I was a Chief Information Security Officer. Not a virtual one. A human one.
My name is Chris Williams. I’m a founder and Managing Partner at Perpetually Geek.
My passion for information security grew out of necessity. Having worked at a document management firm where we began developing and hosting SaaS applications starting in the late ‘90s, we were considered cutting edge. We had strong executive vision and leadership, were attracting venture funding, building an impressive client book of top companies in the world, hiring top talent, and building our company for the future. All was right in the world.
At that time, we were building out our infrastructure, including our own private cloud, and architecting our data centers for resiliency as we expanded our geographic footprint. It was fun stuff. Oh, and I forgot, I was also responsible for our internal IT Helpdesk and helping support external clients. Again, all good stuff.
Things started to shift as customer security concerns started increasing. Companies were starting to check, question, and validate that their vendors were doing the right things when it came to security on the Internet. It was if the whole world turned paranoid overnight. Nowadays its common place to read about breaches, government back-doors, malware, ransomware, and the growing commoditization of hacking tools in your Twitter and LinkedIn news streams but back then, even the littlest breaches were breaking news. As they tend to, along came additional laws and regulations regarding data security and privacy practices in the US and abroad and as such, some companies began looking to store their data outside the US to limit legal ‘snooping’ by our government. Was this really happening?
We had to get ahead of this problem if we wanted to continue our success as a SaaS Provider.
A great thing about our leadership at my former company was they wanted their employees to be invested, to have skin in the game. Stock options did just that. (hence the ‘my’ in front of company) I felt an obligation to my co-workers and to my company to make sure I did my part to ensure we could continue our mission. I needed to ensure our SaaS infrastructure and applications were architected, managed, and supported with security in the forefront. So I hit the books, took classes, and began the process of becoming a practiced security leader. I began to earn and accumulate IT Security certifications and apply this knowledge and insight within our organization. At first the task was overwhelming but then I became obsessed; both personally and professionally. As a result, I became our organization’s designated Security Officer and authority for all Internet, infrastructure, legislation, and network security topics. A true Information Security Officer.
Companies, both our existing clients and our prospects, were getting smarter too. (maybe a little more paranoid in the process?) The sales cycle started becoming as much about an information security audit and the annual security reviews our clients began to serve us as it did about the sale of our SaaS solution. Our teams were spending significantly more time responding to security concerns than actual enhancements or product issues and I was spending as much time on sales calls and supporting our Account Management team as I was on my “core” responsibilities. Luckily, I had a great team and they were able to pick up additional responsibility. Looking back, we weren’t prepared for this shift in security requirements from a resource or knowledge perspective. Luckily, we had some amazing people and we’re able to handle most concerns, respond to audit requests, and complete client security assessments without exception. We were even able to monetize some of this work as it was such a resource drain. Clients were understanding and were accepting of being billed for some of the effort. I would love to be able to say we didn’t lose a sale or a client, but that simply wouldn’t be true.
Let’s jump ahead to 2015. Our firm was acquired by a much larger player in our same space. They were attracted to us because of our technology and our reputation. We wore this as a badge of honor. While bittersweet, it afforded me the greatest personal and professional opportunity. Shortly thereafter, I left the organization and was able to pour my passion into Perpetually Geek! We are obsessed with Information Security, Risk Management, and making things better. What we do helps eliminate the tremendous resource drain, both human and financial, that organizations can incur surrounding information security requirements and obligations. So check out our website, give us a call, subscribe to our newsletter and, if you can sympathize with my tale of growth, come geek out us! Cheers.