Ask Curricula's Nick Santora Almost Anything (AMAA)

  • 29 September 2022
  • 1 reply

Userlevel 4
Badge +5

Welcome to the Cybersecurity Awareness Month edition of Ask Me Almost Anything (AMAA). This round we have a special guest who is more than capable of fielding your yearning questions about security awareness, Curricula Founder and Huntress General Manager Nick Santora!

To get us started, we have a rhetorical question for each of you: What is Cybersecurity Awareness Month?

Since 2004, the President of the United States and Congress have declared October to be Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more commonplace.

And for those of you new to AMAAs, here’s the scoop:

AMAAs or Ask Me Almost Anything is designed to connect you with thought leaders, cybersecurity and compliance experts, IT practitioners, DevOps pros, and other awesome people in our industry.

  1. Submit your question (please keep it professional)
  2. We’ll curate your questions and chat with Kelli
  3. The recorded AMAA will be shared back to the community blog
  4. Easy as 1, 2, 3!

Learn more about Nick.

1 reply

Userlevel 4
Badge +5

Here are the questions we’ve captured for Nick:


  • Prior to founding Curricula, you worked through IT and InfoSec roles. Did your previous experiences with awareness training result in the spark that led you to create your own company and platform?
  • Word has it that you met your co-founder and CTO when you were kids. That’s a rare achievement in itself, but how did that relationship spur into a business together?
  • You also hold a few infosec certs. Do you recommend others getting these? What other resources would you recommend budding cybersecurity professionals look into?
  • Can you tell us the story of DeeDee and how she came to be? At Drata whenever we see something suspicious, it’s usually met with a DeeDee emoji.

Security Awareness

  • Let’s get to the real focal point of this AMAA, security awareness. This can come in many flavors, but if you had to explain the concept of cybersecurity awareness, how would you define it?
  • Besides obviously working with a solution like Curricula, what are some small steps businesses can take to drive awareness?
  • Should all employees get the same kind of training, or does it make sense to add additional layers based on their access levels? Is there value in creating training that is relatable to different scenarios (Curricula does a good job of being relevant to today)?
  • If you look at compliance requirements, usually there is a limited window or frequency that is required of businesses to supply training to employees/users. Do you feel this is sufficient or is there another take on how often training should be conducted?
  • Phishing simulations are another bridge between training and keeping people on their toes. What value do these bring to the table for businesses?
  • What are some of the best phishing lures you’ve seen for simulations or otherwise?
  • Do you have any interesting stories around security awareness and how it has impacted a business, maybe driving a better sense of a culture of security?
  • Awareness comes in many forms and not just training. Beyond the standard, what kind of awareness should executives and other leaders not be as familiar with cybersecurity concepts to gain a better understanding of concepts and risks?