is so important?
After the unfortunate passing of George Floyd, there was a lot of interest in trying to figure out how to address the fact that there are minority-owned businesses that are brilliant and excellent, but need access to capital. There was a lot of visibility, which is great, but now we need to actually do the work.
We need organizations like Transparent Collective that give minority founders a playbook so that they can access capital and be competitive. We need to know how to actually fundraise. And we need to do so in a way that’s a little different — and that’s a piece that a lot of other accelerators and programs don’t understand.
For example, in your deck, you have to start off with why you’re the expert in this space and why you are different from anyone else out there. You have to establish your credibility upfront. You have to make it really easy for these investors to say yes.
What advice do you have for other minority founders?
I used to think I needed to do whatever I could to convince investors to want to back me. Now, I’ve decided I’m going to build a company that is scalable with or without them. I decide when I want to fundraise and who I want to let into my round. I’m allowing them to be a part of my organization.
In other words: Let’s put more value on our business and less on getting investors onboard. Because if you build something valuable, you’re going to attract great partners who will come to you.
What’s next for HacWare?
It’s Cyber Security Awareness month, so we’re giving $5,000 to a couple of charities, including Girls Who Code and Hackers for Vets.
We’re also going to improve our AI-driven product. We’re expanding our training to have live actors. We’re also integrating with other platforms in the insurance and HR space, which we’ll announce in the future. And we’re continuing to aggressively hire.