Living Security is a Human Risk Management (HRM) platform that reduces cybersecurity threats by analyzing workforce behavioral data, conducting tailored, engaging training, and providing actionable, AI-driven insights to proactively mitigate risk. Pulse 2.0 interviewed Living Security founder and CEO Ashley Rose to learn more.
Ashley Rose’s Background
Could you tell me more about your background? Rose said:
“I’m a product-obsessed entrepreneur at heart. Early in my career, I worked as a Product Owner on a software development team building internal tools, managing feature roll-outs, and working cross-functionally with engineering, compliance, operations, and business stakeholders. That role taught me two important things: just how complex enterprise workflows can be, and how central the human layer is in the overall risk equation.”
“Before founding Living Security in 2017 with my co-founder (and husband) Drew, I had a front-row seat to the challenges of building security programs inside large enterprises. Drew had the opportunity to build a cybersecurity program from the ground up, and together we saw how deeply human behavior, not just tools, drives real-world security outcomes.”
“That insight is what ultimately inspired us to start Living Security and pioneer Human Risk Management as a category.”
Formation Of The Company
How did the idea for the company come together? Rose shared:
“The earliest spark came from Drew experimenting with games as a better way to teach security – everything from card games to our first ‘Cyber Escape Room,’ where employees had to solve puzzles and challenges that mapped directly to security best practices. Those early escape-room experiences took off with enterprise clients because they were memorable and actually changed behavior.”
“At the same time, I kept seeing a gap: organizations were investing heavily in security tools, but the workforce was still treated as an afterthought. Traditional training was compliance-driven, boring, and disconnected from how people really work.”
“In late 2017, after we’d run our first escape-room programs and conference activations and landed several enterprise customers, I left my full-time role to focus on Living Security. By early 2018, I was all-in as CEO. Today my primary responsibilities are setting company strategy, partnering with customers and the market to shape the Human Risk Management category, and building the team, culture, and ecosystem to realize that vision at scale.”
Favorite Memory
What has been your favorite memory working for the company so far? Rose reflected:
“One of my favorite seasons will always be the very beginning, when we turned the bonus room in our Austin home into a 500-square-foot startup headquarters. At one point we had seven people working out of that spare room – kids’ toys pushed into the corner, one desk shared between two people, and a whiteboard covered in wildly ambitious goals.”
“It was cramped and scrappy, but incredibly meaningful. That season set the tone for who we are today: resourceful, mission-driven, and willing to do whatever it takes to help organizations turn their people into their greatest defense.”
Core Products
What are the company’s core products and features? Rose explained:
“Our focus today is simple: help enterprises proactively reduce workforce risk – across both people and AI agents – with intelligence, not guesswork.”
“Our core product is our Human Risk Management platform. It integrates data from across the security stack to give CISOs, security leaders, and boards a complete, prioritized view of workforce risk by user, department, location, and more. Instead of just reporting training completions or phishing click rates, our platform shows where real risk is emerging and what’s driving it.”
“From there, the platform closes the loop:
- Ingest & correlate hundreds of identity, behavior, and threat signals across tools you already own.
- Score & prioritize risk using our Human Risk Index, so teams can focus on the small percentage of users and behaviors that drive the majority of exposure.
- Trigger targeted actions from behavior-based coaching and just-in-time training to policy enforcement and orchestrated workflows and measure the impact over time.”
“Building on that, we’ve now officially launched our AI-native Human Risk Management platform, powered by Livvy—our always-on intelligence engine at the core of the platform. Designed from the ground up to be AI-native, Livvy continuously analyzes behavioral, identity, and threat signals to help organizations move from visibility to real-time risk reduction.
“The result is measurable outcomes – fewer risky users, faster remediation, and a significant reduction in human-driven exposure – not just nicer dashboards.”
Evolution Of The Company’s Technology
How has the company’s technology evolved since launching? Rose noted:
“Our evolution has always followed the needs of the workforce. We started with immersive, in-person Cyber Escape Rooms because we wanted to prove that security training could be fun, engaging, and actually change behavior. That worked, but it didn’t scale.”
“As remote and hybrid work took off, we shifted to digital experiences: online escape rooms and a broader training platform that combined escape-room-level engagement with the reach global organizations needed. Those digital experiences gave us something new: visibility into how people learned, where they struggled, and which behaviors signaled risk.”
“From there, we built Unify as a full Human Risk Management platform that goes beyond training. Instead of just tracking who completed a module, we started correlating identity, behavioral, and threat data to quantify actual human risk and drive targeted interventions. Over the last five years, that has grown into a deep HRM dataset and a set of capabilities for orchestration, automation, and now AI-driven recommendations.”
Most recently, we launched our AI-native Human Risk Management platform, powered by Livvy, the intelligence engine behind the platform. It helps teams understand, prioritize, and reduce risk across humans and AI agents by continuously analyzing behavioral, identity, and threat signals, learning from outcomes, and adapting over time. This allows security teams to anticipate risk earlier, understand why it matters, and take consistent action with human oversight.
Significant Milestones
What have been some of the company’s most significant milestones? Rose cited:
“A few stand out:
- 2017–2018: Founding and early validation. We officially founded Living Security in 2017, launched our Cyber Escape Room, and proved that engaging, gamified experiences could dramatically improve security awareness and behavior for large enterprises.
- 2020–2021: Scaling and platform shift. We raised a $5M Series A in 2020 and a $14M Series B in 2021, which allowed us to expand beyond training into Human Risk Management, invest in our Unify platform, and grow our footprint with large, global enterprises.
● Category leadership. Over time, we helped define Human Risk Management as a category and were named a Leader in The Forrester Wave™: Human Risk Management, with top marks in areas like current offering and strategy.
● Proven outcomes at scale. As Unify matured, clients began reporting breakthrough results – including up to a 90% reduction in human-driven risk exposure and 3x greater visibility into human risk compared to traditional, compliance-only approaches. - AI-native future. In 2025, we previewed our AI-native HRM platform at HRMCon, built on five years of proprietary HRM data and designed to predict risk across both humans and AI agents, guide teams with explainable AI, and act autonomously to reduce workforce exposure.
Each of these milestones builds on the last – from proving engagement, to scaling globally, to operationalizing intelligence – and together they’ve positioned us to lead how organizations secure the workforce in the AI era.”
Customer Success Stories
Can you share any specific customer success stories? Rose highlighted:
“One of my favorite examples is a global healthcare organization with over 100,000 employees. They started with a very small awareness team – roughly one and a half full-time employees – and a mandate to stand up a true human risk program across the entire workforce. Traditional awareness approaches weren’t enough.”
“With Unify, they centralized previously siloed data – everything from phishing simulation results and USB exceptions to contractor profiles and travel patterns – into a single human risk view. That visibility revealed contractors as a particularly high-risk group: lower reporting rates, more risky behaviors, and less tailored onboarding.”
“Working together, we designed a contractor-specific onboarding and engagement program, supported by targeted campaigns and just-in-time nudges. Within a relatively short period, contractors doubled their proactive phishing reports to the SOC and showed significant improvement in their Human Risk Index, moving from a high-risk outlier to an active part of the defense.”
“They then extended the same risk-based model to other segments, including users with USB-port exceptions and frequent travelers, aligning not only training but also security operations and access controls. Over time, they increased their security team headcount, secured additional executive sponsorship, and shifted from a reactive “awareness” mindset to a proactive human-risk strategy that they can measure and present at the board level.”
“What I love about this story is that it shows the full loop: visibility, prioritization, tailored action, measurable behavior change, and sustained leadership buy-in.”
Funding/Revenue
Are you able to discuss funding and/or revenue metrics? Rose revealed:
“We’ve raised a little over $28 million in venture funding to date, including a $5 million Series A in 2020 led by Silverton Partners and a $14 million Series B in 2021 led by Updata Partners, with participation from investors like Active Capital, Rain Capital, and SaaS Venture Partners.”
“On the revenue side, we don’t publicly share specific figures, but we’re seeing strong, consistent ARR growth as Human Risk Management moves from ‘interesting’ to ‘essential’ for large enterprises. The majority of our new growth is driven by our HRM offerings, and we’re increasingly working with global brands across financial services, healthcare, technology, manufacturing, and other highly regulated industries.”
Total Addressable Market (TAM)
What total addressable market (TAM) size is the company pursuing? Rose assessed:
“We think about our opportunity in two layers.
First is the core Human Risk Management software market: platforms that correlate human behavior, identity, and threat data and drive targeted interventions. Analyst estimates vary, but most peg HRM as a multi-billion-dollar global market today, with strong double-digit annual growth through the end of the decade as organizations move beyond traditional security awareness toward risk-based, data-driven approaches.”
“Second is the broader workforce and risk ecosystem we plug into: security awareness and training, insider risk, identity and access, GRC, and overarching risk management platforms. Those adjacent categories together represent tens of billions of dollars in annual spend and are increasingly converging around behavior, identity, and AI-driven analytics.”
“Our view is that Human Risk Management will become a foundational layer in this stack – the system of record and action for workforce risk – which is the opportunity we’re building toward.”
Differentiation From The Competition
What differentiates the company from its competition? Rose affirmed:
“Three things really set us apart.
First, we’re not a security awareness training company, we’re a Human Risk Management company. Many vendors in this space are still focused on checking the box: deliver content, run phishing simulations, and report completion rates. That doesn’t necessarily reduce risk. We start with a different question: ‘Where is risk actually coming from in your workforce, and what is the fastest way to change it?’”
“Second, our data and intelligence advantage. We’ve spent years building engaging experiences and HRM capabilities that generate rich behavioral data – not just whether someone passed a quiz, but how they behave, how they respond to interventions, and which signals correlate with real incidents. Our forthcoming AI-native platform is powered by what we believe is the largest dedicated HRM dataset in the industry, built over five years across hundreds of organizations and billions of interactions. That gives our AI something incredibly meaningful to learn from.”
“Third, we focus on outcomes, not dashboards. Our Unify platform delivers 3x more visibility into human risk than traditional training-only tools and has helped enterprises achieve up to a 90% reduction in human risk exposure. Those aren’t vanity metrics – they’re measurable changes in how many people are engaging in high-risk behaviors and how long organizations stay exposed to those behaviors.”
“Add to that external validation – like being named a Leader in The Forrester Wave™: Human Risk Management – and the fact that we’re now extending HRM to include AI agents alongside humans, and you get a platform and a roadmap that are purpose-built for where security is actually heading.”
Future Company Goals
What are some of the company’s future goals? Rose emphasized:
“Looking ahead, we’re focused on a few big priorities:
- Evolving from human risk to full workforce risk. As organizations deploy AI agents alongside people, we want to give them a unified way to understand and manage risk across both – with shared signals, shared scoring, and shared workflows.
- Deepening our ecosystem. We plan to keep expanding integrations with identity providers, cloud security tools, collaboration platforms, and GRC systems so Unify can serve as the connective tissue between workforce behavior and the rest of the security stack.
- Proving and communicating ROI. We’re investing heavily in analytics and executive-level reporting so CISOs and boards can clearly see the financial and operational impact of human-risk programs: fewer incidents, reduced exposure windows, and better alignment with regulatory expectations.
Additional Thoughts
Any other topics you’d like to discuss? Rose concluded:
“The last thing I’d highlight is mindset. For years, the industry talked about “the human as the weakest link.” We fundamentally disagree with that framing. Most people show up wanting to do the right thing, they just don’t always have the context, support, or timely interventions they need.”
“Human Risk Management, especially in the AI era, is about designing systems that support good decisions: seeing risk early, guiding people (and AI agents) with clarity instead of fear, and recognizing and rewarding the 70–80% of users who consistently get it right. If we do that well – with the right combination of data, AI, and empathy – we believe we can turn the workforce into one of the most powerful, adaptive defenses an organization has.”
