December 20, 2018 By Security Intelligence Staff 3 min read

Allison Ritter excuses herself from the interview. She has already described her role as “dynamic,” and we’re about to see that firsthand as she makes a call. Allison is filling in for a colleague and needs to make a guest appearance in a simulation — a chance for her to get hands-on with the security lessons she creates for the state-of-the-art IBM X-Force Command Center.

Based in Cambridge, Massachusetts, the Cyber Range drops clients into interactive breach simulations inspired by real-world cybersecurity scenarios. The immersive nature of the simulations helps security teams develop critical incident response and crisis management skills that can’t be learned from playbooks or how-to guides.

To say Allison has a fast-moving job is an understatement. As the creative director at the X-Force Command Center, she’s responsible for the overall look and feel of the simulations and also plays an integral role in managing the multidisciplinary team that develops the interactive experiences for Cyber Range participants.

Injecting Drama, Storytelling and the Arts Into Security Lessons

Allison has been with the Command Center team since the beginning, back when they were “still in hard hats.” She started as a threat gamification engineer before moving into the creative director role.

“I had the opportunity to help build the Cyber Range from the ground up,” she said. “This was a completely new space, so we had a lot of opportunities to create completely new experiences. What are the scenarios that we want to put people through? Visually, how do we want it to look?”

By the time Allison graduated from the Rochester Institute of Technology she had already interned with U.S. Representative Eliot L. Engel, worked with luxury cruise line Cunard to print and manage daily news for shipwide distribution, and served as editor-in-chief for Rochester’s School of Media Sciences. Her gamification role at IBM was only her second post-collegiate job.

Allison is a self-proclaimed lover of drama, so it’s easy to see how she ended up with the Command Center. Her daily work brings the data breach simulations to life through her interactions with clients as they navigate through the scenarios.

“It’s a very active environment; I have to always be ready with something new to throw a curveball into an experience, depending on what’s going on with the client and how they react,” she explained. “We want you to experience and feel what it would be like if your company was under a cyberattack. What do you need to do in a time of crisis? There’s not a lot of time to react, and you have to learn to manage an incident process during a time of chaos.”

Choose Your Own Security Adventure

Allison likens her creative director role to developing a choose-your-own-adventure book: It’s all about interactive storytelling. Her editorial background serves her well at the Command Center. When she worked in news, she had to keep a close eye on current events while maintaining enough flexibility to meet the needs of multiple audiences. This dynamic creativity laid the foundation for what she does today.

“I really enjoy the excitement of the learning that we create here,” Allison said. “To be able to show something to people and say you’re not just taking away a piece of paper, you’re really gaining some sort of experience. You’re dealing with the same situations that you might have to deal with if your company did go through a breach. It’s real-time learning.”

To Allison, a textbook or how-to guide is no substitute for hands-on experience.

“Diving in, talking with your peers, collaboration among different teams — we have people coming in from human resources, public relations, legal, communications, marketing security — people are bringing all different experiences to the table,” she explained. “We have a dynamic environment that changes, which is a great learning area for individuals.”

In Security, the Drama Never Ceases

This role isn’t a traditional 9-to-5 job; Allison is very involved and is often on call. She also continues her passion for the arts through music, theater and painting in her free time. In short, she is living proof that the arts and technology can work — indeed, thrive — together.

“I’m dedicated to the space and the work we do,” she said. “I have this love for drama and a passion for creating immersive spaces that are visually engaging for individuals to experience.”

Allison is showing us that working in security is not just about developing and writing code. There are opportunities for people of all backgrounds, passions and inclinations to succeed in this industry — especially if they enjoy a bit of drama.

Meet Cybersecurity Gamification Strategist John Clarke

More from Incident Response

How I got started: Incident responder

3 min read - As a cybersecurity incident responder, life can go from chill to chaos in seconds. What is it about being an incident responder that makes people want to step up for this crucial cybersecurity role?With our How I Got Started series, we learn from experts in their field and find out how they got started and what advice they have for anyone looking to get into the field.In this Q&A, we spoke with IBM’s own Dave Bales, co-lead X-Force Incident Command…

How Paris Olympic authorities battled cyberattacks, and won gold

3 min read - The Olympic Games Paris 2024 was by most accounts a highly successful Olympics. Some 10,000 athletes from 204 nations competed in 329 events over 16 days. But before and during the event, authorities battled Olympic-size cybersecurity threats coming from multiple directions.In preparation for expected attacks, authorities took several proactive measures to ensure the security of the event.Cyber vigilance programThe Paris 2024 Olympics implemented advanced threat intelligence, real-time threat monitoring and incident response expertise. This program aimed to prepare Olympic-facing organizations…

How CIRCIA is changing crisis communication

3 min read - Read the previous article in this series, PR vs cybersecurity teams: Handling disagreements in a crisis. When the Colonial Pipeline attack happened a few years ago, widespread panic and long lines at the gas pump were the result — partly due to a lack of reliable information. The attack raised the alarm about serious threats to critical infrastructure and what could happen in the aftermath. In response to this and other high-profile cyberattacks, Congress passed the Cyber Incident Reporting for Critical…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today