It Starts with Onboarding

Cohere Health needed scalable security training to support rapid growth

Cohere Health, an AI-driven healthcare management provider, is growing at lightning speed. It’s been onboarding high numbers of staff to help accelerate complex transactions between patients, physicians, and insurers. When Jared Couillard, CISSP joined as Cohere’s Senior Director, IT & Security Officer, he knew the organization needed better security awareness training. Couillard had relied on Huntress Security Awareness Training (SAT) in his prior role at a different company, so he already understood how Huntress would benefit Cohere Health. This time around, he had three objectives:

• Compliance: Staff had to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

• Protection from Attacks: Cohere Health needed to fortify staff as a first line of defense against malicious actors.

• Scalability: Training had to be easy to scale and integrate into new-hire onboarding because Cohere was approaching a Series B funding round to support further growth.

Cohere launched Huntress SAT when the company had fewer than 30 employees. Now, with nearly 200 employees and projecting to double their headcount again, Huntress is integral to the overall health and success of the organization.

‍

‍

Ongoing training is fun and addresses the evolving nature of cyberattacks

By prioritizing cybersecurity upfront, Cohere Health provides the framework for a culture where everyone is responsible for protecting the company from attacks.

Staff engage with innovative training that centers on a young hacker prodigy named DeeDee.

Like most five-year-olds, DeeDee has her demands—and she’s not afraid to cause a little trouble to have them met. The training follows her misadventures, mirroring real-world threats like phishing attacks.

“I get feedback monthly from our employees that ‘This is so great,’ and ‘We want to see what happens with DeeDee next.’ It’s definitely engaging,” shares Couillard. That level of engagement helps Cohere Health staff retain what they’ve learned so they can apply it when they need it most.

“Most of the training in HIPAA is very dry with a ‘check-the-box’ kind of mentality . . . I was looking for something different and was introduced to Huntress SAT. I loved this new idea with how to present this information... Nothing compared to the inventiveness that Huntress offered with their training episodes.”

The company knew an increasing number of cyberattacks around the world presented a risk to their operations. A programmatic approach lets Cohere administer security awareness training on an ongoing basis.

In addition to semi-monthly onboarding training, Cohere runs phishing simulations and administers customizable Huntress SAT episodes based on results. Couillard pairs these efforts with one-to-one conversations as needed for a complete cybersecurity program he and his team can quickly scale across a multiplying workforce.

Training episodes cover topics in ways that reflect evolving cybersecurity threats, such as:

• Phishing
• Social engineering
• Ransomware
• Removeable media
• Network security
• Incident Response

Continuous training like this helps Cohere Health connect around the storylines. Couillard sees qualitative proof of engagement over time in company communication channels.

“We have a security HIPAA channel on Slack. After an episode has been open for a bit, I’ll post in there something you can only know from watching the content,” Couillard explains,  "Everyone is doing the training and partaking, from leadership on down.”

‍

‍

Most of the training in HIPAA is very dry with a ‘check-thebox’ kind of mentality . . . I was looking for something different and was introduced to Huntress SAT. I loved this new idea with how to present this information... Nothing compared to the inventiveness that Huntress offered with their training episodes.

Jared Couillard | CISSP SENIOR DIRECTOR, IT & SECURITY OFFICER, COHERE