STOKES-
WATERS.
SPEAKER.
Amy Stokes-Waters is the CEO and founder of The Cyber Escape Room Co., the UK's leading experiential cyber security training company. She founded the business in 2023 on one conviction: compliance-based security awareness training doesn't change behaviour. Experience does.
With a background in sales and marketing, Amy brings a sharp commercial lens to a deeply technical space and a rare ability to make hard problems feel accessible, urgent and even entertaining. She holds a degree in English and French and a diploma in law, and has personally designed the majority of the company's escape rooms, simulations and interactive scenarios.
Brian Brackenborough, CISO, Channel 4
Amy speaks from real experience. She has watched thousands of people make security decisions under pressure, analysed what goes wrong and built the products to fix it. She doesn't do theory divorced from practice. She doesn't do corporate softness. And she doesn't do death by PowerPoint.
The data is unambiguous: annual compliance-based cyber security training produces no measurable change in employee behaviour. Amy unpacks why this is happening, from the neuroscience of how memory works under pressure to the structural design failures in most corporate programmes, and makes the case for a different approach entirely. Provocative, evidence-based and deeply practical.
96% of employees who took a risky security action knew it was risky at the time. That's not an awareness problem. That's a behaviour problem. Amy explores the science of decision-making under pressure, why people act against their own knowledge, and how security programmes need to be redesigned to close the gap between knowing the right thing and actually doing it.
A practical deep-dive into what makes immersive, experiential learning actually work. Amy draws on years of designing and running real experiences for enterprise organisations to explain the design principles that create durable behaviour change: pressure, consequence, emotional connection and repetition at scale. Built for L&D professionals and anyone responsible for designing how people learn.
Security culture is not a poster campaign or a phishing test. Amy explains what genuine security culture looks and feels like, how it's built through repeated meaningful experience rather than annual reminders, and how organisations can move from a compliance-theatre model to one that actually reduces risk. Designed for leaders making strategic decisions about how their organisations invest in security behaviour change.
A fully prepared, tailored keynote, typically 30 to 45 minutes, with Q&A. Content is adapted to your audience, sector and event theme. Written by Amy and delivered with energy, specificity and zero filler.
Amy is an experienced and direct panellist who brings clear opinions and real-world evidence to the table. She doesn't hedge. Available for moderated panels on human risk, learning design and security culture.
An informal but structured conversation with a host. Ideal for conference programmes, event openings or podcast-style formats. Great for going deeper into the thinking behind the company, the book or a specific topic.
A working session for practitioners, typically 60 to 90 minutes. Amy facilitates a group through a specific problem: how to design better learning experiences, how to make the business case for behaviour change, or how to measure what actually matters.
Amy is available to host and MC cyber and learning-focused events. She brings warmth, humour and genuine authority to keep an event moving and an audience engaged from first session to last.
Available for podcast interviews, video content and media features on cyber security, behaviour change, learning design and the future of security culture. See the book pack for subject matter specific to May I Have Your Attention Please?
TALK.
To book Amy for your event, conference or podcast, get in touch directly. Please include details about your event, audience and what you're looking for.