My Journey from Security Intelligence to Security Risk Management
Shaun McConnon | September 12, 2013 | tag:
The past few days have been amazing. First of all, the response to the launch of our first service - BitSight Partner SecurityRating - has been great. It is rewarding to see our hard work validated. Secondly, I can finally talk publicly about something that I have been excited about for over a year!
In my previous companies, we always talked about the problem of measuring risk and could never figure out how to do it in a data-driven, cost effective manner. At BitSight, we figured it out! Our evidence based, outside-in approach is truely changing how companies manage third party risk.
Nearly 18 months ago, David Aronoff from Flybridge asked me to meet two entrepreneurs he had invested in - Nagarjuna Venna and Stephen Boyer. David had hoped that I would agree to be an advisor. Well, a few meetings and several dinners later, I said no, I did not want to be an advisor. I wanted to invest in BitSight and be their CEO. David was quite astonished, as everyone thought I would retire after Q1 Labs. But, I just couldn’t sit this one out.
At BitSight, we have an incredible opportunity to make risk management more scientific (see my previous post about art versus science in security risk mangement) and enable risk managers to proactively engage with their partners to protect sensitive data.
I'm glad I can finally share our story with you all, and I hope that the BitSight Blog will stimulate conversation among security and risk practitioners. I look forward to lively debate and knowledge exchange on this topic.