What should market research firms know about security?

Market Research Firms and Cyber Security

You see, I have written multiple recognized books on the subject (including “The CISO Handbook”), provided hundreds of presentations, and built many security programs in both internal and consulting roles for organizations ranging from bootstrap start-ups to leading Fortune 500’s. Some of what I have written is used as courseware on information security in advanced education organizations around the world.

So far in my career, I have founded, funded, and sold multiple service and technology businesses. The most recent venture, Delphiis, was acquired in 2014 by a publically traded technology provider. Delphiis was a SAAS security start-up that automated and streamlined the performance of security risk assessments both internally and on the 3rd parties of its customers.

The process of growing Delphiis opened my eyes to the complex challenges you face to build your business when it comes to information security.

First, since Delphiis managed very sensitive data on behalf of its customers, which were often organizations with very well-known brands, it was constantly forced to undergo very stringent security reviews itself to demonstrate its emphasis on security. As a bootstrapped technology start-up, even with a full team of security experts that could navigate these security reviews and the implementation of the associated security safeguards they then mandated, was still very expensive, inefficient, and time-consuming. In a small business environment, none of these things are generally a good thing.

Second, the Delphiis technology performed assessments on thousands of companies that were for the most part in the exact same situation as Delphiis; small to medium sized businesses that managed sensitive data on behalf of their customers, many of which were often highly regulated organizations with recognizable brands. Unlike the outcome with Delphiis though, many of these organizations did not have many options for implementing a feasible solution that met these requirements in often budget constrained environments. As a result, many paid the price with lost business from their prospects and customers they craved the most.

These experiences led me to this new area of focus and passion: Helping small to medium sized businesses to make informed decisions about implementing the big business security programs they need in a feasible manner. CISOSHARE was born.

CISO stands for chief information security officer, which is the key role charged with supporting the business and senior management with making informed decisions about information security for any organization. Once decisions are made by management, this role is also charged with implementing the required security policies, processes and technical safeguards to then protect the business. All of these items together in security nomenclature is generally called an information security program.

Information security experts with 20+ years of combined experience in developing, implementing, and securing highly regulated organizations.