Written by Ingrum Putz, Tugboat Logic Co Founder & CTO
Smaller enterprises don’t have CISOs or security teams...and they have very little time or resources to invest in security and privacy because they are focusing on building a business. Unfortunately, many of these companies learn quickly they need security and privacy policies and controls in place before a larger company will purchase from them.
This is why I decided to build a solution to help startups and small enterprises get secure, build trust with their stakeholders and automatically respond to RFPs and security questionnaires to close sales more quickly.
I have been extremely fortunate during my 20 years in the information security industry to have had the opportunity to work for companies that contributed significantly to the growth of the internet while protecting the people who have been using it. VeriSign (Symantec) with PKI and SSL, Voltage Security (HP) with IBE Encrypted Email, Agari with DMARC, NCC Group with Security Services, and Bugcrowd with Managed Bug Bounties. Each of these companies is the market-defining leader in their space and, unsurprisingly, their success has been because of the fantastic and brilliant people in these companies who I learned so much from and who I enjoyed working with every day.
In my software engineering and leadership roles at these companies, I was constantly given opportunities to wear lots of hats and work with the other functional groups to make sure that the engineering team was supporting their success. At VeriSign, I had opportunities to work with the operations, security and legal teams to build policies and procedures and implement controls to protect the cryptographic keys used to enable almost every secure transaction on the internet. With that experience, I was hooked. It became clear that policies, compliance and controls provided a common understanding between people and organizations about what is needed to better protect themselves, and each other, online.
While I was hired to build security products and teams for the companies that I worked at, I would take on the interim CISO role to:
Build security and privacy policies for the company and implement controls
Create awareness training programs for the employees
Manage RFP responses, security questionnaires, assessments and audits for the sales team.
This experience has shown me how little time and budget smaller enterprises have for security and privacy and how underserved these organizations are when it comes to affordable tools to help them get secure.
So I decided to build a solution to automate these three steps and co-found Tugboat Logic with the mission to make security and privacy accessible and a key business enabler for every organization.
Audacious Goal? Yes. Categorical Imperative? Absolutely!