Engagement & Retention project | EXPLIoT Academy

Course Purchase

Number of Paid courses enrolled

Hands-on Labs

Engagement with interactive labs, challenges, and assignments

Certification

Completion of Security certification offered on the Platform

Enterprise Licenses

Team using EXLIoT Academy for organisation-wide training.

Age

20-40 Year Old

​30-50 Year Old

18-28 Year old

Demographics

Region: Primary - US, UK, Germany ; Secondary - India

Region: Primary - US, UK , Germany ; Secondary - India

Region: Primary - US, UK , Germany ; Secondary - India

Small security consulting firms, IoT security, Bug Bounties

Industries - Automative, industrial IoT, Manufacturing, Smart Devices.

Industries - Cybersecurity, Embedded Systems, IoT Development

Who are they

Pen-testers, Red Teamers, Bug Bounty Hunters, IoT Security Consultants.

Security Professional working in large enterprises & industrial IoT companies.

University students & fresh graduates in cybersecurity, IoT, and embedded systems

Security professionals who need advanced IoT hacking skills for client work & bug bounty programs

Teams responsible for IoT Security assessments, compliance, and vulnerability management.

Early-career professional transitioning into IoT Security

Why they need EXPLIoT Academy?

IoT security is a niche, high-paying field - learning these skills increase their earning potential.

Their companies design, manufacture, or deploy IoT devices, which are high-risk targets for cyber threats.

Practical IoT security training missing in university courses.

More companies demand IoT pentests, and they want to expand their consulting services.

Regulatory compliance (ISO 21434, NIST 800-183, EU, Cyber Resilience Act) requires their team to have IoT security expertise.

Hands-on experience helps them get internships or entry-level jobs.

Bug bounty programs are offering rewards for IoT vulher abilities —> learning these skills is financially valuable.

They need structured corporate training for their security engineers & analyst

Prepare them for future certification & professional growth.

Pain Point

​IoT Security training is hard to find —> most available courses are not hands-on

Compliance risk - struggle to meet IoT security compliance standards.

Theoretical university courses don’t provide hands-on hacking practice.

Lack of structured labs and real-world scenarios —-> needs interactive practice with real IoT vulnerabilities

Lack of in-house IoT security training - most security teams are general cybersecurity experts, not IoT-specific.

Lack of affordable IoT security courses for students.

Stiff competition in bug bounties & consulting —> need advanced skills to stand out

High cost of third-party security assessment - need to upskill internal teams to reduce dependency on external vendors.

Tough job market –> needs extra certification to stand out.

Behavior

Learns via practical, hands -on training ( HTB, TryHackMe, CTF challenges )

Learns via structured, corporate training programs

Consume free content first (youtube, free course) before buying paid content

Engages in online security communities ( Reddit IoT Security, Discord, Twitter/X)

Engages in IoT security conferences ( DEFCON, IoT Villages, Nullcon, Hardware.io)

Prefer structured certifications to add to resumes

Prefer self-paced, in-dept courses

Trends to follow compliance related cybersecurity content (LinkedIn, Industry Report)

Follow security professionals on Twitter/LinkedIn/youtube

Who takes the decision?

Decision makers - The individual learns

Decision Makers: CISO, Security Manger, Compliance Officer.

Decision maker - The Student or University

Decision blockers - High Pricing

Decision Blocker: Budget constraints, internal approval processes for training.

Decision Blocker - High pricing or lack of university endorsement

Frequency of Use?

Multiple courses per year ( Basis ups killing requirement )

Quarterly or Annual Team Training Cycles.

Low cost courses at the start, then upgrade to advanced training over time.

Hands-on labs used frequently for real-world hacking practices.

New team members need onboarding in IoT security training.

Uses training material for internships & job application.

Independent Cybersecurity Professional

Purchased only on course, but did not complete hands-on labs.

Purchased 1-2 courses, completed at least hands-on lab. Participate occasionally in Webinars. Moderate engagement, returns for specific learning needs.

Completed multiple courses (3+), consistently participates in hands-on labs, advanced training and actively purchase new courses.

Enterprise IoT Security & Compliance Teams

A single team member enrolled in a paid course did not complete the labs. No organisational adoption yet. Low participation in certifications.

A team of 2-5 security professionals actively using the platform. Some have completed hands-on labs & practical assignment. Purchased few training program.

A team of 2-5 security leaders and they keep getting licence for new member every year. High frequency of certification, hand-on labs and renewals. Likely to subscribe to enterprise training.

IoT Security Students & Early Professionals

Purchased one course, but did not engage in labs. Logs in infrequently.

Purchased at least one course completed a few labs. Occasionally engages certifications. May consider advanced courses but has inconsistent engagement.

Purchased multiple courses, completed advanced labs, Likely to pursue higher certification and advanced cybersecurity training.

Declining Curve

Partially Fits

Your retention curve declines significantly after the initial months but stabilizes later.

Flattering Curve

Partially Fits

The curve flattens at lower percentages (20-40%), indicating some long-term user retention.

Smile Curve

Does Not Fit

There is no evidence of churned users returning or an upward trend in your data.

Lack of Immediate Value

Users don’t experience an “aha” moment early enough, leading to disengagement.

Perceived High Price vs. Value

Some users (especially students) find the cost unjustified for their needs.

Completion Drop-Off

Users start courses but fail to complete due to lack of motivation or time constraints.

Lack of Career Progression Visibility

Users don’t clearly see how the course benefits their career advancement.

No Community or Hands-on Support

Users struggle with doubts and don’t receive timely guidance, leading to drop-off.

No Habit Formation

Learning is not integrated into their routine, leading to eventual disengagement.

Voluntary Churn

Users deliberately stop engaging due to dissatisfaction or external preferences.

- No clear career ROI after finishing some lessons.
- Found alternative (cheaper/free) learning options.
- Course content was too difficult or not engaging.

Involuntary Churn

Users churn due to uncontrollable or accidental reasons.

- Expired payment methods for subscriptions.
- Technical login/access issues.
- Email notifications going to spam (lack of engagement).

Low Course Completion Rates

Users who don’t complete even one module in the first 14 days are at high churn risk.

Automated progress nudges, milestone rewards, & gamification.

Low Engagement with Hands-On Labs

Users who avoid practical exercises tend to drop off earlier.

Encourage lab-based learning with personalized recommendations.

Unopened Emails & Notifications

Users not engaging with Academy’s communication likely don’t return.

Behavior-based reactivation campaigns.

No Community Interaction

Users who never ask questions or engage with peers are more likely to quit.

Promote discussion forums, peer mentoring & Q&A sessions.

Drop in Login Frequency

If a user doesn’t log in for 2+ weeks, they are at risk of churning.

Automated win-back campaigns, free trial extensions.

High Refund Requests / Subscription Cancellations

A direct signal of dissatisfaction or mismatch with expectations.

Feedback collection & offer alternative learning paths.

ICP 1: Independent Cybersecurity Professionals (Researchers & Consultants)

- Fast-Track Intro to IoT Exploitation (7-day challenge to reduce drop-off)
- Email nudges with real-world security case studies
- Hands-on demo of live IoT vulnerabilities

- Monthly deep-dive sessions on niche exploit research
- Personalized learning track based on research interests
- Invitations to exclusive cybersecurity roundtables

- Exclusive access to pre-release vulnerability research
- Beta testing for new EXPLIoT tools
- Recognition in cybersecurity research community

ICP 2: Enterprise IoT Security & Compliance Teams

- Guided compliance frameworks (IEC 62443, NIST)
- Weekly compliance risk assessments via email
- Live walkthroughs on securing enterprise IoT networks

- Team-based dashboards for progress tracking
- Quarterly compliance audits & security best practice reports
- CISO-level insights on enterprise security strategy

- Advanced simulations & threat modeling for enterprises
- Custom advisory sessions for team leaders
- Exclusive Masterclass on next-gen IoT threats

ICP 3: IoT Security Students (University Learners & Early Professionals)

- Structured beginner’s roadmap (reducing cognitive overload)
- Gamification: XP points, badges for course completion
- Bi-weekly career guidance & networking webinars

- Monthly CTF-style hacking competitions
- Peer mentorship & alumni connections
- LinkedIn-badged career certifications

- Internship/job placement assistance
- Invite to exclusive IoT security hackathons
- Public speaking & leadership opportunities in the community

Drop-off Risk

Low activation, unclear value perception

Learning fatigue, unclear career outcomes

Burnout, limited advanced material, need for professional edge

Intervention

- Automated “Aha” moment emails within 7 days
- In-app nudges to start hands-on labs
- Access to free beginner’s modules to increase engagement

- Personalized content recommendations (AI-driven learning track suggestions)
- Exclusive career-oriented content (certifications, CTF challenges)
- Community-driven retention: introduce mentorship circles

- Exclusive research access & high-level IoT exploit simulations
- Recognition in security community (hall of fame, exclusive badges)
- Direct job placement & CISO-led security think tanks

ICP 1: Independent Cybersecurity Professionals

Keeping up with new attack vectors and tools in IoT security

FOMO (Fear of Missing Out) – They don’t want to lag behind in expertise compared to peers

Exclusive Advanced Labs + Zero-Day Attack Simulations

ICP 2: Enterprise IoT Security & Compliance Teams

Need to ensure company-wide security compliance

Authority & Risk Aversion – They follow industry best practices and require proven methodologies

Compliance-Focused Training + Case Studies of Real Breaches

ICP 3: IoT Security Students

Need structured learning for career-building

Gamification & Social Proof – They are motivated by career progression, certifications, and peer recognition

Skill Badges + Hiring Partner Connections

ICP 1 - Casual

Low

Consumes free content but does not commit to paid courses

Convert casual browsers into active learners

“Get a free preview of our newest attack simulation before it’s public”

Free early access + community discussion invite

1-month teaser campaign

Signup-to-purchase conversion rate

ICP 1 - Core

Medium

Completes labs but lacks consistent engagement

Increase hands-on engagement

“Join the Hall of Fame: Compete in live offensive security challenges”

Leaderboard ranking with top participants winning EXPLIoT swag

Monthly challenge with rankings

Time spent in labs

ICP 2 - Core

High

Actively engaged but doesn’t recommend EXPLIoT to org

Drive enterprise adoption via internal champions

“Make your company EXPLIoT Certified: Exclusive team-based compliance workshop”

Free compliance audit tool for company leads

Quarterly live session

Attendance & follow-up sales

ICP 3 - Casual

Low

Struggles with self-paced learning

Encourage course progression

“Study with peers: Join our 21-day guided IoT security challenge”

Group-based challenge with accountability partners

Bi-weekly checkpoints

Lesson completion %

ICP 3 - Power

High

Already engaged, but no strong referral system

Increase certifications & referrals

“Your skills are in demand! Get certified and refer a friend to get a $50 discount”

Referral discounts for completed certifications

Every 6 months

Certification sign-ups & referral conversions

Email Campaigns

Early access to research & new labs

Compliance news & enterprise success stories

Study guides & job market insights

LinkedIn Retargeting

Invite to private industry discussions

Whitepapers & case studies

Internships & placement updates

Webinars & Live Q&As

“Deep-Dive: IoT Security Trends”

“How to Build Enterprise IoT Security Strategy”

“How to Kickstart a Career in IoT Security”

Discord / Community

Red team challenges & tool demos

Regulatory discussions

Mentor matching & peer study groups

Activation

Trial-to-paid conversion %

Increase enrollments

Retention

Avg. time spent on labs per week

Improve active engagement

Expansion

Course completion rates

Ensure long-term value retention

Advocacy

Referral program adoption

Increase organic growth

ICP 1: Independent Cybersecurity Professionals

Churned due to lack of advanced content beyond fundamentals

Churned due to lack of hands-on community discussions

Churned due to completion of available content, seeking industry networking

ICP 2: Enterprise IoT Security & Compliance Teams

Churned due to budget restrictions, unsure ROI

Churned due to low management buy-in or priority shifts

Churned due to no immediate regulatory need after initial training

ICP 3: IoT Security Students & Early Professionals

Churned due to overwhelming course structure, drop-off in learning habit

Churned due to no real-world projects or career alignment concerns

Churned due to lack of placement/certification integration

1

ICP 2: Enterprise IoT Security & Compliance Teams

Power Users

High ($1654/team bundle, recurring demand)

High (Regulatory training required, ongoing compliance needs)

Highest

2

ICP 1: Independent Cybersecurity Professionals

Power Users

High ($299 per course, advanced upskilling demand)

High (Seeks specialization, career advancement goals)

Highest

3

ICP 3: IoT Security Students & Early Professionals

Power Users

Medium-High ($299 per course, certification-driven engagement)

Medium-High (Placement-driven urgency, hands-on demand)

High

4

ICP 2: Enterprise IoT Security & Compliance Teams

Core Users

Medium-High ($1654 team bundle, lower urgency than Power Users)

Medium (Decision-maker dependency, budget approvals needed)

High

5

ICP 1: Independent Cybersecurity Professionals

Core Users

Medium ($299 per course, but inconsistent purchasing patterns)

Medium (May self-study alternatives, needs compelling offer)

Medium

6

ICP 3: IoT Security Students & Early Professionals

Core Users

Medium ($299 per course, price-sensitive segment)

Medium (Engagement drops after initial curiosity phase)

Medium

7

ICP 2: Enterprise IoT Security & Compliance Teams

Casual Users

Low ($99/month model possible, but decision-making slow)

Low (No strong urgency to return without external pressure)

Low

8

ICP 1: Independent Cybersecurity Professionals

Casual Users

Low ($99/month model fits, but high drop-off rate)

Low (Exploratory users, may not commit to return)

Low

9

ICP 3: IoT Security Students & Early Professionals

Casual Users

Low ($99/month, but easily distracted, high churn rate)

Very Low (Likely to switch to free alternatives)

Lowest