Ted Gutierrez and Bill Lawrence, SecurityGate.io: “the little risks can start growing like weeds”
Cybercriminals have been exploiting the vulnerabilities of businesses for as long as one can remember. And with the switch to remote work, the attack surface has only increased.
Cyberspace is clogged with threats, such as ransomware or fraud. And encountering them can lead to major financial losses, reputational damage, and other consequences.
While regular users secure themselves using high-quality antivirus software on their devices, companies can make use of even more advanced tools, such as risk management services.
To learn more about such security solutions, we reached out to representatives of SecurityGate.io – a company that offers a risk management acceleration platform. Today’s guests are the CEO Ted Gutierrez and the CISO Bill Lawrence, who shared their experience and discussed the cyber environment with us.
Can you tell us about the story behind SecurityGate.io? What has the journey been like?
It’s been a great journey so far. It all started when I was at Shell as a third-party risk management auditor. I was traveling around the world with Excel files, and I recognized that Excel didn’t create a way for companies to improve long-term. My co-founder Cherise Esparza was at Enbridge, and then Noble Drilling, where she experienced the same. She was trying to do risk assessments regularly, and she didn’t have a good tool to use either. We put our heads together and believed that there was going to be an imbalance in the total number of assessments that were demanded around the globe and the number of people that knew how to do them. There was a mismatch there, and we filled that gap with SecurityGate.io.
As a tech company in Houston, we’ve been grateful for all the energy-specific, chemical-specific, and transportation-specific companies in this region that have sponsored some of the core features you see today. The Houston ecosystem for a tech startup has also been growing, and we’ve got great investors that have been able to see where the trend is going.
Can you introduce us to your risk management acceleration platform? What are the main issues it helps solve?
SecurityGate.io is a multi-tenant, multi-function Software-as-a-Service, and we automate many of the repeatable human activities involved with risk assessment. The average company that is doing a risk assessment has to write down all the questions based on a framework, either their own or a government-mandated one. These questions have to be translated to threats, risks, impacts, and status of controls. This can take months or weeks. Correlating the risks to a known standard takes roughly 20 to 40 hours for every single risk assessment you do. Once you do that, you have to translate it to a digestible report for somebody of the C-Suite level. SecurityGate.io does this instantaneously with the push of a button.
Our customers use the SecurityGate.io platform to drive efficiency to their risk management program, and they can re-allocate that time that they saved to fix problems on their project list. The platform also dashboards well. Pulling in non-technical leaders is important in the critical infrastructure sectors, and our tool enables security leaders to do that.
Since industrial companies are your main focus, what cybersecurity threats are the most prominent in this field?
We see cyber-physical systems, such as a chemical facility or power plant, with moving things within these facilities and vessels that relate to movement pressures. If altered by a cyberattack or breach, there’s an impact on safety, non-productive time, and the environment.
How has the pandemic altered the way people perceive cybersecurity?
There has been a spike in digital transformation since people haven’t been able to travel as much. With more of a remote workforce and an increase in cyber threats, people are concerned about their facilities more than they have been in the past. They are looking for a way to conduct assessments of facilities that haven’t been touched in a while.
Why do you think certain companies are not even aware of their own vulnerabilities?
You can always look at the people, processes, and tools in place. Often, the people haven’t been provided the level of training it takes to dig into an organization’s vulnerabilities, find and remediate them, even though the tools might be in place to see them. Adding more tools can hurt when one good and with well-trained experts can be very powerful.
What issues can an organization run into if it doesn’t have appropriate risk management platforms in place?
Big things can get overlooked, while little things can accumulate and grow like weeds. Risk needs active management and attention from leadership so that those who operate the platforms aren’t working in a vacuum.
In your opinion, what kind of threats are we going to see more of in the next few years?
Ransomware against non-critical infrastructure. For whatever reason, reportedly, the REvil group got stomped on by Russian security forces after the episode with Colonial Pipeline. This seems to have had a chilling effect on those groups who make their money off ransoms, at least the ones who hit the news with critical infrastructure. Triple extortion will continue – locking up data for money; threatening to expose data for money; and threatening to attack customers and expose their data for money.
What security solutions do you think everyone should have in place to combat these threats?
If organizations operate at all in the cloud, there are some very solid offerings out there that include security operation centers as a service (SOCaaS), vulnerability scanning, and tiered alerting systems. Threat Stack comes to mind.
What does the future hold for SecurityGate.io?
We are going to continue to grow with our awesome clients and investors. We are a Houston-based team, and we are going to continue delivering the needs that this market has. SecurityGate.io is growing at a considerable pace right now. It’s interesting to see the different partnerships that are either established or in flight. We’ve partnered with almost 100 companies, and they consist of integrators, consulting companies, and alliance technology companies. SecurityGate.io will have its product in more places, and we will be able to pull in more data throughout the next couple of years that is going to establish ourselves as a critical leader in the critical infrastructure space.