Intelligent CISO Issue 40 - Page 44

industry unlocked


Pedro Borracha , Head of Information Security at Depop , discusses the fashion marketplace company ’ s need for security awareness training within the workforce , and tells us about how KnowBe4 is now very much embedded into Depop ’ s cybersecurity maturity roadmap .
ounded in 2011 ,


Depop is a peer-topeer , global fashion marketplace with over 27 million users buying , selling and connecting . Headquartered in London , the company has over 300 employees and has offices in the UK , Australia and the US , specifically New York and Los Angeles . The mobile app adopts a layout similar to social media and encourages individuals to sell and buy unwanted items ; endeavouring to make fashion more sustainable .
Getting the ball rolling
When Pedro Borracha , Head of Information Security at Depop , first joined the company in July 2020 to build the company ’ s informational security team , he spent his first three months investigating Depop ’ s security posture .
He ran penetration tests , conducted security assessments of Depop ’ s cloud environment and organised a thorough audit with PwC .
On the back of this audit , Borracha needed to create a roadmap and it became clear that security awareness training , as well as the documentation of policies and procedures , were top priority .
Unfortunately , he also had to contend with an extremely busy workforce as most employees felt they did not have sufficient time to dedicate to security awareness training . He needed help transforming this mindset and reinforcing the idea that cybersecurity is everyone ’ s responsibility . He needed the business to understand that cybersecurity training should be undertaken as part of employees ’ job roles during business hours .
Selecting a vendor
Borracha was familiar with KnowBe4 , having successfully implemented the training at a former company . Nevertheless , he decided to do his due diligence and assess other options prior to committing . However , he quickly found that KnowBe4 offered , by far , the best option .
KnowBe4 particularly excelled on two fronts : user experience and an unmatched repository of training materials and phishing templates .
“ I tried to think , not as an admin of the platform , but as a user , and everything was clear ,” said Borracha . “ The user experience and interface are second to none and I can say this because I ' ve looked at all the competitors . The second thing is the ModStore . The amount of material that we have access to and can distribute for training is again , second to none .”
While in the beginning , general training modules were issued to everyone , this has now evolved , becoming customised to roles and departments .
“ With the plethora of training available , we can customise to the needs of each department ,” continued Borracha . “ As far as I know , KnowBe4 is the only company that has so much choice that you can nitpick exactly what you want for each team – and we have a lot of teams .”
By simply leveraging KnowBe4 ’ s filter function , Borracha and his team of three can nail down exactly what they need – length of video , subject matter , whether the modules are interactive or not etc . – in a matter of seconds . The same can be said about KnowBe4 ’ s simulated phishing feature ; everything from who and when someone gets a phishing email , to how it looks , can be fully tailored to their needs .
Time to make an effort , not an excuse
Since using KnowBe4 , the company mindset on security awareness training – and cybersecurity more generally – has
44 www . intelligentciso . com