December 20, 2018 By Security Intelligence Staff 3 min read

Allison Ritter excuses herself from the interview. She has already described her role as “dynamic,” and we’re about to see that firsthand as she makes a call. Allison is filling in for a colleague and needs to make a guest appearance in a simulation — a chance for her to get hands-on with the security lessons she creates for the state-of-the-art IBM X-Force Command Center.

Based in Cambridge, Massachusetts, the Cyber Range drops clients into interactive breach simulations inspired by real-world cybersecurity scenarios. The immersive nature of the simulations helps security teams develop critical incident response and crisis management skills that can’t be learned from playbooks or how-to guides.

To say Allison has a fast-moving job is an understatement. As the creative director at the X-Force Command Center, she’s responsible for the overall look and feel of the simulations and also plays an integral role in managing the multidisciplinary team that develops the interactive experiences for Cyber Range participants.

Injecting Drama, Storytelling and the Arts Into Security Lessons

Allison has been with the Command Center team since the beginning, back when they were “still in hard hats.” She started as a threat gamification engineer before moving into the creative director role.

“I had the opportunity to help build the Cyber Range from the ground up,” she said. “This was a completely new space, so we had a lot of opportunities to create completely new experiences. What are the scenarios that we want to put people through? Visually, how do we want it to look?”

By the time Allison graduated from the Rochester Institute of Technology she had already interned with U.S. Representative Eliot L. Engel, worked with luxury cruise line Cunard to print and manage daily news for shipwide distribution, and served as editor-in-chief for Rochester’s School of Media Sciences. Her gamification role at IBM was only her second post-collegiate job.

Allison is a self-proclaimed lover of drama, so it’s easy to see how she ended up with the Command Center. Her daily work brings the data breach simulations to life through her interactions with clients as they navigate through the scenarios.

“It’s a very active environment; I have to always be ready with something new to throw a curveball into an experience, depending on what’s going on with the client and how they react,” she explained. “We want you to experience and feel what it would be like if your company was under a cyberattack. What do you need to do in a time of crisis? There’s not a lot of time to react, and you have to learn to manage an incident process during a time of chaos.”

Choose Your Own Security Adventure

Allison likens her creative director role to developing a choose-your-own-adventure book: It’s all about interactive storytelling. Her editorial background serves her well at the Command Center. When she worked in news, she had to keep a close eye on current events while maintaining enough flexibility to meet the needs of multiple audiences. This dynamic creativity laid the foundation for what she does today.

“I really enjoy the excitement of the learning that we create here,” Allison said. “To be able to show something to people and say you’re not just taking away a piece of paper, you’re really gaining some sort of experience. You’re dealing with the same situations that you might have to deal with if your company did go through a breach. It’s real-time learning.”

To Allison, a textbook or how-to guide is no substitute for hands-on experience.

“Diving in, talking with your peers, collaboration among different teams — we have people coming in from human resources, public relations, legal, communications, marketing security — people are bringing all different experiences to the table,” she explained. “We have a dynamic environment that changes, which is a great learning area for individuals.”

In Security, the Drama Never Ceases

This role isn’t a traditional 9-to-5 job; Allison is very involved and is often on call. She also continues her passion for the arts through music, theater and painting in her free time. In short, she is living proof that the arts and technology can work — indeed, thrive — together.

“I’m dedicated to the space and the work we do,” she said. “I have this love for drama and a passion for creating immersive spaces that are visually engaging for individuals to experience.”

Allison is showing us that working in security is not just about developing and writing code. There are opportunities for people of all backgrounds, passions and inclinations to succeed in this industry — especially if they enjoy a bit of drama.

Meet Cybersecurity Gamification Strategist John Clarke

More from Incident Response

Why federal agencies need a mission-centered cyber response

4 min read - Cybersecurity continues to be a top focus for government agencies with new cybersecurity requirements. Threats in recent years have crossed from the digital world to the physical and even involved critical infrastructure, such as the cyberattack on SolarWinds and the Colonial Pipeline ransomware attack. According to the IBM Cost of a Data Breach 2023 Report, a breach in the public sector, which includes government agencies, is up to $2.6 million from $2.07 million in 2022. Government agencies need to move…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

What cybersecurity pros can learn from first responders

4 min read - Though they may initially seem very different, there are some compelling similarities between cybersecurity professionals and traditional first responders like police and EMTs. After all, in a world where a cyberattack on critical infrastructure could cause untold damage and harm, cyber responders must be ready for anything. But are they actually prepared? Compared to the readiness of traditional first responders, how do cybersecurity professionals in incident response stand up? Let’s dig deeper into whether the same sense of urgency exists…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today