Training Employees. PHOTO: Cybercrime Magazine.

Cybersecurity Training Goes Hollywood

NINJIO produces animated 3-4 minute micro-learning videos

David Braue

Melbourne, Australia – Jun. 15, 2021

As he sat down in 2015 to plan his new venture in cybersecurity training, Zack Schuler started with a blank canvas — and started thinking about what kind of teaching helps him learn best.

“I thought about how I would want to learn about cybersecurity, and a bunch of concepts came into my head,” Schuler, founder and CEO of cyber training firm NINJIO, told Cybercrime Magazine.

There was a recurring theme: “I want to be educated through storytelling,” he realized, “because I can get emotionally connected to a story that I can’t get to with a lecture.”

Other key goals included keeping the stories to 3 to 4 minutes long “so it keeps my attention,” he added, “and I want to get the best storytelling that I can.”

With these key goals in mind, Schuler — who had just sold Cal Net, the managed security services business that he founded at 21 and ran for 18 years, to NexusTek — began realizing a dream he had been nurturing for many years.

While working at Cal Net, he explained, “we would see clients succumbing to breaches and social engineering attacks. And in almost every instance, when a client would get breached it was due to human error when somebody clicked on something they shouldn’t have.”

“So I had a fleeting thought at the time — that if I could only teach people what to do and what not to do, I would save our clients a lot of headache and heartache. But I wasn’t going to start a training company in the middle of running a 100-employee managed services business.”

As he sat down to fulfill that dream years later, Schuler realized that what he had been imagining was a format for selling cybersecurity stories in a completely new way. It was, he realized, time to bring Hollywood to cybersecurity.

Old college friend Bill Haynes — an accomplished screenwriter with writing and producing credits on dozens of episodes of CSI: NY and Hawaii Five-O — came onboard to help Schuler’s emerging cyber training firm bring together a series of short, engaging training videos that he believed would help warn employees about risky online behavior in a completely new way.

That way, it turns out, was animation — anime, in particular.

Much more than cartoons

Years later, the NINJIO Aware platform has over 1 million users who are accessing its cyber training-as-a-service library of more than 80 targeted animated videos. Each episode is based on a real company and a real breach — and topics of each new monthly video are determined by whatever cybercriminal attacks are most prominent in that month’s news.

“Two weeks ago, if you had asked me what our July episode would be about, I would have said ‘I don’t know,’” Schuler said. “But then the Colonial Pipeline attack happened — so now I know what July’s episode is about.”

“It’s not that we have created some library that sits there and gets stale; we are literally creating content in real time, and we consistently add new content.”

The use of animation is not just about standing out in a field crowded with unengaging videos that have many employees wriggling in their seats after a few seconds.

Because it allows directors to interpolate closeup shots of elements of computer or smartphone screens, for example, animation allows directors to highlight key information that reinforces the way employees can, for example, spot malicious email attachments or figure out that an attacker is spoofing the domain name of a trusted company.

Animation has also allowed NINJIO to introduce strong voice talent without distracting from its messages: season 5 saw NINJIO bring in the likes of Jon Lovitz, Alex Thomas, Laticia Rolle, Robert Davi, and Tia Carrere to do voiceover work for new episodes.

Music scoring, sound production, scriptwriting — all are handled by seasoned professionals, with every stage of production from character design, storyboarding, and other aspects handled entirely through the company’s in-house production studio.

“We are a content-first company,” Schuler said. “It’s the biggest way for you to differentiate yourself against the competition, at the end of the day.”

And while some of the videos have comedic elements, Schuler said, the company has intentionally avoided pushing too hard for laughs — both because comedy is highly culturally subjective, and because it isn’t the right tone for addressing a serious issue.

“Research has shown that when you train people through a comedic-centered approach, they take the subject matter a lot less seriously,” he explained. “In the world of cyber, that’s certainly something you don’t want to have happen.”

New life for enterprise training

Indeed, despite the consumer feel of the episodes, NINJIO has enterprises squarely in its sights when it comes to the way it presents its content — and manages it.

Back-end integration with corporate directory services provides “frictionless viewing” by automatically authenticating users, Schuler said, and a core learning management system (LMS) tracks users’ consumption of the videos so that human resources can easily identify who has and hasn’t watched them.

The ongoing success of NINJIO’s animation-based training approach has led to several spinoff ideas, such as 90-second NINJIO Aware Nano videos — providing “teachable moments” — as well as corporate and small-business flavors.

The company also recently launched the NINJIO PHISH managed phishing simulation platform, with a team handling the configuration and administration of phish testing against employees at customer sites including, Schuler said, “some extraordinarily large clients [who] say it stands up to the best.”

Time-poor CISOs have flocked to NINJIO’s hosted content and testing environment, which provides both relevant and timely content that they have embraced to support employee cyber training programs that are both difficult to create and time-consuming to administer when handled in-house.

NINJIO is also working with clients to integrate its content directly into heavily utilized communications channels like Slack: “If you’ve got a production or development team that spends eight hours a day on Slack,” he said, “they’re less likely to take LMS training — so that’s a great place to put our content, right where people are going to see it.”

“We really need to meet the learner where they are.”

David Braue is an award-winning technology writer based in Melbourne, Australia.

Go here to read all of David’s Cybercrime Magazine articles.


NINJIO offers a cybersecurity awareness training solution that uses engaging, 3 to 4-minute Hollywood-style micro-learning videos to empower individuals and organizations to become defenders against cyberthreats. We teach organizations, employees, and families how not to get hacked, which makes them the first line of defense against today’s increasingly sophisticated cybercriminals.

We serve some of the largest companies in the world and have changed the behavior of hundreds of thousands of people through engaging, emotionally-driven storytelling.