About Us

KnowBe4 delivers ‘new-school’ Kevin Mitnick Security Awareness Training combined with set-it-and-forget-it simulated phishing attacks for an extremely effective user education program.


Based on Kevin’s 30+ year unique first-hand hacking experience, you now can train employees to better manage the urgent IT security problems of social engineering, spear phishing and ransomware attacks.

With this world-class, user-friendly and effective Internet Security Awareness Training, KnowBe4 provides self-service enrollment, and both pre-and post-training phishing security tests that show the percentage of end-users that are Phish-prone. KnowBe4’s unique scheduled Phishing Security Tests keep employees on their toes with security top of mind, and can provide instant remedial online training in case an employee falls for a simulated phishing attack.

The Security Awareness Training project leader at every KnowBe4 customer gets access to user provisioning, and comprehensive pre- and post- training reporting. Every end-user gets an engaging and effective 30-40 minute training, and we also have a 15-minute condensed version for managers in 9 languages. After being trained end-users can receive ongoing testing, with a frequency determined by you. Executives get the insight they need to maximize training ROI and track security compliance.

The KnowBe4 team has built, deployed, and supported market leading e-learning applications and has deep roots in IT Security.  KnowBe4 was started and funded by Stu Sjouwerman, formerly co-founder of Sunbelt Software, developer of VIPRE Antivirus, which in 2010 was acquired by GFI Software, a portfolio company of the Insight Venture Partners Venture Capital Fund in New York and Boston.

“The adage is true that the security systems have to win every time, the attacker only has to win once.” — Dustin Dykes.

KnowBe4 Philosophy

We are happy to go against the grain.
We’re not a massive developer that turns out bloatware year after year.
We don’t work with only the bottom line in mind.
We don’t sell top down and force our solutions down everyone’s throat.
We don’t develop code based on yesterday’s problems.
And we feel fine with all that.

We’re a team free of thinking techies, who look at IT security issues a little differently.
Where other IT security companies may value profits, we value, well…security.
When the competition tries to keep things locked up, we want it to be community-based.
We create security solutions for admins by admins.
We are not in the pocket of any of the large players.
We answer to no one but IT admins in the trenches.

Our rules are: “Do it right the first time, do it fast, and have fun while you do it”.
We work like that, because we think it’s the only way to go.
We believe in smarts over money.
We believe that only with community you can effectively secure your domains.
We believe that as IT Admins we need to hang together, because if we don’t we will hang alone.
And we feel strong about challenging the status quo, we put admins front and center in the fight against cybercrime.

So, it boils down, we believe in you.
We believe that the world’s best security products can only be made with admins who give a bit of their time, talents, energy and support to defending our mutual domains.
And with this cause in mind, we believe that together we can continue to create innovative security tools for the benefit of your organization and the security of your network.
We are committed to serve the greater good. We are KnowBe4. We’re not just a different kind of security company, we are a security company that together with you, makes a difference.

KnowBe4 Infrastructure Security

KnowBe4 is an IT security company, so our infrastructure was built from the ground up to have a secure, and fault-tolerant cloud-based infrastructure. KnowBe4 was PCI compliant from day one.

  • Our Development Group consists of software engineers that have 10+ years of experience in creating secure application,
  • Our servers are hardened Linux machines, any critical connections all use secure sockets layer,
  • The databases are backed up daily,
  • We do not store passwords in plain-text, we use a one-way salted, peppered and 10x encrypyted hash mechanism, in which passwords cannot be retrieved even if we want to,
  • Regarding the Phishing Security Tests, the data we store consists only of email addresses, and what this address has clicked on. No other data gets stored, and KnowBe4 has done everything to be secure, scalable and reliable.
  • As the phishing tests only use standard email/web protocols, and do not include any actual malware, KnowBe4 phishing tests will not introduce any vulnerabilities into your systems.

Note: our infrastructure runs on the Amazon Web Services (AWS) cloud which has the following certifications:
“AWS has achieved ISO 27001 certification and has successfully completed multiple SAS70 Type II audits. We will continue to obtain the appropriate security certifications and conduct audits to demonstrate the security of our infrastructure and services.”

More about AWS certifications and accreditations here: http://aws.amazon.com/security/