100% of those present want to participate again! A brief review of the LUCY Connect User Conference 2017

With a dream rating of 3.9 (out of 4) and more than 73% of feature requests put on the the development list, the first LUCY User Group conference was a complete success!


During the it-sa fair in Nuremberg on 10.10.2017 the first event with active customer participation was held as the first international cyber prevention summit.

Company Key Note from Robert Bosch

“Cyber Resilience as a Silver Bullet?” The keynote presentation by Patrick Zeller from Robert Bosch GmbH on the topic Cyber Resilience (Wikipedia) was very interesting and enriching. It showed that a modern security dispositive must necessarily expect successful security incidents. In order to ensure the security and ultimately the integrity of the IT landscape, state-of-the-art security concepts and their implementation must be

  • Based on realistic assumptions and possibilities,
  • Holistic (i. e. all-embracing, the whole IT-Landscape) and
  • Being able to react dynamically to a wide variety of threat scenarios when dealing with them.

Outlook on future LUCY versions, exchange of experience and development proposals – Following the keynote speech, LUCY founder Oliver Münchow gave an insight into the development focus of future LUCY versions. The further development of the LUCY server, especially with regard to the functionalities around the “Behavorial E-Mail Threat Management” (BTM) was well received. In joint workshops, best practices and experiences in dealing with phishing tests, employee awareness measures and best practices related to technical configuration aspects of the LUCY server in data center environments were exchanged.

73% of the submitted development requests for LUCY servers were included in the development list – the workshop part was completed with the collection of development requests for new LUCY features. Not only feature requests were collected, but the heads of LUCY development  also determined which development requests are effectively transferred to the development list! The customer input was so good that 73% of the development requests from LUCY Connect participants were transferred to the customer list.

Impressive results of the LUCY Connect satisfaction survey – The results of the satisfaction survey of the first user conference on cyber prevention, awareness and security testing speak for themselves:

We are proud to have received such a great feedback! Thank you very much.


Virtual LUCY Connect / LUCY Connect @ RSA2018 / LUCY Connect Europe 2018 – The positive feedback from LUCY Security and our LUCY Eco System Partners has encouraged us to continue supporting the customer base and the community. Safety is always a collective achievement! And the integration in a strong community helps Allen.

That’s why the LUCY Connect is being continued: In January 2018, a first attempt with a virtual edition of the LUCY Connect will be launched. In April 2018, the first North American LUCY Connect will be held as part of the RSA Conference San Francisco, before the second European event will take place in the summer of 2018.


About LUCY Connect – LUCY Connect as a user conference and cyber prevention summit is to strengthen all participants: learn from the experiences of other users at workshops, share your development wishes for LUCY, find out intimate details about future product versions and benefit from the unique network of the LUCY Community. Find out more on the conference website.

Infosec trade shows are not dead!

Have IT fairs become obsolete? No, absolutely not! [Video]

Unexpectedly high visitor interest for the LUCY Testing and Awareness Server at it-sa 2017.

Three days in Nuremberg. Three people at the booth. There’s always something going on. Demos are made, questions answered and business cards exchanged. Lunchtime will be cancelled and at the end of the first day the first printed matter will be sold out.  The young company LUCY Security started to exhibit at IT-Security fairs / tradeshows in year 3 of its existence. The stand at this year’s it-sa is already the fourth appearance of this year. Every exhibition has been a success so far! The interest was great everywhere, you could make a lot more LUCY presentations than normal and you could feel the pulse of the market at every trade show!

Itsa – The pulse of the information security market is pounding! Or maybe he’s even furious. With 630 exhibitors and just under 13,000 visitors, the it-sa trade fair 2017 in Nuremberg was able to record an increase of more than 25% in both key figures compared to the previous year! All of these visitors felt at LUCY’s stand; -) In any case, the interest was enormous and we don’t regret the decision to exhibit at the probably most important European Security Fair in any way.

LUCY Security is on the right track with its product: Employee awareness will become a key InfoSec topic of the year 2018, we are convinced! The 45 seconds clip below gives a good impression of the fair:


The LUCY Security exhibition calendar 2017:

  1. SIGS Technology Conference, Regensdorf, Switzerland.
  2. Public IT Security Conference (PITS, 12 und 13 September, Berlin, Germany (Messebeitrag / Presentation: „Strategies against Social Engineering”).
  3. Internet Security Days, Fantasialand Brühl, Germany.
  4. it-sa 2017, 10.10.2017 – 12.10.2017, Nürnberg, Germany (Press Release: Growth).
  5. Swiss Green Economy Symposium 2017 (SGES), 30.10.2017, Winterthur, Switzerland. http://sges.ch/


Coming next

….and it-sa 2018: We’ll be back!


100% of the major US companies have an IT security program: Results of the CISO Survey 2017

The situation in the largest market for simulated Internet attacks and IT security awareness testing is absolutely clear: Social engineering for educational purposes has become a regular activity at US companies. Phishing simulations are part of their daily business!

The results of the LUCY CISO survey among IT security representatives of renowned US companies speak for themselves:

  • 100% of the CISOs / IT security officers interviewed stated that they maintain a program to raise awareness of Internet risks among employees in their company
  • 100% of respondents stated that they used training videos to maintain employee awareness
  • With the exception of one person, all respondents have requested that they conduct phishing tests (phishing simulations) in their company
  • More than 90% of respondents stated that their companies use automated threat analysis systems[1] (cyber risks)
  • Less than 10% of respondents stated that malware and ransomware simulations[2] are performed in their companies

Conclusion: In the USA, it has been recognized that not only the IT systems need to be protected, but also the employees have to be’ imumunized’ through ongoing training. This is the only way to ensure sustainable and improved protection against cybercriminality. Offers for such activities become widespread. The offering turns into a commodity as the market.

Survey: On the occasion of the Security Shark Tank held in Palo Alto on October 5,2017, LUCY Security conducted a survey among a group of 24 American CISOs. The survey focused on phishing testing, employee awareness and alerting in threat situations. The number of respondents is not sufficient for a statistically relevant study. Nevertheless, the CISO survey clearly shows the market situation in the USA who is the largest Security Awareness Testing and Training Market.



[1] This corresponds to the Threat Analyzer https://www.lucysecurity.com/tag/threat-analyzer/ und (neu) dem Threat-Mitigator

[2] This corresponds to Malware- und Ransomware-Simulation in LUCY (Malware Simulation Toolkit)  https://www.lucysecurity.com/en/create-run-malware-simulations-lucy-screencasts/


IT Security Tutorial Content available for free download in LUCY

New IT-Security Tutorials and Videos available for Free Download in LUCY

Download the new set of security tutorial video’s and brand new phishing attack templates for LUCY Server. Big free content upgrade 2017-09 is available now for everybody.

We have heard from some customers that they would like to use shorter versions of our popular videos. LUCY Security meets this demand with the big content update 09/2017. Not only are rich media security tutorials and videos delivered, but also brand new attack templates for phishing simulations. The content was tested and improved by our pilot customers. We can only recommend the videos: Don’t only run Mock Phish Campaigns, but also educate your staff with security tutorials from LUCY!

No. 4 this year – This is already the fourth content update this year. The software actually counts 97 phishing simulation templates, 38 awareness trainings, 16 educational videos and 16 file based attack templates and everything is included for free in LUCY Server.

Spam Unsubscribe – Spammers sometimes just send an email to get the user to click on the unsubscribe link in order to verify their email address. In this scenario we simulate such a SPAM message with an unsubscribe link.


Payment reminder template for mock phish with lucyPayment Reminder (Payoner) – The recipient gets a reminder of a payment, which is due. Clicking on the “reject” button allows the user to start a dispute.



it security tutorial is available for free download in lucyEmail Security Video – Short Version -In this short (~1 minute) security tutorial video we talk about email security risks. We have put together a few security tips, which involve best practices and policies. The content (animation, language, script) is customizable. More info about customization can be found here: https://goo.gl/HXN9SG


password security video - it security tutorial is available for free download in lucyPassword Security Video – Short Version – In this (~1 minute) security tutorial video we talk about password security risks. We have put together a few security tips, which involve best practices and policies. The content (animation, language, script) is customizable.


physical security video short - it security tutorial is available for free download in lucyPhysical Security Tutorial Video – Short Version – In this (~ 1 minute) security awareness video we talk about physical security risks. We also have put together a few security tips, which involve best practices and policies. The content (animation, language, script) is customizable.


Infosec Tutorial Video - This IT security tutorial is available for free download in lucyLucy Phishing Educational Video – Short version – This is a 1 minute educational video about phishing attacks. Every video scene can be customized (e.g. custom branding) and translated into additional languages.  This video allows you to track if the user watched the video.


Mobile Security Tutorial VideoMobile Security Tutorial Video 1.1 – Short Version – This short security video gives a few tips regarding the secure usage of mobile devices (mainly smartphone & laptop). Length: ~ 1 Minute, Audiences and Skill Levels see above and please note that all video’s can be fully customized. More info: http://www.lucysecurity.com/PS/doc/dokuwiki/doku.php?id=create_a_custom_e-learning_video


ransomware tutorial videoRansomware Tutorial Video – Short Version – In this short video (~ 1 Min) we talk about the ransomware threats. Since the NotPetya and WannaCry attacks of 2017, this video is very popular!


Security Tipps Tutorial Video by LUCYSecurity Tips Tutorial – Short Version – In this short (~ 1 minute) security tutorial video we have put together a few security tips, which involve best practices and policies that promote security. The content (animation, language, script) is customizable.


Microsoft receipt tutorial from LUCY SecurityMicrosoft Receipt Mock Phish Attack Template – This is a file based only scenario without a landing page containing a Word file with macros. When the macro gets executed, the script will simply connect back to LUCY using the build in browser. No data is transmitted. You will have the ability to track, who executed the macro.


Avoid Phishing Attacks TutorialAvoid & Recognize Phishing Attacks (Remake 09/2017: Version 2.1) – In this static course we describe the different phishing types (MASS-SCALE PHISHING, SPEAR PHISHING, WHALING, VISHING, SMISHING, SOCIAL MEDIA PHISHING) and give the user practical tips. All content is 100 % customizable. Duration: 5-10 Minutes.

Security Awareness Videos, Tutorials, Trainings and Quizes from LUCY – everything is included!

By the way: If you want to translate the video into your local language, we do this for only 350 USD….

Inaugural LUCY User Group Congress and Cyber Prevention Summit 2017

Inaugural LUCY Connect Conference

LUCY at it-sa 2017 exhibitor

Meet LUCY and other true heroes from 10-12 October 2017 at the it-sa in Nuremberg

  • LUCY Security as an exhibitor and forum speaker at the second largest IT security exhibition in the world. Meet the founders, let the product show you live and convince yourself personally of the top solution.

Meet LUCY and other true heroes at it-sa in Nurembergit-sa is the number 1 in Europe for IT security. The increasing trend towards digitization and networking is placing ever higher requirements on data and systems security. In view of the increasing amount of areas open to attack, it-sa as the annual highlight is presenting sector-specific security solutions. With over 10,000 trade visitors and 489 exhibitors, it-sa is Europe’s largest expo for IT security. In 2017 the experts from LUCY will be present for the first time as well, and the high-profile supporting program completes the event in an wonderful way.

Live Demo! In the forum LUCY Security will perform a live demo: “Set up, execute and analyse a personalized Spear-Phishing Simulation with integrated malware.”

Hall 9-130: LUCY Security will exhibit in Hall 09-130. You can visit LUCY’s contribution to the Forum on 10.10.2017 at 4:30 pm.



MEET LUCY & TRUE HEROES on Europe’s biggest IT security stage! 10 – 12 October 2017 Nuremberg.

More documents:

floorplan it-sa 2017 with LUCY Security - Stand 09-130

Where to find LUCY at it-sa 2017: Hall 9 Stand 09-130

PITS 2017 - Public IT Security im Hotel Adlon Berlin 12/13. September 2017

LUCY at PITS 2017: “The best action against social engineering is own social engineering!”

Have you ever prepared and launched a phishing attack in 15 minutes? Vaccine your staff with realistic phishing simulations and active training against malware and ransomware! We show this at PITS 2017, organized by the mighty german “Behördenspiegel”.

On September 13th, 2017, we will show live at PITS – the Public IT Security Fair 2017 at Hotel Adlon – how to set up, implement, execute and monitor a web-based phishing campaign in LUCY for training purposes. Our LUCY founder, Oliver Münchow, shows how she:

  • Create a web based phishing scenario, using your own website as a template
  • Insert additional “layers” in the scenario, so that you can capture username and password
  • Configure and personalize the phishing mail messages
  • Start, run and monitor the campaign including the behaviour when a user is trapped. We show also how the data input is tracked and stored
  • Analyze the results of the phishing campaign

And all this within 15 minutes! Sign up below!

Exciting Security Tracks

In addition to the Keynotes there are many other, even more exciting speeches and forums:

  • LUCY: Awareness and strategies against social engineering
  • Cyber Threat Intelligence – Knowledge is power
  • Protection against cybercrime
  • Security of mobile devices
  • Cyber attacks and counter-measures
  • Digital forensics
  • Darknet: The Shadow World of the Internet
  • Advanced Persistent Threats (APT)
  • Protection of public infrastructures and networks
  • CERT’s and emergency concepts
  • Trusted Cloud
  • Management of access rights / criminal operating platforms
  •  Current situation on IT insecurity
  • Strategies against Ransomware
  • SAP Security – holistic protection against cyber threats for SAP applications

The Public IT Security Fair PITS 2017 will take place on 12/13. September 2017 at the Hotel Adlon in Berlin.

LUCY makes cyber prevention and simulated internet attacks affordable and available for everyone – It’s DIY IT Security Awareness & Training!

Bring IT Services

Bring IT Services is a new LUCY Partner in Turkey!

Turkey is heavily under attack by cyber criminals and an important market for LUCY.  That’s why we are delighted to announce a new partnership with Bring IT-Services. 

Bring IT Services TurkeyBRING IT Services‘ aim is bridging the Ingenuity Gap between Customers and Perfect IT Solutions. BRING IT Services offers solutions to Enterprises to overcome the challenges they have in Data Management and Information Security processes. “We help organizations to find the best ways to Manage and Secure their Data, wherever it resides. LUCY is a great additional way to achieve that!” says Bring owner Nebi Gurbanli.

…interested in becoming a Certified LUCY Partner? Apply here!

Lynx Technology Partners (USA) is a Certified LUCY Ecosystem Partner now!

The United States is the most advanced in cyber prevention and accounts for approximately 25% of LUCY sales. The US market represents the most important area for us as a Swiss cyber awareness product manufacturer. Having Lynx as such a renowned partner means for us a big step forward in the USA.

Our founder Oliver Münchow is really happy about the new partnership: “With LYNX, we have found a perfect partner. The team is highly qualified, confident and committed to LUCY and is straightforward, fast and efficient. The US and especially the east coast is the most important market for our company. That is why we have taken the time to find the right partner and are excited about this new collaboration. The Lynx team fits perfectly with LUCY.


Gina Mahin, CEO at Lynx Technology Partners says: “Our team of experts at Lynx has evaluated all the major tools available in this Lynx Technology Partnersmarket. We can honestly say that Lucy does it all. Compared to other phishing services, Lucy offers the same capabilities in a product and at a much more competitive price. In addition, Lucy provides the flexibility of being deployed and managed by the customer, or provided as a service, both can be onsite or in a cloud architectureWe are thrilled about this partnership and the opportunity Lucy provides to enhance our security solutions that solve the challenges of our customers!”


About Lynx Technology Partners: Lynx Technology Partners is the trusted Information Security and Risk Management Advisor that customers in highly-regulated industries worldwide depend on to improve security posture, facilitate compliance, reduce risk and refine operational efficiency. With world-class skills and knowledge capital built over 30 years, Lynx security experts help customers recognize and control IT-related risks and maintain compliance with major industry and government standards. Through consulting, security and risk assessments, penetration testing, managed security services and an award-winning GRC solution, Lynx supports many critical projects for security-conscious leaders in Financial Services, Federal, Energy, Healthcare, State Government and Higher Education. For more information, please visit LynxGRC.com.

CONTACT: Doug Yarabinetz | dyarabinetz (a t) lynxtp (do t) com


About LUCY Security: The LUCY Phishing Awareness Training Server is used to simulate social engineering attacks and it’s universally applicable from SMEs up to large enterprises. The product can be installed directly at the customer’s site, with a cloud variant equally being offered. The Swiss solution provides dozens of preconfigured phishing templates and training modules, which can be independently used, by the end user.

The “Phishing Incident Plugin” for Microsoft Outlook also gives the user the possibility to quickly alert an attack. In this case, the security team is relieved of their work, by the automated threat analysis. The product has over 3200 installations in more than 50 countries and has hundreds of paying customers in more than 20 countries. Certified Eco-System Partners in 9 countries offer additional value-added services based on LUCY Server. There is a free community edition, which is suitable for SMEs with up to 50 employees. The commercial versions start at 350 USD, while the unlimited editions are available as from 3’400 USD.

CONTACT: Palo Stacho, palo (a t) lucysecurity (do t) com

…interested in becoming a Certified LUCY Partner? Apply here!

Security Awareness Videos 07/2017

LUCY Customers get great new Security Awareness Videos for free – Content Update 07/2017

Great new Security Awareness videos for you! Anyone can use the videos, owners of a commercial LUCY license can use them in training campaigns in an unlimited way.

New Security Awareness Videos from LUCY 07/2017

The content was tested and improved by pilot customers. We can only recommend the videos! Don’t only run Mock Phish Campaigns with LUCY, but also educate your staff with LUCY!

Create educational campaigns in LUCY where you can customize the awareness content and use the video out of the box. If you want to run an completely individual training for higher success you can order a semi custom video based on one of our movies for a reasonable price. Here’s a brief overview of the new Security Awareness Videos.

Videos for all audiences and requiring a low skill level:

  • Email Security Video: In this (9 minutes) security awareness video we talk about email security risks.We have put together a few security tips, which involve best practices and policies. The content (animation, language, script) is customizable.
  • Password Security Video: In this (5 minutes) video the user is confronted with password security risks. We show best practices and policies how to decrease the risk. The content (animation, language, script) is customizable.
  • Physical Security Awareness Video: This is a 4.2 minutes) security awareness video about physical security risks. It contains also security tips and we show best practices and policies. The content (animation, language, script) is customizable.
  • Mixed Awareness Template IV: This short 5 minute version of a mixed template contains a trainings video and gives the user a few security tips.

A video and a quiz requiring a medium skill level:

  • Mixed Awareness Template III: This mixed INTERACTIVE template explains how to recognize a phishing mail. It also contains a phishing quiz and a video. The duration is approximatively 15-20 Minutes.


Security Awareness Videos from LUCY – everything is included!

By the way: If you want to translate the video into your local language, we do this for only 350 USD….