Allison Ritter excuses herself from the interview. She has already described her role as “dynamic,” and we’re about to see that firsthand as she makes a call. Allison is filling in for a colleague and needs to make a guest appearance in a simulation — a chance for her to get hands-on with the security lessons she creates for the state-of-the-art IBM X-Force Command Center.

Based in Cambridge, Massachusetts, the Cyber Range drops clients into interactive breach simulations inspired by real-world cybersecurity scenarios. The immersive nature of the simulations helps security teams develop critical incident response and crisis management skills that can’t be learned from playbooks or how-to guides.

To say Allison has a fast-moving job is an understatement. As the creative director at the X-Force Command Center, she’s responsible for the overall look and feel of the simulations and also plays an integral role in managing the multidisciplinary team that develops the interactive experiences for Cyber Range participants.

Injecting Drama, Storytelling and the Arts Into Security Lessons

Allison has been with the Command Center team since the beginning, back when they were “still in hard hats.” She started as a threat gamification engineer before moving into the creative director role.

“I had the opportunity to help build the Cyber Range from the ground up,” she said. “This was a completely new space, so we had a lot of opportunities to create completely new experiences. What are the scenarios that we want to put people through? Visually, how do we want it to look?”

By the time Allison graduated from the Rochester Institute of Technology she had already interned with U.S. Representative Eliot L. Engel, worked with luxury cruise line Cunard to print and manage daily news for shipwide distribution, and served as editor-in-chief for Rochester’s School of Media Sciences. Her gamification role at IBM was only her second post-collegiate job.

Allison is a self-proclaimed lover of drama, so it’s easy to see how she ended up with the Command Center. Her daily work brings the data breach simulations to life through her interactions with clients as they navigate through the scenarios.

“It’s a very active environment; I have to always be ready with something new to throw a curveball into an experience, depending on what’s going on with the client and how they react,” she explained. “We want you to experience and feel what it would be like if your company was under a cyberattack. What do you need to do in a time of crisis? There’s not a lot of time to react, and you have to learn to manage an incident process during a time of chaos.”

Choose Your Own Security Adventure

Allison likens her creative director role to developing a choose-your-own-adventure book: It’s all about interactive storytelling. Her editorial background serves her well at the Command Center. When she worked in news, she had to keep a close eye on current events while maintaining enough flexibility to meet the needs of multiple audiences. This dynamic creativity laid the foundation for what she does today.

“I really enjoy the excitement of the learning that we create here,” Allison said. “To be able to show something to people and say you’re not just taking away a piece of paper, you’re really gaining some sort of experience. You’re dealing with the same situations that you might have to deal with if your company did go through a breach. It’s real-time learning.”

To Allison, a textbook or how-to guide is no substitute for hands-on experience.

“Diving in, talking with your peers, collaboration among different teams — we have people coming in from human resources, public relations, legal, communications, marketing security — people are bringing all different experiences to the table,” she explained. “We have a dynamic environment that changes, which is a great learning area for individuals.”

In Security, the Drama Never Ceases

This role isn’t a traditional 9-to-5 job; Allison is very involved and is often on call. She also continues her passion for the arts through music, theater and painting in her free time. In short, she is living proof that the arts and technology can work — indeed, thrive — together.

“I’m dedicated to the space and the work we do,” she said. “I have this love for drama and a passion for creating immersive spaces that are visually engaging for individuals to experience.”

Allison is showing us that working in security is not just about developing and writing code. There are opportunities for people of all backgrounds, passions and inclinations to succeed in this industry — especially if they enjoy a bit of drama.

Meet Cybersecurity Gamification Strategist John Clarke

More from Incident Response

How the Mac OS X Trojan Flashback Changed Cybersecurity

Not so long ago, the Mac was thought to be impervious to viruses. In fact, Apple once stated on its website that "it doesn't get PC viruses". But that was before the Mac OS X Trojan Flashback malware appeared in 2012. Since then, Mac and iPhone security issues have changed dramatically — and so has the security of the entire world. In this post, we'll revisit how the Flashback incident unfolded and how it changed the security landscape forever. What…

What Hurricane Preparedness Can Teach Us About Ransomware

Each year between June and November, many parts of the U.S. become potential targets for hurricanes. In October 2022, we had Hurricane Ian devastate Florida. To prepare for natural disasters like hurricanes, organizations are encouraged to build out and test business continuity, disaster recovery, and crisis management plans to use in the response efforts. Millions of dollars each year are spent on natural disaster preparation, but natural disasters are not the only disruption businesses face. While we can’t equate the…

Charles Henderson’s Cybersecurity Awareness Month Content Roundup

In some parts of the world during October, we have Halloween, which conjures the specter of imagined monsters lurking in the dark. Simultaneously, October is Cybersecurity Awareness Month, which evokes the specter of threats lurking behind our screens. Bombarded with horror stories about data breaches, ransomware, and malware, everyone’s suddenly in the latest cybersecurity trends and data, and the intricacies of their organization’s incident response plan. What does all this fear and uncertainty stem from? It’s the unknowns. Who might…

A Day in the Life: Working in Cyber Incident Response

As a cybersecurity incident responder, your life can go from zero to 100 in a heartbeat. One moment you are sipping a beverage reading the latest threat intelligence or getting the kids ready for bed; the next, you may be lunging for your "go bag" because you cannot remote in to the breached system. It's all part of the game. Seasoned incident responders can handle this jab: "Why would you want a job like this? Are you crazy?" The truth…