Security Awareness Programs & Computer-Based Training , Training & Security Leadership
Huntress Buys Security Training Provider Curricula for $22M
Firm's Largest Acquisition to Extend User Education to Small to Midsized ClientsManaged security platform stalwart Huntress has made the largest acquisition in its eight-year history, scooping up security awareness training provider Curricula to boost its user education offerings.
See Also: OnDemand | Old-School Awareness Training Does Not Hack It Anymore
The Baltimore-area company evaluated seven firms with security awareness training tools and ultimately acquired Curricula for its ease of use, manageability for smaller customers and enjoyable online learning experience, according to Kyle Hanslovan, Huntress co-founder and CEO. Thirteen employees of Atlanta-based Curricula are moving to Huntress as part of the $22 million acquisition (see: The Ransomware Files, Episode 6: Kaseya and REvil).
"We're not just a cute startup anymore," Hanslovan tells Information Security Media Group. "We have multiple products and about 70,000 businesses using our software. One of the things [customers] kept saying was, 'The education is just not cutting it. We're getting this training about awareness, but we're not really ready.'"
Security awareness training has become a popular component of broader security platforms in recent years, particularly for email security vendors. The space consolidated greatly in 2018, with Barracuda, Proofpoint and Mimecast acquiring PhishLine, Wombat and Ataata, respectively. With the Huntress acquisition of Curricula, the only big pure-play security training vendor left is KnowBe4, which went public in 2021.
From MSP to Midmarket
Founded in 2015, Curricula bootstrapped its own growth for five years before taking $3 million of outside money and launching a free version of its product in November, says CEO Nick Santora. The industry took notice of the new tool, and Santora says Curricula was approached by several potential buyers in recent months about strategic acquisition opportunities.
"I wanted to make sure that we were in a place that respects our ideals and mission," Santora tells ISMG. "With Huntress, it almost looked like I was talking into a mirror." After meeting with Hanslovan and Chris Bisnett, Huntress co-founder and CTO, Santora says, "It just felt like everything was aligned on what we believed in, who we served and why we were doing what we're doing."
When it comes to the Curricula integration process, Hanslovan says he's most focused on people and culture, tying the technology together, and accretive value. Hanslovan says each side has something to learn from the other when it comes to serving different customer types, with Curricula excelling in the midmarket and Huntress working closely with more than 3,000 VARs, MSPs, MSSPs and service providers.
Hanslovan says he wants to avoid the clunky or unnatural integration that he sees in many M&A deals and instead offer a seamless user experience strengthened by the sharing of data. Manageability is key when it comes to small and midsized businesses, or SMBs, which don't want to toggle between multiple applications when managing security awareness training for users, Hanslovan says.
Aligning Training and Threats
Data sharing, meanwhile, will make it possible for Huntress' visibility into the SMB threat landscape to inform the development of security training content at Curricula, according to Hanslovan. This will help avoid gaps or deficiencies in user education when it comes to responding to the latest threats, he says.
Over time, Hanslovan says, he wants joint customers to automatically be cued up with Curricula training for the specific threats their particular organization sees most frequently. He would also like to extend Huntress' management capabilities to the Curricula platform, which is fully self-managed today. This will make it easier for customers without internal security skillsets to take advantage of Curricula.
Hanslovan sees customers increasingly turning to Huntress in a time of tightening security budgets for help with managing their endpoints, and he anticipates managed security training would be appealing to those clients as well. Curricula's training module is already affordably priced and doesn’t require full-time management since the platform isn't targeted at enterprises, according to Hanslovan.
"Will the SMB partners pick up this technology over things like KnowBe4 and Proofpoint?" Hanslovan asks. "All of our survey data that we got ahead of time shows that the market is very ready for this. The single biggest KPI that we'll look at is adoption from service providers."