For the first 15 years of my career I was fortunate enough to have worked for some of the most trusted services organizations in the world, Fujitsu, BBC, CapGemini and Deloitte.
Verizon's 2012 data breach report, stated "84% of breaches reported were at companies with less than 100 people". This was a catalyst to start an SMB focused cybersecurity consultancy. 18 months later Brian Krebs announced the Target Breach!
So why, in 2015 was it so hard for us to sell consulting engagements? We were receiving calls from a number of SaaS CTOs who were receiving enterprise risk assessments as part of the sales cycle. Meanwhile clients like the Federal Reserve and Blackrock were working trying to better manage the assessment process. Bingo!!
What if we could simplify the compliance assessment?
With almost 20 years of compliance, audit, and risk consulting experience I shudder to think how many assessments I have created, edited, and completed. the sheer cost involved actually fills me with guilt, not because I profited but because of the lack of value that had been created. Most of these assessments were sent by the enterprise as checkbox exercises and didn't result in reducing risk, or, when responding required smaller, less mature companies, including startups to hire expensive consultants like me (sorry.. I do have a plan to adjust the karma points!) in order to close deals that were pivotal to their growth.
What if we could reduce the spreadsheet overhead?
I was constantly inundated by customers, who asked questions like, "Did you update the risk sheet?" "Do you have the correct assessment version?" "Can we upload the sheet to Google Docs for others to contribute?" "OMG, the customer has follow on questions" "What tasks is everyone doing?" "The last customer was a HIPAA shop, this one is an ISO shop, do we need another sheet?" "We're required to do a SOC2.. is that another sheet?" ... I had to stop that nightmare!
What if we could help smaller companies become compliant?
The advent of newer standards, e.g. NIST-CSF, and regulations, e.g. 23 nycrr 500, put more pressure on smaller companies, and their 3rd parties, to demonstrate compliance by becoming SOC2 certified or having an ISO 27001/2 security program that was expensive to get started and even more expensive to maintain. All this while requiring more spreadsheets, more task lists and more confusion as a result of more consulting dollars.
Businesses, both large and small, are so interconnected today that compliance risk is spread across the entire business communities. At one end the regulators can impose massive fines impacting stock price and at the other entire livelihoods are wiped out because of not closing a deal or raising money.. or worse still getting hit by ransomware.
So, JustProtect's mission is quite simple:
- Simplify the experience
- Make assessments meaningful
- Accelerate every B2B relationship!
Looking forward... I'm excited about the journey so far, the additions to the team and the value we're already providing to companies both large and small! Will you join us?