Stevens Institute of Technology modernizes security awareness and improves individual risk management with Dune Security

About Stevens Institute of Technology

Stevens Institute of Technology is one of the leading research and engineering universities in the United States. Focusing on innovation in AI, nanotech, and cybersecurity, Stevens operates in a high-stakes academic environment where both students and staff manage sensitive intellectual property and high-value research.

• Department-level and individual risk scoring introduced for the first time, enabling visibility into human-layer vulnerabilities and targeted remediation for high-risk users.
• All training and reporting now handled via Dune Security, eliminating admin burden and time-consuming biannual training calls.
• Ongoing partnerships underway for deeper integrations with Microsoft and Okta, supporting anomaly detection and over-permissioning analysis.

Challenge

Legacy training tools couldn’t keep up with modern threats or variations in an academic environment

As phishing campaigns become more targeted, AI-driven, and personalized, Stevens Institute of Technology found itself stuck inside a widening security gap. Their prior security awareness training (SAT) vendor wasn’t keeping pace with the modern threat landscape, leaving the university unprepared against advanced cyber threats. 

“We were seeing more focused attacks that referenced real contracts or department members with public data scraped from LinkedIn,” says Jeremy Livingston, Stevens' CISO. “The tools we were using weren’t built to handle that level of sophistication.”

Further compounding this issue, the training itself wasn’t tailored to Stevens’ industry. “We’re not a business, we’re a nonprofit university. Our ‘customers’ are our students,” he continues. “The materials didn’t address us in the right context, and the legacy platform wasn’t easily customizable to fix this.”

These limitations also impacted risk assessment. Their previous SAT vendor treated all users the same, ignoring the vastly different threat profiles across the institution. "We have high-profile researchers who constantly receive targeted attacks because of their work in nanotech and AI," Jeremy notes. "We had no way to align risk assessment with an individual's position or public profile."

And when it came time to run training, his team was stretched thin preparing for biannual Zoom calls that resulted in low participation, minimal engagement, and no real way to measure effectiveness. “When you're working with a small team, efficiency is everything,” Jeremy explains. “Writing our own scripts or customizing training in-house just wasn’t realistic.”

He knew incremental improvements wouldn’t be enough to spur Stevens' security transformation. "It was like the frog in a pot of slowly heating water," he recalls. "The temperature just kept rising until suddenly, we needed a radical change."

Jeremy’s team evaluated 6 security vendors in search of a modern solution that could outpace AI-powered threats and provide contextual, risk-based protection. Dune Security stood out for its individualized risk scoring, tailored content for higher education, and ability to quickly adapt to Stevens' specific needs.

/quote-2

Solution

Individualized risk scoring, contextualized training, and intuitive customization powered by Dune

Once Stevens selected Dune to replace its legacy SAT platform, implementation moved quickly, with premium, personalized support every step of the way.

"We had weekly meetings with a dedicated customer success engineer who made sure everything stayed on track," says Jeremy. "Integrating our identity management tools and security stack was quick and easy,” and within 11 weeks, the university had fully transitioned to the new system.

{{cta}}

Jeremy immediately noticed Dune’s rich customization capabilities — without the complexity that came with other SAT vendors. “It’s all on you to build modifications for other tools, but Dune tailored the content for us," says Jeremy. "They'd send it over, we'd approve it, and we were done." 

Dune worked directly with Jeremy’s team to configure a fully customized training system built specifically for Stevens and higher education, including:

• Language adapted specifically for students, faculty, and researchers
• Training content aligned to actual threats in academic settings (like GLBA compliance or research data leaks)
• Risk modeling tailored to user roles, public exposure, behavior, and access to sensitive data

And by leveraging AI to build out Stevens’ training modules, Dune did it all without pulling on Jeremy’s lean team — a striking improvement over their previous solution. With this foundation in place, Dune then helped Stevens address its most critical need: risk-based security. Rather than relying on broad click-through stats, the new system evaluates individual-level risk based on four key factors: actual behavior, training data, testing results, and role sensitivity. 

Now, a public-facing AI researcher automatically receives more scrutiny than a facilities staffer, users with access to financial systems receive more frequent testing, and high-risk users are flagged for follow-up. No manual triage required.

Critically, Stevens’ new security training system has become increasingly more powerful through strategic integrations. For example, Dune’s seamless connection with Workday makes training and risk scoring even more accurate by delivering real-time updates on user roles and org structure. Plus, the data flows in both directions — security training completions and current risk scores also surface inside Workday, so department heads gain visibility without added overhead.

And more integrations are already underway. Microsoft’s phishing report button will soon route to Dune for instant detection, and Okta is being brought online to identify login anomalies, access misuse, and over-permissioned accounts, all feeding into Dune’s risk engine.

These integrations create a comprehensive security awareness ecosystem that evolves with Stevens' needs. "Whatever we dream up, they seem to build it the next day," Jeremy notes. "It's very exciting."

/quote-3

Results

Stevens went from generic compliance to proactive risk management in a matter of weeks

Dune didn’t just help Stevens modernize training — it gave them a new lens for managing user risk altogether. Manual Zoom-based training sessions are gone, replaced by shorter, more relevant modules, while department and individual risk scores now provide unprecedented visibility. "With our legacy SAT tools, all we had were click rates with no context," Jeremy notes. "Now we know who's actually at risk and can act proactively."

These factors have led to better engagement across the board and even laid the groundwork for a cultural shift through gamification. "We're turning security into a friendly competition between departments to see which teams can maintain the safest scores," Jeremy explains. "Engagement is key — Dune has helped us find a way to make sure students and staff stay invested in the materials."

Today, Stevens has already gained a level of visibility and control that was previously impossible. The partnership continues to evolve, with Dune launching features at a pace that surprised even Stevens’ security team. A perfect example? Dune's newly overhauled UX/UI platform — demonstrating their commitment to continuous improvement.

/quote-4